As i move from having my management vlan on 1 to something else, i am also going to readdress some of my router inside interfaces. currently quite a few of my router ints are sitting on user vlans. i assume this should be changed, but what is the best practice? is it ok to put the inside ints of the router on the same vlan that the managment of switches is on? also is it ok to the do the same with the inside int of an asa??
Thanks for your reply. I am not quite as concerned about downtime as I am in making sure it gets done correctly. I do not want to take them off of a vlan that is not good and put them on another that is just as "not good"..if that makes sense!
It is good practice not to use mgmt vlan for user data. Mgmt vlan being the vlan used to manage the switch for telent to configure, troubleshoot, etc. , the premise is if the user vlan have virus, problem, etc. that is isolated in that vlan, the mgmt being in a separate vlan and no user data will not be affected and thus mgmt of the switch for t/s purpose is still intact. Hope that helps.
I understand this and I am changing it, but the question was is it ok for me to place my router inside interfaces on the same vlan as the mgmt vlan, with this not being a user vlan at all. are you saying that i should leave the router inside ints on the user vlan?
> is it ok to put the inside ints of the router on the same vlan that the managment of switches is on?
Ideally, I think management network should be a true Out-Of-Band network both physically and logically. so we are talking about separate switches and routers. In case of a network meltdown, you can still telnet to the router
But most of us probably don't have the resource to build a complete out-of-band network management network... ( i know i don't :P ) .. so the next thing that you can do, i think, is build a separate network managment vlan, throw all of your switch management in it, and route that vlan on your router with a ACL restricting who will have access to Netmgmt network.
Question We run asr9001 with XR 6.1.3, and we have a very long delay to
login w/ SSH 1 or 2 to the device compare to IOS device. After
investigation, the there is 1s delay between the client KEXDH_INIT and
the server (XR) KEXDH_REPLY. After debug ssh serv...
Introduction The purpose of this document is to demonstrate the Open
Shortest Path First (OSPF) behavior when the V-bit (Virtual-link bit) is
present in a non-backbone area. The V-bit is signaled in Type-1 LSA only
if the router is the endpoint of one or ...
Hi, I am seeing quite a few issues with patch install and wanted to
share my experience and workaround to this. Login to admin via CLI, then
access root with the “shell” command Issue “df –h” and you’ll probably
see the following directory full or nearly ...