Sunday 30 June 2024

What is Cisco Management VLAN? How to configure VLAN management? | CCNA Security

What is a Management VLAN?

Management VLAN is a VLAN that is used for Managing and monitoring network devices like routers, switches, and other devices from a remote location by using protocols such as telnet, SSH, SNMP,syslog, etc. The purpose of the management VLAN is to configure designated the VLAN for configuration purposes. Cisco recommends not to use VLAN 1 and not to use any VLAN that carries user data traffic as management VLAN. Normally the Management VLAN is VLAN1, but you can use any VLAN as a management VLAN. Once you configure the Management VLAN for administration, the data plane traffic and management traffic will be isolated this reduces the interference, and also with this VLAN security will be enhanced for management traffic.

Let’s see the configuration for better understanding.

Topology:-

C2960-(config)#VLAN 100
C2960-(config-vlan)#name Account
C2960-(config-vlan)#exit

C2960-(config)#VLAN 200
C2960-(config-vlan)#name Sales
C2960-(config-vlan)#exit

C2960-(config)#VLAN 900
C2960-(config-vlan)#name Management
C2960-(config-vlan)#exit
C2960-(config)#end

C2960-#show vlan

VLAN Name Status Ports

---- -------------------------------- --------- -------------------------------

1 default active

100 Account active

200 Sales active

900 Management active

1002 fddi-default act/unsup

1003 token-ring-default act/unsup

1004 fddinet-default act/unsup

1005 trnet-default act/unsup

C2960-(config)#interface range ethernet 0/0-3 , ethernet 1/0-2

C2960-(config-if-range)#switchport

C2960-(config-if-range)#description VLAN-Account

C2960-(config-if-range)#switchport mode access

C2960-(config-if-range)#switchport access vlan 100

C2960-(config-if-range)#exit

C2960-(config)#interface range ethernet 1/3 , ethernet 2/0-3 , ethernet 3/0-1

C2960-(config-if-range)#switchport

C2960-(config-if-range)#description VLAN-Sales

C2960-(config-if-range)#switchport mode access

C2960-(config-if-range)#switchport access vlan 200

C2960-(config-if-range)#exit

C2960-(config)#interface range ethernet 3/2-3

C2960-(config-if-range)#switchport

C2960-(config-if-range)#description VLAN-Management

C2960-(config-if-range)#switchport access vlan 900

C2960-(config-if-range)#exit

C2960-(config)#interface vlan 900
C2960-(config-if)#ip address 192.168.2.1 255.255.255.0
C2960-(config-if)#no shutdown
C2960-(config-if)#exit

*Jun 29 10:57:14.970: %LINK-3-UPDOWN: Interface Vlan900, changed state to up

C2960-(config)#interface vlan 1

C2960-(config-if)#shutdown

C2960-(config-if)#exit

C2960-#show ip interface brief

Interface IP-Address OK? Method Status Protocol

Ethernet0/0 unassigned YES unset up up

Ethernet0/1 unassigned YES unset up up

Ethernet0/2 unassigned YES unset up up

Ethernet0/3 unassigned YES unset up up

Ethernet1/0 unassigned YES unset up up

Ethernet1/1 unassigned YES unset up up

Ethernet1/2 unassigned YES unset up up

Ethernet1/3 unassigned YES unset up up

Ethernet2/0 unassigned YES unset up up

Ethernet2/1 unassigned YES unset up up

Ethernet2/2 unassigned YES unset up up

Ethernet2/3 unassigned YES unset up up

Ethernet3/0 unassigned YES unset up up

Ethernet3/1 unassigned YES unset up up

Ethernet3/2 unassigned YES unset up up

Ethernet3/3 unassigned YES unset up up

Vlan1 unassigned YES unset administratively down down

Vlan900 192.168.2.1 YES manual up up

C2960-#ping 192.168.2.10
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.2.10, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/13/17 ms

C2960-(config)#username admin password admin

C2960-(config)#line vty 0 4
C2960-(config-line)#password admin
C2960-(config-line)#login
C2960-(config-line)#exit

C2960-(config)#enable secret admin
C2960-(config)#end

PC15#ping 192.168.2.1

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 192.168.2.1, timeout is 2 seconds:

.!!!!

Success rate is 80 percent (4/5), round-trip min/avg/max = 16/18/24 ms

PC15#telnet 192.168.2.1 /source-interface fastEthernet 0/0

Trying 192.168.2.1 ... Open

NTERNETWORKS.

User Access Verification

Password:

C2960->enable

Password:

C2960-#conf t

C2960-(config)#do show interface status

Port Name Status Vlan Duplex Speed Type

Et0/0 VLAN-account connected 100 auto auto unknown

Et0/1 VLAN-account connected 100 auto auto unknown

Et0/2 VLAN-account connected 100 auto auto unknown

Et0/3 VLAN-account connected 100 auto auto unknown

Et1/0 VLAN-account connected 100 auto auto unknown

Et1/1 VLAN-account connected 100 auto auto unknown

Et1/2 VLAN-account connected 100 auto auto unknown

Et1/3 VLAN-Sales connected 200 auto auto unknown

Et2/0 VLAN-Sales connected 200 auto auto unknown

Et2/1 VLAN-Sales connected 200 auto auto unknown

Et2/2 VLAN-Sales connected 200 auto auto unknown

Et2/3 VLAN-Sales connected 200 auto auto unknown

Et3/0 VLAN-Sales connected 200 auto auto unknown

Et3/1 VLAN-Sales connected 200 auto auto unknown

Et3/2 VLAN-Management connected 900 auto auto unknown

Et3/3 VLAN-Management connected 900 auto auto unknown

C2960-(config)#

C2960-#

[Connection to 192.168.2.1 closed by foreign host]

PC15#

C2960-#

*Jun 29 11:11:47.937: %SYS-5-CONFIG_I: Configured from console by vty0 (192.168. 2.10)

C2960-#

Internetworks

Pages

Sunday 30 June 2024

What is Cisco Management VLAN? How to configure VLAN management? | CCNA Security

What is a Management VLAN?

Topology:-

if you like this blog please visit our YouTube channel https://www.youtube.com/@internetworkss

No comments:

What is layer 3 etherchannel? How to configure layer 3 etherchannel?