×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

switch management vlan and port ?

Answered Question
Aug 12th, 2012
User Badges:

Hello, I was wondering what standard procedure was with regards to switch management VLANs.


i.e. I have created an out-of-band vlan on a series of switches for the purpose of management.

I have spare interfaces on these switches. Do I go ahead now and assign ports to the management VLAN, or is it better practice to wait until you actually need to manage the switch and then assign a port to the management VLAN at that time ? Perhaps this is a better for security purposes ?


Is either way standard practice, or does it not really matter ?


Thanks.

Correct Answer by Reza Sharifi about 5 years 6 days ago

Hi,


There is no standard practice.  There are 2 ways to manage your devices, in band or out of band.

for in band, you create a vlan that has no physical port assign to it. You create an SVI for this vlan on each switch, give it an IP address and add the vlan to the trunk.

for out of band, you create a vlan and assign a physical port to it.  You give an IP address to that physical port and connect the physical port to a management switch.  Than connect the management switch to the rest of you network with proper routing configured.  Best practice is to configure your management network before you configure the rest of the network.  This way you can simply SSH or Telnet to the devices and not console.


HTH

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
Reza Sharifi Sun, 08/12/2012 - 15:17
User Badges:
  • Super Bronze, 10000 points or more
  • Cisco Designated VIP,

    2017 LAN

Hi,


There is no standard practice.  There are 2 ways to manage your devices, in band or out of band.

for in band, you create a vlan that has no physical port assign to it. You create an SVI for this vlan on each switch, give it an IP address and add the vlan to the trunk.

for out of band, you create a vlan and assign a physical port to it.  You give an IP address to that physical port and connect the physical port to a management switch.  Than connect the management switch to the rest of you network with proper routing configured.  Best practice is to configure your management network before you configure the rest of the network.  This way you can simply SSH or Telnet to the devices and not console.


HTH

Actions

This Discussion

Related Content