I think Cisco generally recommends that your switch mgmt interface is on a different VLAN than your "regular" (read: end-user/server) devices. This helps isolate broadcast/multicast traffic so the switch CPU doesn't have to process it - especially critical in networks where there is a high percentage of broadcast/multicast traffic.
Additionally, there's a security component to this line of thinking; if you have an isolated subnet purely for switch management then you can restrict (at the router) who is allowed into that network; this is in addition to the various access controls you can employ on the individual switches. A word of caution though...I wouldn't recommend that you have a single mgmt VLAN that spanned your entire network unless you work in a really small shop - this breaks all sorts of "rules" in the Core-Distribution-Access religion and can be difficult to manage. Last note; I've seen a document (but can't place my fingers on it now) that recommended that you NOT use VLAN # 1 as your mgmt VLAN. Unfortunately it didn't elaborate as to why. HTH, Ben -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Michael Kelker Sent: Thursday, March 14, 2002 2:14 PM To: [EMAIL PROTECTED] Subject: Management VLANs? [7:38282] this isn't a direct CCNP cert question, but I was thinking of trying to make my network infrastructure easier to navigate. I was thinking of creating a VLAN on a certain IP scheme and have each piece of equipment have a virutal interface on it. Am I going about this the right way? How do some of you address this issue? Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=38296&t=38282 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
