Solved

management vlan interface

Posted on 2013-11-28
6
460 Views
Last Modified: 2013-12-02
I'm looking at some instructions from Cisco's website and I'm confused about it. I thought that creating a vlan interface was only for management purposes? Can someone explain? So, does that mean that if I want to access the switch via IP then I need to create an interface with a vlan?

Also, in the example below the management vlan receives a subnet mask and the switch its self doesn't?

!-- Set the IP address and default gateway for VLAN1 for management purposes.

3512xl#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
3512xl(config)#int vlan 1
3512xl(config-if)#ip address 10.10.10.2 255.255.255.0
3512xl(config-if)#exit
3512xl(config)#ip default-gateway 10.10.10.1
3512xl(config)#end
0
Comment
Question by:tolinrome
6 Comments
 
LVL 18

Expert Comment

by:Akinsd
Comment Utility
Yes but that's just one of the purposes of vlans.

Every port on a switch belongs to VLAN 1 by default. You can then add multiple vlans as needed if you have multiple subnets.

This works by assigning switchports to VLAN you want them to belong to. Eg VLAN 1 - Sales department. VLAN 2 - Marketting, VLAN 3 - Guest network. VLAN 4 - Management VLAN etc

In short, vlans are used for the following purposes
- Management
- Isolation or Security
- Administration
0
 
LVL 12

Accepted Solution

by:
Infamus earned 250 total points
Comment Utility
The IP of VLAN interface also can be used as a default gateway of the devices that are belong to the same VLAN.
0
 
LVL 45

Assisted Solution

by:Craig Beck
Craig Beck earned 250 total points
Comment Utility
A traditional layer-2 switch usually has one SVI only.  This is used as the management interface.  That SVI is a virtual interface which is linked to a VLAN, so if you want the switch management interface to be on VLAN 100 you would have this:

vlan 100
!
interface vlan 1
 no ip address
!
interface vlan 100
 ip address 10.0.0.1 255.255.255.0
!


You don't need to have a default gateway on the switch unless you want to be able to reach the IP address of the switch from a different subnet.

Layer-3 switches do things a little bit differently.  Because Layer-3 switches have routing capabilities you can have more than one SVI configured with an IP address.  This means that the switch management GUI or CLI could be accessible via multiple IP addresses if the switch is being used as a router.
0
What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 
LVL 7

Author Comment

by:tolinrome
Comment Utility
ok, I understand what VLANS are. Its the IP on the vlan interface vs the default gateway IP of the switch. In the example I posted there is a IP for the default gateway of the switch and an IP for the VLAN interface.

So to clear things up. There can only be one vlan interface on a switch or network and that is used for management purposes of the network equipment on that subnet.

The switch has an IP address for the default gateway its self?

If I have 5 vlans on the switch then I would need 5 default gateways no?
0
 
LVL 45

Expert Comment

by:Craig Beck
Comment Utility
The switch has a default gateway for the same reason a PC has one... to send traffic (from itself, not from connected hosts) to different subnets other than the one it's management interface is on.

If you have a normal switch (layer2 only) you would not have an IP address on each VLAN.  You would only have an IP address on one VLAN.  You might have a default gateway address, but you don't have to if you don't want hosts on other subnets to be able to talk to the switch.
0
 
LVL 18

Expert Comment

by:Akinsd
Comment Utility
You can't have 5 default gateways on a switch perse but you can have multiple default routes if you have a layer 3 switch. Network devices use default gateways to automatically generate default routes. Network devices will only allow you to enter 1 default gateway.

Default gateway is a way to tell the device its main exit door when it tries to exit it's network.
0.0.0.0 0.0.0.0 10.10.10.1

You can assign multiple IP addresses for a switch but technically, a management vlan would be the vlan you would assign gateway for. Let me explain. If your management vlan 10.10.10.0 /24 and you have multiple addresses like 10.10.11.0 /24, 10.10.12.0 /24 etc you can assign the following IP addresses to the switch, 10.10.11.2 /24, 10.10.12.2 /24. The gateway you would assign in global mode therefore would be 10.10.10.1.

For a layer 2 switch, only 1 int vlan is active at a given time (1 SVI as craigbeck mentioned)and this should be your 10.10.10.0 /24 subnet.

For layer 3 switches, all int vlans can be active at the same time meaning you have the ability to communicate or telnet to the switch using any of the assigned address 10.10.10.2, 10.10.11.2 or 10.10.12.2 as long as you have a default gateway and a switchport assigned (generally but I won't go deeper into that to avoid confusion).

Going back to your original question. A management vlan is not written in stone. It is any vlan you choose to manage your devices with. You can change your management vlan on the fly as you wish.

Like I usually emphasise, breaking the terminology down in English terms usually creates clarity.
Management VLAN = Management Virtual Local Area Network = The Virtual Local Area Network that I choose to manage my devices with.

I hope this helps
0

Featured Post

Control application downtime with dependency maps

Visualize the interdependencies between application components better with Applications Manager's automated application discovery and dependency mapping feature. Resolve performance issues faster by quickly isolating problematic components.

Join & Write a Comment

Suggested Solutions

This tutorial will go through the steps required to write a script that will back up the configuration settings of a HP-ProCurve switch. You will need to get the following things to follow this tutorial: Telnet Scripting Tool e.g. TST10.exe …
When it comes to security, there are always trade-offs between security and convenience/ease of administration. This article examines some of the main pros and cons of using key authentication vs password authentication for hosting an SFTP server.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

8 Experts available now in Live!

Get 1:1 Help Now