[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

management vlan on 3560X

Posted on 2012-08-20
7
Medium Priority
?
808 Views
Last Modified: 2012-09-03
I am configuring a brand new 3560X and according to the manual http://www.cisco.com/en/US/docs/switches/lan/catalyst3750x_3560x/hardware/quick/guide/3750xgsg.html#wp49930, I am in the Express setup and Cisco recommends that I use vlan 1 as the management vlan. I only have vlan 10 for data and vlan 110 for voice. Should I assign another vlan like 300 for the management vlan? Will it affect anything? Thx
0
Comment
Question by:biggynet
  • 3
  • 2
  • 2
7 Comments
 
LVL 25

Accepted Solution

by:
Ken Boone earned 1000 total points
ID: 38311699
I typically use a management vlan for all of my infrastructure switches as well.  Its interesting that they recommend using vlan 1 because in so many documents over the years, they have stressed not to use vlan 1.  There are legitimate reasons for staying away from vlan 1, but in any case, yes you can use another vlan like 300 for the management vlan.  It will not affect anything.
0
 
LVL 6

Assisted Solution

by:Ricardo Martínez
Ricardo Martínez earned 1000 total points
ID: 38311882
The answer is a big yes, it's recommended to change the administration vlan to other than vlan 1 cause is the first vlan that some hackers will search for potential security holes, you can another one like the vlan 300 as you mention, it doesn't matter which you choose, this doesn't affect anything, just be sure to assign an ip address to that vlan before you loose the administration access in case you don't have physical access to the switch.
0
 

Author Comment

by:biggynet
ID: 38312101
Now let say I have my vlan 300 as my management vlan across my network which has 10 sites. Can I use one subnet for my management vlan for all of the site? Is it the best practice? Thanks
0
Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

 
LVL 6

Assisted Solution

by:Ricardo Martínez
Ricardo Martínez earned 1000 total points
ID: 38312183
Yes, you can use one subnet for the management and another yes for the best practice. Why? cause this is the way you can manage all your devices in a secure mode. That vlan doesn't need to be routeable with other vlans for security reasons or in any case, you have to secure the access to it, providing access only to the network administrators.
0
 
LVL 25

Assisted Solution

by:Ken Boone
Ken Boone earned 1000 total points
ID: 38312186
Well typically in that scenario there is a layer 3 backbone - so vlans won't span and IP address spaces won't span that.  In that case - I prefer to keep the vlans the same at every location.

i.e.  data vlan 10
       voice vlan 110
       mgmt  300

But each location has its own subnet  on those vlans.  
So site 1   data would be 10.1.10.0
     site 2 data would be 10.2.10.0
     site 3 data would be 10.3.10.0 etc..
0
 

Author Comment

by:biggynet
ID: 38312661
kenboonejr,

"But each location has its own subnet  on those vlans"
That is exactly that I was looking for. So if I understand correctly, all the sites can have the same vlans but different subnets. This will work because the connection facing the WAN will be layer 3. Thanks
0
 
LVL 25

Expert Comment

by:Ken Boone
ID: 38312687
That is correct.  What you are doing is building consistency at each location.
0

Featured Post

New Tabletop Appliances Blow Competitors Away!

WatchGuard’s new T15, T35 and T55 tabletop UTMs provide the highest-performing security inspection in their class, allowing users at small offices, home offices and distributed enterprises to experience blazing-fast Internet speeds without sacrificing enterprise-grade security.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

During and after that shift to cloud, one area that still poses a struggle for many organizations is what to do with their department file shares.
This article will show you step-by-step instructions to build your own NTP CentOS server.  The network diagram shows the best practice to setup the NTP server farm for redundancy.  This article also serves as your NTP server documentation.
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…

834 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question