What has happened to the Internet I used to know and love? How is it I can send an off-topic email to an unmoderated list and not get one reply back? Not one flame? Not one person tell me that I'm evil incarnate for this misuse of this email list? I can only hope that my public humiliation is yet to come.
In case anyone cares I did find (most of) the off-topic answer to my off-topic question. From Cisco's "High Availability Campus Network Design-Routed Access Layer using EIGRP or OSPF" PDF on page 41 it has a whole section covering this. Basically separate management vlan is no longer needed. If you route in the access layer it says: "In the routed access design, it is no longer desirable to create a separate switch management VLAN, but rather to configure a dedicated loopback interface with a /32 network... The /32 network defined for the loopback interface should be a specific network included in the summarized distribution block route advertised to the network core." Thanks, Jim > -----Original Message----- > From: Mailing list for discussion of Firewall-1 > [mailto:[EMAIL PROTECTED] On Behalf > Of Jim Johnson > Sent: Monday, September 17, 2007 1:48 PM > To: [email protected] > Subject: [FW-1] HA Network Design and switch management IP addresses > > I know that this is off topic, but at least it's more on > topic than the > dozens of the "me too" emails requesting the latest CCSA/CCSE > study guides > that get blasted through the email list every few months. If > anyone knows > of a more appropriate forum for asking general network design > questions like > this I'm all ears. > > As everyone knows the best docs on designing a Highly > Available network > using ProCurve switches are available at > http://www.cisco.com/en/US/netsol/ns656/networking_solutions_p > rogram_home.ht > ml > > The one thing I haven't found yet is an example of exactly > what addresses > should be used for switch management. I've heard talk of > using a separate > management vlan. However, Cisco makes a really strong case > for maximizing > your layer 3 links and minimizing your layer 2 links. If you > do this you > obviously can't have one big management vlan covering your > entire campus. > So what addresses/networks/vlans do you use for managing your > switches? > > If you take the usual "layer 3 from distribution up" design, > it'd make sense > to me to use the layer 3 link IPs for management purposes. > But then what > about your layer 2 access switches? Do you create a tiny > subnet & vlan per > access layer switch solely for management purposes? Or do > you just use an > IP out of your normal data vlan for switch management? > Although not as good > from a security perspective, ACLs could help and it'd be a > lot simpler to > manage (and, IMHO, simplicity aids security). Is there > another way to do it > that I'm missing? > > And just to make things a little more complicated, on pages 17-19 of > "Designing a Campus Network for High Availability" it states > that you want > to summarize all the routes behind your distribution > switches. Based on > this info I assume that you'd also want your access layer > management IPs to > be summarized behind your distribution switches. I.e. you > can just use > arbitrary management IPs, they must be part of your well > thought out address > space design. > > TIA, > Jim > > ================================================= > To set vacation, Out-Of-Office, or away messages, > send an email to [EMAIL PROTECTED] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [EMAIL PROTECTED] > ================================================= > ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
