Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1447
Views
0
Helpful
5
Replies

int vlan 1

Go to solution
sarahr202
Level 5
Level 5

‎07-26-2009 09:08 PM - edited ‎03-06-2019 06:57 AM

Hi everybody!

I have this question .

let say we have a distribution switch sw2 which is providing communication between two vlans, 1, and 2 which exist on access switch ,sw1.

Is it possible to use int vlan 1(1.1.1 on sw2 as management int to manage sw2 while at the same time hosts in vlan 1 are using 1.1.1.1(int vlan 1) as their default gateway ?

thanks a lot

Labels:
0 Helpful
3 Accepted Solutions

Accepted Solutions

Go to solution
Giuseppe Larosa
Hall of Fame
Hall of Fame

‎07-27-2009 01:17 AM

Hello Sarah,

generally speaking the answer is yes but it is not recommended.

First of all, because it could allow end users to try to access the switch management.

Second because any issue in client vlan could cause problems in accessing devices when it is very important to be able to access them to see what it is happening.

For example if a broadcast storm is happening on client vlan users are affected but if switch management ip address is in a different vlan it may be possible to access it.

Best practice is to use a separate ip subnet for network managements from client Vlans/ IP subnets

Security best practice suggests to do not use vlan1 (the default vlan) at all.

Hope to help

Giuseppe

View solution in original post

0 Helpful

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame
In response to sarahr202

‎07-27-2009 07:31 AM

Sarah

It depends on whether you are running L2 or L3 from the access-layer to the distribution layer.

If you are running L2 then often the access-layer switches are connected via trunks with multiple vlans going across them. Even if you limited the vlans to just one for user data you should really have a separate vlan for managing the switches as discussed already in this thread.

If you are running L3 from the access-layer then the switches will be L3 capable and then you only create the vlans you need on each switch. Management of the switch can be taken care of with a loopback interface so you do not need to worry about the management vlan.

But even with L3 it is common to have at least 2 vlans per switch, one for user data and one for VOIP.

Jon

View solution in original post

0 Helpful

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame
In response to sarahr202

‎07-27-2009 08:16 AM

Sarah

"Is it possible to configure loopback interface on L2 switch ?" - from memory no it isn't. The option is there ie. "int loopback 10" but the switch won't accept the command.

Note that this is for a L2 capable switch only. A L3 switch that is being used a L2 switch only will still allow you to create a loopback interface.

Jon

View solution in original post

0 Helpful
5 Replies 5

Go to solution
Giuseppe Larosa
Hall of Fame
Hall of Fame

‎07-27-2009 01:17 AM

Hello Sarah,

generally speaking the answer is yes but it is not recommended.

First of all, because it could allow end users to try to access the switch management.

Second because any issue in client vlan could cause problems in accessing devices when it is very important to be able to access them to see what it is happening.

For example if a broadcast storm is happening on client vlan users are affected but if switch management ip address is in a different vlan it may be possible to access it.

Best practice is to use a separate ip subnet for network managements from client Vlans/ IP subnets

Security best practice suggests to do not use vlan1 (the default vlan) at all.

Hope to help

Giuseppe

0 Helpful

Go to solution
sarahr202
Level 5
Level 5
In response to Giuseppe Larosa

‎07-27-2009 06:38 AM

Thanks Giuseppe.

just one more question if yo don't mind

Is it correct the best practice dictatates one vlan per access switch ?

0 Helpful

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame
In response to sarahr202

‎07-27-2009 07:31 AM

Sarah

It depends on whether you are running L2 or L3 from the access-layer to the distribution layer.

If you are running L2 then often the access-layer switches are connected via trunks with multiple vlans going across them. Even if you limited the vlans to just one for user data you should really have a separate vlan for managing the switches as discussed already in this thread.

If you are running L3 from the access-layer then the switches will be L3 capable and then you only create the vlans you need on each switch. Management of the switch can be taken care of with a loopback interface so you do not need to worry about the management vlan.

But even with L3 it is common to have at least 2 vlans per switch, one for user data and one for VOIP.

Jon

0 Helpful

Go to solution
sarahr202
Level 5
Level 5
In response to Jon Marshall

‎07-27-2009 08:08 AM

Hi Jon.

Is it possible to configure loopback interface on L2 switch ?

Thanks and have a nice day !

0 Helpful

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame
In response to sarahr202

‎07-27-2009 08:16 AM

Sarah

"Is it possible to configure loopback interface on L2 switch ?" - from memory no it isn't. The option is there ie. "int loopback 10" but the switch won't accept the command.

Note that this is for a L2 capable switch only. A L3 switch that is being used a L2 switch only will still allow you to create a loopback interface.

Jon

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card