I have this question .
let say we have a distribution switch sw2 which is providing communication between two vlans, 1, and 2 which exist on access switch ,sw1.
Is it possible to use int vlan 1(1.1.1 on sw2 as management int to manage sw2 while at the same time hosts in vlan 1 are using 220.127.116.11(int vlan 1) as their default gateway ?
thanks a lot
"Is it possible to configure loopback interface on L2 switch ?" - from memory no it isn't. The option is there ie. "int loopback 10" but the switch won't accept the command.
Note that this is for a L2 capable switch only. A L3 switch that is being used a L2 switch only will still allow you to create a loopback interface.
It depends on whether you are running L2 or L3 from the access-layer to the distribution layer.
If you are running L2 then often the access-layer switches are connected via trunks with multiple vlans going across them. Even if you limited the vlans to just one for user data you should really have a separate vlan for managing the switches as discussed already in this thread.
If you are running L3 from the access-layer then the switches will be L3 capable and then you only create the vlans you need on each switch. Management of the switch can be taken care of with a loopback interface so you do not need to worry about the management vlan.
But even with L3 it is common to have at least 2 vlans per switch, one for user data and one for VOIP.
generally speaking the answer is yes but it is not recommended.
First of all, because it could allow end users to try to access the switch management.
Second because any issue in client vlan could cause problems in accessing devices when it is very important to be able to access them to see what it is happening.
For example if a broadcast storm is happening on client vlan users are affected but if switch management ip address is in a different vlan it may be possible to access it.
Best practice is to use a separate ip subnet for network managements from client Vlans/ IP subnets
Security best practice suggests to do not use vlan1 (the default vlan) at all.
Hope to help