mgmt vlan question

Unanswered Question
Feb 10th, 2007

i'm trying to figure out the physical vs. logical layout of a managment vlan. currently all of my switches are not trunked (some only use a single vlan to uplink to other switches). if i want to start using a managment vlan for all swithces, including those that are not trunked, am i correct in assuming i need another phyical connection between ports assigned to the managment vlan (with another cable) or just set up trunking that inlcudes the mgmt vlan?

i guess what i'm getting at here is if trunks are required between all switches when a mgmt vlan other that vlan1 is needed on those switches.

any practical advice on setting up a mgmt vlan is appreciated!



I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Jon Marshall Sat, 02/10/2007 - 14:10

Hi Matt

As a start you probably don't want to use vlan 1 for management or for user data. Cisco recommend using a different vlan other than 1 for management of the switches. in addition you should not use a vlan that also has user ports in it.

One way to setup a management vlan is, as you say, to create trunks between each of your switches. Pick a vlan that will not be used for user data, we use vlan 2 at work, and allow this vlan as well as any user vlans that are needed on each of your trunk links.

Each switch will need an interface in vlan 2. Also the switches where you run your layer 3 SVI's for the user vlan, add an SVI for vlan 2 and use this as the default gateway on each of your switches.

Any queries etc. let me know



matt_heff Sat, 02/10/2007 - 15:19


Thanks! When you say each switch will need an interface in vlan 2, does this have to be a physical interface? What about the trunk port - isn't it considered a member of all vlans it allows and therefore assocaited with the vlan2 SVI?

Also, can you explain what you mean by adding the SVI for vlan 2 as the defualt gateway on each switch. What purpose does that serve?



Jon Marshall Sat, 02/10/2007 - 15:47


The interface on each switch will be an SVI. So each switch will have a vlan 2 interface with an IP address out of the vlan 2 interface. This vlan 2 interface on each switch allows you to manage the switch. On a layer 2 switch you can only have one vlan interface up as this interface is used purely for management.

On your layer 3 switch you will also have an SVI for vlan 2. The reason you set each switch to have this SVI's IP address as it's default gateway is so you can route to the management addresses of your switches. So if you are on a PC on a different vlan then you can telnet to the management address of one of your switches. Because your PC address is out of a different IP subnet than vlan 2 the switch needs to know how to route back. it uses it's default gateway which is the SVI for vlan 2 on your layer 3 switch.




This Discussion