|
Home > Archive > CCNP > April 2002 > VLAN1 Management Setup
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
VLAN1 Management Setup
|
|
| Peakey 2002-04-24, 6:51 pm |
| Would like to get people's thoughts on setting up the VLAN1 management VLAN. Any recommended guides i should be aware of?? Best practices??
As a basic example, i currently have 3 x 2948g's, each switch connected with redundant links to each other ("triangle" network). If i have 47 ports configured as VLAN 10 on each switch (this VLAN will be where all me clients are connected to), then have my 48th port on each switch configured as VLAN1, this 48th port (on each switch) could then be connected to a 4th switch (entire switch would be configured as VLAN1) where i would have my 'management console server' connected to, so i could then get telnet, snmp access etc to all my switches from this server.... I would also be achieving separation of my management VLAN and my 'client' connections VLAN (my main goal here)....
Is the above setup considered 'correct' or is there a better way of doing it? Do i really need to use the 4th switch (keeping in mind that if i didn't have the 4th switch and just plugged my management server into a VLAN1 port on one of the 3 switches i would then need to either setup trunking or plug more crossover cables in, to have telnet/snmp access to all 3 switches from my management server. This method also exposes me to the potential of a single point of failure if the switch my management server is connected to dies, i have no access to the other switches from my management server without physically changing my connection to one of the other switches. However, if i go with the 4th switch setup and the 4th switch fails, then i'm really 'up the creek without a paddle'.
Any pointers?? Links??
Thanks
Peakey | |
| bmunyati02 2002-04-25, 5:25 am |
| I don't really think you can continue avoiding using trunking if you engage in vlan definitions. Think of will happen you you add another vlan and another. You will need to give up switch ports from each to transport these new vlans. With trunking and DTP its simple.
In any case you have three switches with gigabit interfaces (I assume the g in 2948g means giga). So why not use trunking. You only need two or so comands in each switch, create a vtp domain and you are home and dry.
I prefer the option of trunking and 3 switches. If your master switch dies, sorry you just have to move to another. Remember that as a host, if the switch (as a whole) you are connected to dies, you are also dead. Unless, you put two NICs in your management station and physically connect to two of the switches via their vlan1 ports. In any case, your other clients directly connected to your failed switch will suffer the same fate until you relocate them or replace the switch.
Hope this helps. | |
| MadChef 2002-04-25, 6:41 am |
| I'm with bmunyati02 in that I think you're going to have to engage in trunking eventually, and I really don't think you should be worried about it.
When it comes to seperating out the vlans between client and management, I tend to take things a little further. I don't put an IP address on VLAN1 anywhere. Traffic on 4000s on VLAN 1 is process switched if you have any L3 on them, plus there is a vulnerability in dot1q that allows users to cross into vlan1. I make all my management interfaces vlan 2 and user interfaces start somewhere else. I just trunk vlan 2 everywhere and a very basic acl can keep unwanted traffic off of vlan 2 for managment.
So that's my thought, for what it's worth.
MadChef | |
| Peakey 2002-04-25, 5:49 pm |
| Thanks for the replies....!!!!
Trunking sounds the way to go.... I think i'd just be complicating things by throwing an extra switch in.
Regards
Peakey |
|
|
|
|