Management port on a c3560g

Unanswered Question
Aug 29th, 2007
User Badges:


I have a 3560G used as a router. This switch is routing packets between untrusted networks.

I can connect to it using one of its operational IPs. But I am wondering if there would be a way to define a kind of management (IP or physical) interface which could be used only for management purposes (snmp, telnet, syslog).

There is this kind of management interface on a alteon 2208 for example, or on some juniper netscreen firewall (ISG1000). This management interface would have a separate routing table from the operation one.

In other words, I would like to completely separate the operation from the management fir the switch.

I hope this is clear enough.


Best regards


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 3 (1 ratings)
Joe Clarke Wed, 08/29/2007 - 08:48
User Badges:
  • Cisco Employee,
  • Hall of Fame,

    Founding Member

For switches, we typically recommend you use a separate management VLAN for this purpose, and only put your designated management port or ports in this VLAN. In a sense, you now have physical ports that are isolated from the rest of the traffic flow on the device.

cvf-reg2cis Thu, 08/30/2007 - 01:49
User Badges:

It is a switch, but we use it as a router, with interface vlans. If I just configure a management vlan, and put my physical management port in this vlan, there may be routing between my operation network and my administration network, which is a security concern.

That's why I would like to forbid routing to and from this management interface vlan...

I hope this is clearer ?

Thanks a lot


This Discussion