Vlan Mangment

Unanswered Question

Hello Experts!

i have to Design the following setup: 10 access-switch connected to the core(4507R)via L2 Trunk;the Network it is 100.4.0.0

Switch 1 on vlan 50

Switch 2 on vlan 51

Switch 3 on vlan 52

Switch 4 on vlan 53

Switch 5 on vlan 54

on the CORE:

INT vlan 50

IP address 100.4.50.2/24

INT vlan 51

IP address 100.4.51.2/24

INT vlan 52

IP address 100.4.52.2/24

& so one

the qestion is:what should be the mangment vlan for each switch

e.g:

sw1(Vlan50)

ip address 100.4.1.4

sw2(Vlan51)

ip address 100.4.1.5

sw3(Vlan53)

ip address 100.4.1.6

********************

CORE

ip address 100.4.1.2

Is this a good design or u suggest another address for Vlan Mang on each access switch

regards

ALI

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (6 ratings)
Loading.
Jon Marshall Mon, 04/02/2007 - 04:35

Hi Ali

There is nothing wrong with what you are proposing except that you need a separate vlan for your management ie.

You addressing for the switch management is fine

100.4.1.4

100.4.1.5

100.4.1.6

etc

but they need to be out of the same vlan. So allocate a new vlan number for the management vlan and use the IP addressing you are proposing.

Set the default gateway to be the SVI for the management vlan on your 4507 switch.

HTH

Jon

Amit Singh Mon, 04/02/2007 - 04:36

Ali,

Your design is correct and its Ok as per the guidelines. By-default vlan is the Managemnt vlan on l2 switches. Its is always advisable to use a different vlan other than Vlan1 as the managemnt vlan.

As you have used a different vlans on each switch as the management vlan, you should be fine with it. To have consistency on the manageing the switch IP's I would suggest you to have the same dedicated vlan for management across all your switch. Like using Vlan 51 and the same range if IP across all the L2 switches for managemnt. this will make you managing the switches easily across the network and easy to remember IP addresses.

If you are using a diffrent vlan on each switch as management vlan, make sure that your 4507 core switch is routing for all vlans. otherwise there will be connectivity issues in the network.

HTH,

-amit singh

Amit Singh Mon, 04/02/2007 - 04:49

Hi Ali,

Just use a dedicated vlan like Vlan 51 across all the switches as management vlan and assign an IP to all the switches. like

Core switch

Vlan 51 management IP: 100.4.51.1/24

Access Switch 1

Vlan 51 management IP: 100.4.51.2/24

Switch 2

Vlan 51 management IP: 100.4.51.3/24

Switch 3

Vlan 51 management IP: 100.4.51.4/24

The same way across on your all the switches.

-amit singh

ankbhasi Mon, 04/02/2007 - 04:40

Hi Ali,

What I see is that you have different vlans created on your access switch but subnet address is same across all which I don't think is a proper design. Another thing which I notice is that your l3 interfaces on your core are on dfferent subnet as what you have on your access which again is a wrong design.

Like you vlan 50 on core is 100.4.50.2/24 but you have configured vlan 50 on your access as ip address 100.4.1.4 which is wrong and the right design should be something likr 100.4.50.2/24 on your core and ip address 100.4.50.x/24 on your access siwtches for management.

Also I see on youe CORE you have same vlans 50 , 51 and 52 but with different subents which is fine.

I will recommed you to have same management vlan across all access switches and your core config is fine where you have l3 interfaces with different subnet.

You can keep 50 or whatever vlan you want for management on all your access switch but whatever vlan you decide for management vlan make sure the ip address which you assign on access switch should be in same subnet as you configure on core.

HTH

Ankur

ankbhasi Mon, 04/02/2007 - 04:50

Hi Ali,

Yes thats fine now. I will also recommed you to have your vlan 1 created on your core switch so that you can manage your access switches from anywhere across your network.

Also it is recommeded to keep the management vlan something other than vlan 1 but its just a recommended design and even if you have vlan 1 as management vlan you are good to go.

Regards,

Ankur

Amit Singh Mon, 04/02/2007 - 04:51

Hi Ali,

Vlan1 is mainly used for carrying the control traffic like DTP,CDP,VTP,STP traffic for your all the switches. It is always advisable to use a different management vlan other than Vlan1. You as I mentioned above in my post just use a different vlan like Vlan51 as the dedicated management vlan on your access/core switches.

-amit singh

ankbhasi Mon, 04/02/2007 - 05:04

Hi Ali,

Make sure you also create layer 3 interface for vlan 1 on your CORE also with same subnet ip address as on your access switch.

This will let you manage you access switches from any part of your lan network.

Regards,

Ankur

Actions

This Discussion