Re: Per Vlan Management IP@

badalam_nt · ‎02-02-2009

For an L2 switch is it possible to define one IP@ for each vlan used on that switch ?

And best practice is to use one single IP@ for management of an L2 switch or one IP@ per vlan ?

Tshi M · ‎02-02-2009

A layer 2 switch will typically have one IP address for management.

Regards,

Giuseppe Larosa · ‎02-02-2009

Hello,

a l2 switch can have only one management vlan.

I saw this on C2950 when you define a second SVI the first one is put in shudown.

if you enable the one disabled the second is shutted.

if the device is L3 capable but acts as a L2 switch it could have multiple SVIs but there is no need for this as Etienne noted

Hope to help

Giuseppe

badalam_nt · ‎02-02-2009

And is it recommended to always use vlan 1 for defining management IP@ ? Or better a separate dedicated vlan, which is not used for any other traffic except for remote connection to the switch?

Tshi M · ‎02-02-2009

I usually avoid to use VLAN1 and create a specific VLAN for management.

Regards,

badalam_nt · ‎02-02-2009

So to define one management IP@ per vlan is not recommended?

Giuseppe Larosa · ‎02-02-2009

Hello Badalam,

use only one different from Vlan 1 and different from vlans where end users connect.

The suggestion is that every campus should have a dedicated management vlan to reach all devices.

This is for telnet/ssh and snmp, syslog and so on.

using vlan1 is not recommended for security reasons.

Having a dedicated management vlan can help keep devices reachable while there are problems on user vlans

Hope to help

Giuseppe

glen.grant · ‎02-02-2009

Vlan1 is also used for control plane traffic such as cdp , vtp etcc so it is better not to run production traffic across vlan 1. It can be any other vlan.