Hello Flavio,

You are right. However, we are unable to access the management interface if we disconnect the OOB port. We would like to access the management interface without having to connect the OOB port.

Thanks.

You mean, if you configure a Lookback interface with an IP address and Mask, then, you are not able to reach it using SSH and/or HTTPS?  Or, if you create a "interface vlan", give it an IP address?  Even L2 switches are able to be managed using some IP address...even older switches.

Flavio,

I did not configure a lookback interface. Maybe I should, but don't know the procedure. I only have one ISP drop. I configured the switch IP. When I connect the ISP drop to OOB port then I can access the switch management through that IP. However, other ports lose connectivity to the Internet. When I connect the ISP drop to any other port then I other ports gain access to the Internet but lose access to management interface. So I ended up keeping the drop on one of the ports then running a cable from another port to OOB port to maintain access to management port while having Internet connectivity on all other ports. I need to remove the cable looping from one port to another on the switch and maintain accessibility to the management interface.

Hi,

If you don't want to use the OOB port, all you have to do is to create a vlan (management vlan) with an SVI and IP address and then add that vlan to the trunk port of the switch. This way you can use the SVI IP to reach the switch remotely. The switch also needs to have a default gateway or a default route installed.

HTH

Reza,

That's what I am looking for. Can you please list the steps on CLI? (Currently don't have HTTPS access to switch).

Hello,

the cli command is:

interface vlan

Check page 1199 (item 64.4) of the CLI guide linked below:

https://www.cisco.com/c/dam/en/us/td/docs/switches/lan/csbms/350xg/cli_guide/CLI_Switch_350.pdf

I followed the instructions on the CLI manual you pointed out and created a Management VLAN. I then tried to add an IP address as suggested by Reza. However, the command failed with the error "Duplicate IP subnet. Subnet ...... is in use by interface oob. I previously defined the IP/Mask using web interface, which I assume was assigned to port oob. I guess I have to delete that definition on oob so I can use it on the new interface. How can I do that on CLI?

I guess I have to delete that definition on oob so I can use it on the new interface. How can I do that on CLI?

That is correct. You most likely need to delete the IP from the OOB interface and then apply it to an SVI that will be used to manage the switch.

HTH

I deleted OOB public IP and assigned it to the interface with the ISP drop. Still not working. I noticed that the interface status is "Down" when I run show interfaces status:

10G-Combo-C        --       --       --       --      Down       --     --

I executed "no shutdown" for this interfaces several times, but that didn't fix it.

Hello,

I guess it is not really clear what you mean by 'ISP drop', and why you would want to assign a public IP adress to an OOB interface (unless of course you have a whole bunch of public IP addresses, and won't require NAT).

Either way, can you post a drawing or a photograph of your topology, showing how everything is connected ?

Hello George,

It's actually very simple layout. I have a switch and several devices, all need to be on public static IP's. I only have one internet connection, which I'm referring to as 'ISP drop', with an IP range say 60.61.62.2 to 60.61.62.62 and gateway 60.61.62.1. So I connect the ISP drop to port 6 of the switch and the devices to other ports, then I assign IP 60.61.62.22 to the switch. Now I can access all devices connected on the switch except the switch itself, that is 60.61.62.22.

Hello,

sorry for asking stupid questions: from WHERE are you trying to access the switch ? From the Internet, from another PC connected to the switch ?

Internet.