Solved: VLANs Properly

townofnewmarket · ‎12-08-2008

Hi All.

IPT network with 2801s and 3560s. My VAR setup VLAN6 for phone traffic, and VLAN9 for "mgt traffic". (VLAN1 is still active as the default so I imagine most of the Cisco info traffic is still moving about on VLAN1).

Anyways, I have some devices that I have to telnet into with a 6 addy, and others with a 9. All of the 2801s have a vlan6 but no 9. The 3560s have a vlan9 but no 6. You get the idea!

Trivial, but I always find myself typing in the wrong addy when I try to telnet to one of the boxes.

Should I give them all a vlan6 addy or all a vlan9 addy or both? How many use a separate vlan for "mgt traffic"?

Jon Marshall · ‎12-08-2008

"So I guess what I am asking is, should all my devices have a .9 addy like the one shown above? It does make my management tasks a little easier"

Yes if possible. As Collin notes it doesn't have to be a subinterface, it could be a loopback address on the router.

Just out of interest is there any reason why you are using subinterfaces on your 2811 and not L3 SVI interfaces on your 3560. You would get better performance inter-vlan routing on your 3560.

Jon

View solution in original post

Jon Marshall · ‎12-08-2008

Doug

Ideally you want your IPT traffic on it's own vlan but it sounds like some of the 2801 addresses are on vlan 6 ? - is this correct.

Vlan 6 should be strictly for IPT traffic and not for telnetting ie. management. Could you be more specific in what is in vlan 6 that you need to telnet to ?

Jon

townofnewmarket · ‎12-08-2008

From a 3560POE:

interface Vlan1

no ip address

!

interface Vlan9

ip address 192.168.9.235 255.255.255.0

From a 2801:

interface FastEthernet0/0.5

description Voice VLAN

encapsulation dot1Q 5

ip address 192.168.5.251 255.255.255.0

!

interface FastEthernet0/0.6

encapsulation dot1Q 6

ip address 192.168.6.248 255.255.255.0

!

interface FastEthernet0/0.9

description Mgmt VLAN

encapsulation dot1Q 9

ip address 192.168.9.251 255.255.255.0

So I guess what I am asking is, should all my devices have a .9 addy like the one shown above? It does make my management tasks a little easier!

Jon Marshall · ‎12-08-2008

"So I guess what I am asking is, should all my devices have a .9 addy like the one shown above? It does make my management tasks a little easier"

Yes if possible. As Collin notes it doesn't have to be a subinterface, it could be a loopback address on the router.

Just out of interest is there any reason why you are using subinterfaces on your 2811 and not L3 SVI interfaces on your 3560. You would get better performance inter-vlan routing on your 3560.

Jon

townofnewmarket · ‎12-08-2008

OK, it just kind of "clicked" with me about the loopback interface. Pretty slick.

I think only one of my 3560s is in L3 mode, the others are only doing L2 switching. So I am not sure of the answer to your question!

Thanks for the input Sir and Collin!

Collin Clark · ‎12-08-2008

Using a management vlan is very common and is a good idea. What I would do is leave the switch management in vlan 9 and instead of accessing the routers with the vlan 6 ip address, put a loopback on the routers that belongs in vlan 9 ip address space.

interface loopback 1

ip address 192.168.9.5 255.255.255.255

*Note the subnet mask.

Hope that helps.