> On my Procurves, I have a management vlan. I have a star configuration > where all of my switches are connected directly to the core switch. > Since these connections are all tagged for the various VLANs running > throughout, I simply tag the management vlan to the same trunk, and > don't need to untag any ports on any switch for the management vlan.
We have remarkably a similar setup here. (ProCurve switches, star configuration) > vlan 1 > name "DEFAULT_VLAN" > untagged 50-52 > ip address dhcp-bootp > no untagged 1-49 > exit [SNIP] > Nothing is ever put into vlan 1, Wait... what? If nothing is plugged into vlan 1, why is it there? Also, it appears you have it configured to get a DHCP address... Is this by your design? > and vlan 101 is the management, and vlan 101 is also the primary vlan. So it's possible for your end users to reach the management interfaces on your switches? Isn't that a "Bad Thing" (TM)? (P.S. I'll ignore the confusion of your vlan 99 being named "vlan101"...) > Port 49 is the one that is connected to the core > switch. I normally reserve port 50 for the monitor/mirror/span port, > to be used as needed in troubleshooting. Having the dedicated Mirror port is a good idea. I'll think on that one. --Matt Ross Ephrata School District ----- Original Message ----- From: Kurt Buff [mailto:[email protected]] To: [email protected] Sent: Tue, 15 Oct 2013 12:18:34 -0800 Subject: Re: [NTSysADM] Dedicated Management port on switches? > On my Procurves, I have a management vlan. I have a star configuration > where all of my switches are connected directly to the core switch. > Since these connections are all tagged for the various VLANs running > throughout, I simply tag the management vlan to the same trunk, and > don't need to untag any ports on any switch for the management vlan. > > Instead, each switch gets an IP address for the management vlan. For > instance, a fragment of the config from one of my switches looks like > this: > > vlan 1 > name "DEFAULT_VLAN" > untagged 50-52 > ip address dhcp-bootp > no untagged 1-49 > exit > vlan 99 > name "vlan101" > ip address 192.168.101.2 255.255.255.0 > tagged 49 > exit > vlan 111 > name "vlan111" > untagged 2,4,6,8,10,12,14-32,34,36-38,40-46,48 > tagged 49 > exit > vlan 112 > name "vlan112" > untagged 7,9,35,39,47 > tagged 49 > exit > > Nothing is ever put into vlan 1, and vlan 101 is the management, and > vlan 101 is also the primary vlan. The switch has 48 port of 100mbit, > plus two 1g uplinks. Port 49 is the one that is connected to the core > switch. I normally reserve port 50 for the monitor/mirror/span port, > to be used as needed in troubleshooting. > > HTH, > > Kurt > > On Tue, Oct 15, 2013 at 10:53 AM, Matthew W. Ross > <[email protected]> wrote: > > Quick question, do you guys dedicate a port on your switches on the > management vlan? Or do you just use serial connections if you need such > local access? > > > > > > --Matt Ross > > Ephrata School District > > > > > > >
