i'm trying to figure out the physical vs. logical layout of a managment vlan. currently all of my switches are not trunked (some only use a single vlan to uplink to other switches). if i want to start using a managment vlan for all swithces, including those that are not trunked, am i correct in assuming i need another phyical connection between ports assigned to the managment vlan (with another cable) or just set up trunking that inlcudes the mgmt vlan?
i guess what i'm getting at here is if trunks are required between all switches when a mgmt vlan other that vlan1 is needed on those switches.
any practical advice on setting up a mgmt vlan is appreciated!
As a start you probably don't want to use vlan 1 for management or for user data. Cisco recommend using a different vlan other than 1 for management of the switches. in addition you should not use a vlan that also has user ports in it.
One way to setup a management vlan is, as you say, to create trunks between each of your switches. Pick a vlan that will not be used for user data, we use vlan 2 at work, and allow this vlan as well as any user vlans that are needed on each of your trunk links.
Each switch will need an interface in vlan 2. Also the switches where you run your layer 3 SVI's for the user vlan, add an SVI for vlan 2 and use this as the default gateway on each of your switches.
Thanks! When you say each switch will need an interface in vlan 2, does this have to be a physical interface? What about the trunk port - isn't it considered a member of all vlans it allows and therefore assocaited with the vlan2 SVI?
Also, can you explain what you mean by adding the SVI for vlan 2 as the defualt gateway on each switch. What purpose does that serve?
The interface on each switch will be an SVI. So each switch will have a vlan 2 interface with an IP address out of the vlan 2 interface. This vlan 2 interface on each switch allows you to manage the switch. On a layer 2 switch you can only have one vlan interface up as this interface is used purely for management.
On your layer 3 switch you will also have an SVI for vlan 2. The reason you set each switch to have this SVI's IP address as it's default gateway is so you can route to the management addresses of your switches. So if you are on a PC on a different vlan then you can telnet to the management address of one of your switches. Because your PC address is out of a different IP subnet than vlan 2 the switch needs to know how to route back. it uses it's default gateway which is the SVI for vlan 2 on your layer 3 switch.
Question We run asr9001 with XR 6.1.3, and we have a very long delay to
login w/ SSH 1 or 2 to the device compare to IOS device. After
investigation, the there is 1s delay between the client KEXDH_INIT and
the server (XR) KEXDH_REPLY. After debug ssh serv...
Introduction The purpose of this document is to demonstrate the Open
Shortest Path First (OSPF) behavior when the V-bit (Virtual-link bit) is
present in a non-backbone area. The V-bit is signaled in Type-1 LSA only
if the router is the endpoint of one or ...
Hi, I am seeing quite a few issues with patch install and wanted to
share my experience and workaround to this. Login to admin via CLI, then
access root with the “shell” command Issue “df –h” and you’ll probably
see the following directory full or nearly ...