You are 100% correct on the default route for SC0. The design you have is what I would recommend. The reason I would keep the management VLAN off of the uer VLAN is if you have a meltdown for some reason on the user VLAN you will still have connectivity between switches while you try to troubleshoot. I have seen this happen, the customer had to run between buildings and floors with a laptop to troubleshoot.
Dave "Ali, Abbas" wrote: > > Hello Folks, > > I need help understanding this logic. > > I have Catalyst 6509 switch with 4 Vlans. I have done configuration which > is recommended by Cisco. > > Here is the details. > > VLAN 2 Users: Subnet 10.0.2.0/24 > > VLAN 3 Servers Subnet 10.0.3.0/24 > > VLAN 4 PBX Application Subnet 10.0.4.0/24 > > VLAN 5 Management Vlan Subnet 10.0.5.0/24 > > Catalyst 6509 has dual IOS. The catalyst IOS for switch and Cisco IOS for > the router blade. I have assigned > IP address 10.0.5.2 to the SC0 interface and assigned IP address 10.0.5.1/24 > to VLAN 5 that I created in cisco IOS. By doing this I can telnet to both > from my PC which is in user vlan. > > I believe I will also have to do a default gateway command in SC0 interface > and gateway should be pointing to 10.0.5.1 (VLAN 5's IP address) in order > for me to telnet the catalyst IOS from different VLANS. Am I approaching > the correct path? Please advise. > > I am not using VLAN 1 as not recommended by Cisco. What disadvantage I > would have had if I would choose VLAN 1 for the management. > > I am also using a totally different subnet for the management per > guidelines, but I could have put SC0 in a VLAN 2 and could have used the IP > address from the user VLAN 2 and by doing that I would not have to create a > VLAN 5. Is there any real advantage for using a totally separate VLAN for > the management purpose. Some guidelines say that it is really secured by > using a different VLAN other than VLAN 1 or any other VLANS which are used > for Users, Servers etc. Can someone explain how? > > Regards, > > Ali -- David Madland Sr. Network Engineer CCIE# 2016 Qwest Communications Int. Inc. [EMAIL PROTECTED] 612-664-3367 "Emotion should reflect reason not guide it" Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=39214&t=39192 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
