Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Per Vlan Management IP@

For an L2 switch is it possible to define one IP@ for each vlan used on that switch ?

And best practice is to use one single IP@ for management of an L2 switch or one IP@ per vlan ?

7 REPLIES
Bronze

Re: Per Vlan Management IP@

A layer 2 switch will typically have one IP address for management.

Regards,

Hall of Fame Super Silver

Re: Per Vlan Management IP@

Hello,

a l2 switch can have only one management vlan.

I saw this on C2950 when you define a second SVI the first one is put in shudown.

if you enable the one disabled the second is shutted.

if the device is L3 capable but acts as a L2 switch it could have multiple SVIs but there is no need for this as Etienne noted

Hope to help

Giuseppe

New Member

Re: Per Vlan Management IP@

And is it recommended to always use vlan 1 for defining management IP@ ? Or better a separate dedicated vlan, which is not used for any other traffic except for remote connection to the switch?

Bronze

Re: Per Vlan Management IP@

I usually avoid to use VLAN1 and create a specific VLAN for management.

Regards,

New Member

Re: Per Vlan Management IP@

So to define one management IP@ per vlan is not recommended?

Hall of Fame Super Silver

Re: Per Vlan Management IP@

Hello Badalam,

use only one different from Vlan 1 and different from vlans where end users connect.

The suggestion is that every campus should have a dedicated management vlan to reach all devices.

This is for telnet/ssh and snmp, syslog and so on.

using vlan1 is not recommended for security reasons.

Having a dedicated management vlan can help keep devices reachable while there are problems on user vlans

Hope to help

Giuseppe

Purple

Re: Per Vlan Management IP@

Vlan1 is also used for control plane traffic such as cdp , vtp etcc so it is better not to run production traffic across vlan 1. It can be any other vlan.

166
Views
7
Helpful
7
Replies
CreatePlease login to create content