cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1129
Views
0
Helpful
7
Replies

Segregate Switch, but setup management port

dclarolh1
Level 1
Level 1

All my switches share a network that is their VLAN1 interface IP. I have some switches I am segregating for iSCSI SAN usage. I just want them to be able to plug into the network on one port for telnet management capability. What should the settings be on each side?

I can elaborate if necessary, just kind of throwing this out there, not sure what specifics would be needed atm.

I was thinking there should be another way without trunking a port over. That is my normal procedure. These are all 3560G's btw.

7 Replies 7

Jon Marshall
Hall of Fame
Hall of Fame

mundusrector wrote:

All my switches share a network that is their VLAN1 interface IP. I have some switches I am segregating for iSCSI SAN usage. I just want them to be able to plug into the network on one port for telnet management capability. What should the settings be on each side?

I can elaborate if necessary, just kind of throwing this out there, not sure what specifics would be needed atm.

I was thinking there should be another way without trunking a port over. That is my normal procedure. These are all 3560G's btw.

Yes, think you had better elaborate

When you say segregate the switches what exactly do you mean ie. they won't be connected to your other switches or not ?

When you say settings on either side what is "either side" ?

Jon

Well say our core, which is a 3560G normally trunks ports to other switches. In this case I want this switch to connect back to that core from one port, just for management capability. The rest of the switch will be on it's own segregated network that will be used for a iSCSI SAN.

I was thinking trunk the port but do not configure the VLAN's for the other ports or VTP for the switch. But is there a more simpler way.

I basically want the switch to just act as another host but be able to communicate with the 10.245.1.x subnet through that single port. That is my management VLAN.

mundusrector wrote:

Well say our core, which is a 3560G normally trunks ports to other switches. In this case I want this switch to connect back to that core from one port, just for management capability. The rest of the switch will be on it's own segregated network that will be used for a iSCSI SAN.

I was thinking trunk the port but do not configure the VLAN's for the other ports or VTP for the switch. But is there a more simpler way.

I basically want the switch to just act as another host but be able to communicate with the 10.245.1.x subnet through that single port. That is my management VLAN.

Just don't use a trunk as you don't need it. Create a new vlan for management of the iSCSI switches and remove this vlan from all normal trunks to non iSCSI switches.

Then simply create a L3 SVI for the new vlan on your core switches and assign the port on the core switch connecting to the iSCSI switch(es) into that vlan and create the same vlan + SVI on the iSCSI switches.

If you actually wanted further segregation on the core switch between the iSCSI vlan and the other vlans you could place your iSCSI vlan interface into it's own vrf. You could also use vrf's on the iSCSI switches if you wanted segregation but you would only need that if those switches were actually doing inter-vlan routing. If the only L3 vlan interface on the iSCSI switches was for management then there would be no need for vrfs.

Jon

Ok, so two things then. Probably a noob question but what is an SVI?

Also the management VLAN is just the default vlan1 on all switches, can I still use that instead of creating a new one?

mundusrector wrote:

Ok, so two things then. Probably a noob question but what is an SVI?

Also the management VLAN is just the default vlan1 on all switches, can I still use that instead of creating a new one?

SVI = Switched Virtual Interface ie. on a L3 switch when you create a L3 vlan interface for your L2 vlan eg.

vlan 10

ip address x.x.x.x

You can use vlan 1 but then you haven't really segrgated anything because all switches will have an interface on vlan 1 and your request was to segregate the iSCSI switches from the other switches.

Jon

So what if I trunked the switches each individually to the core. But I want them to communicate with each other without going through the core.

Keep in mind this is for a SAN so I half the ports from my iSCSI array will be on one switch and the other half on the other. So I need to make sure those two switches can fully communicate instead of going through the trunked interfaces.

mundusrector wrote:

So what if I trunked the switches each individually to the core. But I want them to communicate with each other without going through the core.

Keep in mind this is for a SAN so I half the ports from my iSCSI array will be on one switch and the other half on the other. So I need to make sure those two switches can fully communicate instead of going through the trunked interfaces.

If you want the switches to communicate with each other without going through the core then you need to interconnect the switches.

Why do you not want to go through the core ?

To avoid an STP mess, if you had to do that then i would connect the 2 switches together and run one uplink from each switch to the core which will still give you redudancy but not create a horrible mess of interconnects.

Edit - why do you need trunking. From the original post you said you wanted only one vlan to run back to the core ?

Jon

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: