Private vlan and Layer3 vlans for management of switches..

graham smart · ‎03-25-2015

Hi Guys,

Question..

I have a switch with private vlans enabled.

I want to be able to manage the switch remotely, So id like to create a L3 vlan like normal. However, how can I have this vlan in a isolated vlan like a physical interface would be?

I dont want the switch to be able to communicate with anything else on the isolated network via its L3 interface.

Any thoughts?

Thanks

L

-Graham
Please note: My comments are simply suggestions. I cannot be held liable for any loss of data, life or marbles due to following my instructions.

Got a website? Need some live chat software?

Sarbjit-2014 · ‎03-25-2015

Hi Graham,

The most secure thing to do is write an access-list and allow SSH for remote access via the I.P of your PC only.

Regards.

graham smart · ‎03-26-2015

Thanks, but this really isnt an ideal method here.

Is there really no way to have a leyer3 interface in an isolated vlan? ( just like a port would be? )

Thanks

-Graham
Please note: My comments are simply suggestions. I cannot be held liable for any loss of data, life or marbles due to following my instructions.

Got a website? Need some live chat software?

Jon Marshall · ‎03-26-2015

Graham

It's not entirely clear what you mean.

If you want the SVI to be entirely separate on the switch then you should be able to use a VRF depending on your switch model and feature set.

If you put the SVI into the VRF you cannot route to that SVI from any other SVIs on the switch or any other IP subnets on your network.

Which means the route for that vlan/IP subnet won't be in the routing tables of any of your other L3 devices so it depends on what you mean by managing it remotely.

Jon

Peter Koltl · ‎10-04-2015

You can find some ideas in this article of mine:

Management network topology and asymmetric routing