cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
414
Views
8
Helpful
5
Replies

VLANs Properly

townofnewmarket
Level 1
Level 1

Hi All.

IPT network with 2801s and 3560s. My VAR setup VLAN6 for phone traffic, and VLAN9 for "mgt traffic". (VLAN1 is still active as the default so I imagine most of the Cisco info traffic is still moving about on VLAN1).

Anyways, I have some devices that I have to telnet into with a 6 addy, and others with a 9. All of the 2801s have a vlan6 but no 9. The 3560s have a vlan9 but no 6. You get the idea!

Trivial, but I always find myself typing in the wrong addy when I try to telnet to one of the boxes.

Should I give them all a vlan6 addy or all a vlan9 addy or both? How many use a separate vlan for "mgt traffic"?

1 Accepted Solution

Accepted Solutions

"So I guess what I am asking is, should all my devices have a .9 addy like the one shown above? It does make my management tasks a little easier"

Yes if possible. As Collin notes it doesn't have to be a subinterface, it could be a loopback address on the router.

Just out of interest is there any reason why you are using subinterfaces on your 2811 and not L3 SVI interfaces on your 3560. You would get better performance inter-vlan routing on your 3560.

Jon

View solution in original post

5 Replies 5

Jon Marshall
Hall of Fame
Hall of Fame

Doug

Ideally you want your IPT traffic on it's own vlan but it sounds like some of the 2801 addresses are on vlan 6 ? - is this correct.

Vlan 6 should be strictly for IPT traffic and not for telnetting ie. management. Could you be more specific in what is in vlan 6 that you need to telnet to ?

Jon

From a 3560POE:

interface Vlan1

no ip address

!

interface Vlan9

ip address 192.168.9.235 255.255.255.0

From a 2801:

interface FastEthernet0/0.5

description Voice VLAN

encapsulation dot1Q 5

ip address 192.168.5.251 255.255.255.0

!

interface FastEthernet0/0.6

encapsulation dot1Q 6

ip address 192.168.6.248 255.255.255.0

!

interface FastEthernet0/0.9

description Mgmt VLAN

encapsulation dot1Q 9

ip address 192.168.9.251 255.255.255.0

So I guess what I am asking is, should all my devices have a .9 addy like the one shown above? It does make my management tasks a little easier!

"So I guess what I am asking is, should all my devices have a .9 addy like the one shown above? It does make my management tasks a little easier"

Yes if possible. As Collin notes it doesn't have to be a subinterface, it could be a loopback address on the router.

Just out of interest is there any reason why you are using subinterfaces on your 2811 and not L3 SVI interfaces on your 3560. You would get better performance inter-vlan routing on your 3560.

Jon

OK, it just kind of "clicked" with me about the loopback interface. Pretty slick.

I think only one of my 3560s is in L3 mode, the others are only doing L2 switching. So I am not sure of the answer to your question!

Thanks for the input Sir and Collin!

Collin Clark
VIP Alumni
VIP Alumni

Using a management vlan is very common and is a good idea. What I would do is leave the switch management in vlan 9 and instead of accessing the routers with the vlan 6 ip address, put a loopback on the routers that belongs in vlan 9 ip address space.

interface loopback 1

ip address 192.168.9.5 255.255.255.255

*Note the subnet mask.

Hope that helps.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: