A need some advise to back-up my theory. The topic is Management VLANs and routing.
Theory tells me to keep my users out of the management vlan. For this, I configured all my access switchports to NOT use the management vlan.
Attached to my switches I have two routers. Both routers use a dynamic routing protocol to exchange routing information.
On both routers one of the fast-ethernet sub-interfaces is used to connect to the management vlan. This works.
But, when a packet arrives on router 1, the router forwards the packet accross the management vlan to the other router (2) which again forwards the packet to its destination. But theory told me to keep users out of the management vlan! Adding security filters to the management interfaces of the routers interrupts routing. Should I declare these interfaces "passive" for the routing protocols? What is best practise? Where should security be applied? To all router management interfaces, everywhere (on all switches and routers)? What is best practise? Should the routers even have a management interface (I think yes, else I would not be able to connect to the switches)?
Can someone point me to some (network design) documentation on this topic, or share some best practises?
If your management segment is a seperate Subnet, the routers will not route any traffic to that subnet that isn't destined for it. I think you are confusing VLANs with Subnets. Based on what you said it sounds as if the connection between your routers is a VLAN trunk, which will NOT mingle traffic between VLANs. The only way a packets jumps from one VLAN to another is if it is routed there, and it will only be routed there if your router thinks it is destined for that segment.
This is actually a pretty cool feature, i didn't even know it existed until I was looking for a solution to advertise a subnet (prefix in BGP talk), only if a certain condition existed. This is exactly what conditional advertisements does
j ai une question j ai achete un routeur cisco 887VA-k9 , je le configuré avec la configuration ci- dessous
si je le lier avec mon pc portable sur l un de ses ports directement ça marche toute est bien ( la connexion internet + m...
Attached policy provides CLI access to the Cisco 4G router over text messaging. Two files are in the attached .tar file:
2. PDF with instructions on how to load and use the .tcl file.