problem with configuring management VLAN
Hello
my network is set up with the following VLANS
- vlan 1 for management ( telnet) , users and server
- vlan 4 for guests
- vlan 5 for voip traffic
i know that the vlan 1 is not recommended for management and data but changing it would probably impact our business
- however , i would like to manage my switches ( telnet ,ssh )with other vlan rather than vlan1 , the issue is that i want to have different ips to manage my swithces rathter than telneting it through the same ip used for data
- i would like to keep vlan 1 for data , since changing vlan 1 to another vlan and keeping the same ip address for data in the same subnet will require a downtime and at the same time will required some one to access the switch through console to do this changes , therefore i would like to manage my switches through another vlan ( lets say vlan 100 and give it a different ip address scheme rather than vlan1 )
- i would like to know if this is possible since vlan 1 will still be used for data and is still considered as the native vlan
- since i have 1 monitoring station for monitoring swithes , routes etc, will the port assigned to that station be in mgmt vlan and how would i see other neworks ( gateway router ) if that port is only assigned for mgmt vlan
- kindly guide me with the configuration for this scenario and what should be the default gateways for access switches and the core switch connected to router?
my network is set up with the following VLANS
- vlan 1 for management ( telnet) , users and server
- vlan 4 for guests
- vlan 5 for voip traffic
i know that the vlan 1 is not recommended for management and data but changing it would probably impact our business
- however , i would like to manage my switches ( telnet ,ssh )with other vlan rather than vlan1 , the issue is that i want to have different ips to manage my swithces rathter than telneting it through the same ip used for data
- i would like to keep vlan 1 for data , since changing vlan 1 to another vlan and keeping the same ip address for data in the same subnet will require a downtime and at the same time will required some one to access the switch through console to do this changes , therefore i would like to manage my switches through another vlan ( lets say vlan 100 and give it a different ip address scheme rather than vlan1 )
- i would like to know if this is possible since vlan 1 will still be used for data and is still considered as the native vlan
- since i have 1 monitoring station for monitoring swithes , routes etc, will the port assigned to that station be in mgmt vlan and how would i see other neworks ( gateway router ) if that port is only assigned for mgmt vlan
- kindly guide me with the configuration for this scenario and what should be the default gateways for access switches and the core switch connected to router?
ASKER
all access switches are cisco catalysts 3560 and the core switch is 4507 catalyst switch, vlans route to each other with intervlan routing , and the core switch default gateway is the data router, the default gateway of all access switches is the vlan 1 interface of core switch
- i telnet and ssh to these switches using vlan 1 which is also used for data
- the thing is that i cannot change the data vlan from vlan 1 to another vlan since this will have some impact on our business but i can create another vlan for managment since this will not have any impact on users except for my monitoring station
- i telnet and ssh to these switches using vlan 1 which is also used for data
- the thing is that i cannot change the data vlan from vlan 1 to another vlan since this will have some impact on our business but i can create another vlan for managment since this will not have any impact on users except for my monitoring station
If those switches are capable of doing it you could configure a loopback interface for your management IPs. That way management is up if any physical interface is up. Of course you have to have IP connectivity for that new addresses so it needs to be included in whatever routing you are using. I use /32 masks for addresses out of an otherwise unused private subnet.
ASKER
hello
howa about if i need to configure managemnt vlan ? do i need to shut the native vlan or leave vla 1 for data and create another vlan for management ?!
howa about if i need to configure managemnt vlan ? do i need to shut the native vlan or leave vla 1 for data and create another vlan for management ?!
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Typically you should be able to assign an ip address on the vlan interface of the switch. You shoul then be able to telnet or ssh to that IP address. You probably already have this setup on your existing vlans. Usually it will be the default gateway for each vlan (assuming that the switch is doing intervlan routing).
the core switch then will usually have its dfault gateway set to your internet router.
You may also need to check for any access lists on the vty lines that may be filtering management access.