Question regarding a management VLAN. Should there be an IP address for every device you need to manage, or just enough addresses on the subnet for a few people to manage devices?
Asked
Active
Viewed 286 times
2 Answers
0
From Cisco Design Best Practices for VLAN:
A good security practice is to separate management and user data traffic. The management VLAN, which is VLAN 1 by default, should be changed to a separate, distinct VLAN. To communicate remotely with a Cisco switch for management purposes, the switch must have an IP address configured on the management VLAN. Users in other VLANs would not be able to establish remote access sessions to the switch unless they were routed into the management VLAN, providing an additional layer of security.
Nima Ghotbi
- 641
- 3
- 9
-1
Often, admin workstations with access to the management VLAN do not have a direct connection but they are routed by a firewall.
Zac67
- 2,761
- 1
- 10
- 21