Per Vlan Management IP@

Unanswered Question
Feb 2nd, 2009
User Badges:

For an L2 switch is it possible to define one IP@ for each vlan used on that switch ?


And best practice is to use one single IP@ for management of an L2 switch or one IP@ per vlan ?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 3.5 (2 ratings)
Loading.
Tshi M Mon, 02/02/2009 - 07:36
User Badges:
  • Silver, 250 points or more

A layer 2 switch will typically have one IP address for management.


Regards,

Giuseppe Larosa Mon, 02/02/2009 - 07:45
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

Hello,

a l2 switch can have only one management vlan.


I saw this on C2950 when you define a second SVI the first one is put in shudown.

if you enable the one disabled the second is shutted.


if the device is L3 capable but acts as a L2 switch it could have multiple SVIs but there is no need for this as Etienne noted


Hope to help

Giuseppe


badalam_nt Mon, 02/02/2009 - 07:50
User Badges:

And is it recommended to always use vlan 1 for defining management IP@ ? Or better a separate dedicated vlan, which is not used for any other traffic except for remote connection to the switch?

Tshi M Mon, 02/02/2009 - 07:55
User Badges:
  • Silver, 250 points or more

I usually avoid to use VLAN1 and create a specific VLAN for management.


Regards,

badalam_nt Mon, 02/02/2009 - 07:45
User Badges:

So to define one management IP@ per vlan is not recommended?

Giuseppe Larosa Mon, 02/02/2009 - 08:17
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

Hello Badalam,

use only one different from Vlan 1 and different from vlans where end users connect.


The suggestion is that every campus should have a dedicated management vlan to reach all devices.

This is for telnet/ssh and snmp, syslog and so on.


using vlan1 is not recommended for security reasons.


Having a dedicated management vlan can help keep devices reachable while there are problems on user vlans


Hope to help

Giuseppe


glen.grant Mon, 02/02/2009 - 09:12
User Badges:
  • Purple, 4500 points or more

Vlan1 is also used for control plane traffic such as cdp , vtp etcc so it is better not to run production traffic across vlan 1. It can be any other vlan.

Actions

This Discussion