Management Vlan?

Unanswered Question
Feb 14th, 2011

Good morning cisco community,

I have a question that may seem dumb to the engineers in this forum.  However, here it is...

I am setting up a 2960 switch to use two vlans I created, vlan 10 and vlan 100.

I originally set these up with ip addresses, it worked but I realized this was bad design since vlan 10 and vlan 100 default gateways are already set up on the router they go to.

Now there are no ip addresses on my switch, I am told to set up vlan 1 as management vlan and use that for telnet, however if vlan 1 is not assigned to an interface, and nothing is plugged into that interface, I cannot telnet.

Does this mean I have to dedicate a machine to each of my switches for management?  I'm about to buy 30 of these, do i need to allocate 30 machines to plug into vlan 1 for management?

Will loopback address achieve the same goal?  How do I set that up?


I have this problem too.
1 vote
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 2.7 (3 ratings)
cadet alain Mon, 02/14/2011 - 05:33


For an interface VLAN ( or SVI) to be up/up, you need 3 things:

1) the VLAN must exist in the vlan database which is the case as it is the default vlan

2) it must be active on one port,whether access port or trunk

3) that port  must be in the stp forwarding state

So you can get rid of your interface vlan for 10 and 100 and give an ip address to interface vlan1

and don't forget the ip default-gateway if you want to manage the switch from another subnet.



Peter Paluch Mon, 02/14/2011 - 05:36


You do not need to have a separate machine for managing a switch - certainly not. If you assign an IP address to your interface Vlan 1 it can be reachable from VLAN1 either via an access port, or via a trunk port. So the management station can be anywhere, as long as it can reach the VLAN1 in your network, and thus reach your switches and their IP management interfaces.

For example, you would configure your switch as follows:

username admin privilege 15 secret 4dm1n


interface Vlan1

ip address

no shutdown


ip default-gateway


interface Gi0/1

switchport mode trunk


line vty 0 15

login local

logging synchronous

This configuration assumes that the Gi0/1 is a trunk port which connects this switch either to a router or to another switch in your topology. This switch will be reachable under IP address and it will use the default gateway to reach IP stations in other subnets. So if there is a management stations somewhere outside in the network, all it needs is to have simply an IP connectivity with the IP network which is not about switching but rather about routing between VLANs.

I strongly advise against using the VLAN1 for management purposes. It is the best option to leave the VLAN1 totally unused - both for user and for management traffic - and instead define a separate VLAN for management, say, 999. For security purposes, it is not advisable to use the VLAN1 for any traffic. The VLAN1 performs many operations between Catalyst switches and should be best left alone for their internal use.

Best regards,


Latchum Naidu Mon, 02/14/2011 - 05:48


By default, VLAN 1 is the management VLAN. Ensure that there are no redundant links for the management VLAN.

On any lesser switches, such as the 2900 series, the management vlan is where the switch's ip address is configured, and where you can access the switch via telnet or http.

The default management vlan is vlan 1, and in order to assign a different management vlan, you need to shut vlan 1, and then you can no shut a different vlan for management purposes - you can only have 1 active management vlan on these switches.

This is different from the 3550 and 3560 switches where you can have multiple vlan interfaces active at the same time.

Hope this clear you.

Please rate the helpfull posts.



This Discussion

Related Content