Hello Maverick, You mentioned that isolating managment vlan from traffic vlans helps when there is a broadcast storm which will allow you to connect to your managment port since the management port is in a different vlan. I thought about this last night and need some clarification if my logic is correct.
First of all, for the managment purpose we assign IP address to SC0 virtual port and move this port to a management VLAN which we will assume is VLAN 10, then we create VLAN 10 on a router blade and also assign ip address to this router blade and point this ip address as a default gateway for the SC0 interface. If we think about it both SC0 and VLAN 10 are virtual, and in case of broadcast storm, my PC which is in VLAN 1 will have to go through VLAN 1 first to reach to VLAN 10 where I have my management port. Question is if VLAN 1 is already attacked with Broadcast storm then how I will reach to the managment VLAN. Regards, Ali -----Original Message----- From: maverick hurley To: [EMAIL PROTECTED] Sent: 3/22/02 1:07 PM Subject: RE: Catalyst 6509 [7:39192] absoultly it will help for security, The thing to remember is that your ports are default for native vlan1. You can specify a different vlan number for your management like vlan 5. But in case of trunking mishaps/issues and vlan pruning issues it is safer using vlan 1. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=39311&t=39192 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
