Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1044
Views
0
Helpful
3
Replies

How to give a switch an ip for management

dan_track
Level 1
Level 1

‎05-23-2007 09:59 PM - edited ‎03-05-2019 04:15 PM

Hi

I'm going to put a switch in our DMZ, so all it does is allow switching within the DMZ. It isn't going to have any direct links into the internal network. Now I've hit a snag in this plan.

Basically the DMZ has public ip addresses and are in VLAN 130,131,132. My question is if I create an interface for vlan 130 on the switch and then give it an ip address, its going to need a public ip address for me to be able to reach it from my internal vlan. BTW the dmz and internal zones are separated via a pix 515e firewall.

My question is if I give the vlan 130 interface a private ip e.g 192.168.2.1 will I still be able to reach it, if say I put a route on the firewall to say 192.168.2.0 lies in the interface which has vlan130?

I hope this describes the situation in a clear way. Any further question please just ask.

The switch is a 3560-G series switch.

Thanks in advance

Dan

Labels:
0 Helpful
3 Replies 3

Amit Singh
Cisco Employee
Cisco Employee

‎05-23-2007 10:10 PM

Dan,

You dont need a public IP on these switches to manage it from your internal vlans. You have to either use staic NAT from the inside interface to DMZ interface for 192.168.2.0 ip range or do a self static for the same IP range on Pix DMZ interface. You have to use ACL's and routes on PIX to allow the traffic from the DMZ to the inside vlans and you should be able to get an access to the switch.

HTH,Please rate if it does.

-amit singh

0 Helpful

dan_track
Level 1
Level 1
In response to Amit Singh

‎05-23-2007 11:53 PM

Hi

Thanks for your reply. It seems to have helped focus me. My internal vlan has the 10.0.0.0/8 range while the new ip's I want to use on the switch are 192.168.2.1 and 192.168.2.2 on vlan 130.

Any chance you could please give me an example of the static command I need to use?

Many Thanks

Dan

0 Helpful

Jon Marshall
Hall of Fame
Hall of Fame

‎05-23-2007 11:40 PM

Hi Dan It's a bit unclear what you mean by "Basically the DMZ has public ip addresses and are in VLAN 130,131,132"

Do you have 3 separate DMZ interfaces on your pix firewall \then.

Amit is right in that you don't need to use a public ip address. You could use a private address but you would need to add an interface on your pix in that same subnet range to be able to access it if that makes sense.

If you can't do this then yes you will need a public IP address on the switch interface.

HTH

Jon

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card