Jan 9th, 2009

What is the easiest way of putting an IP on my 4948s so that I can manage them over the network remotely. Here's my setup:

Switch A - 6509, vtp server, contains all vlan interfaces for all vlans.

Switch B - 4948, vtp client, trunked to switch A and Switch C, no configured vlan interfaces (with the exception of the default vlan 1 with no ip address)

Switch C - Cisco 4948, vtp client, trunked to switch A and B, same config as switch B.

I can easily manage my 6509 because all of my vlan interfaces are there and I can just telnet to one of them. Should I create a vlan interface on Switch B and C to do the same?

Jon Marshall Fri, 01/09/2009 - 12:23


"Should I create a vlan interface on Switch B and C to do the same?"

Yes. Cisco recommendation is to use a dedicated vlan for managing devices ie. not vlan 1, not the native vlan and not any vlan that is used for servers/clients.

1) Create a vlan for management on the 6500.

2) Create a Layer 3 SVI interface on the 6500 for this vlan.

2) Create a L3 SVI for this vlan on each 4948 switch and then set the ip default-gateway on each 4948 switch to be the ip address on the 6500 L3 SVI of the management vlan.


rjrii Fri, 01/09/2009 - 14:22

Ok, so I created vlan 92 on my 6500 and created vlan interface 92 on the 6500 as well with an IP of

I then created vlan interface 92 on each 4948 switch giving switch b the ip and switch c the ip I then set the ip default-gateway on both switch b and c to The results were:

- All switches can see one another

- The rest of my network can see on the 6500 but cannot see or 92.250.

- I can use as my point of entry for access to switch b and c - but is this the expected result or should the rest of my devices on the network be able to see the IPs setup on switches B and C as well?

Jon Marshall Fri, 01/09/2009 - 14:40

No, the rest of your network should be able to see this network as well.

Are you advertising into your routing protocol so remote networks know how to get to it ?


rjrii Fri, 01/09/2009 - 14:48

well, my 6509 performs the route advertisment and if I do a show ip route, it defintely shows the network being advertised to the rest of the network. (see below)

SwitchA-6509#sh ip route

Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP

i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

ia - IS-IS inter area, * - candidate default, U - per-user static route

o - ODR, P - periodic downloaded static route

Gateway of last resort is to network

C is directly connected, Vlan25

C is directly connected, Vlan24

C is directly connected, Vlan92

C is directly connected, Vlan26

C is directly connected, Vlan21

S [1/0] via

C is directly connected, Vlan23

C is directly connected, Vlan22

S* [1/0] via

Jon Marshall Fri, 01/09/2009 - 14:54

Okay, so are all the remote networks connected to the 6500 switch ?

Can you

1) post output of "sh ip route" off one of the 4948 switches

2) From a remote address can you traceoute to and 251 ?

What is the IP address you are using to try and connect from ?



