IP on PORT??

[duster123]

Im Kinda new to cisco but when i do the show run command it shows my ports and at the bottom is says "no ip address". My question is why would i want to attach an IP address to a port when i already have a management address on vlan1?

 

[paulk29]

Well you'd put an IP address on a Port if you wanted to have a layer 3 connection to another Switch or Router.

Regards

Paul

Paul Kilcoyne B eng. CCNA

 

[chieftan]

You should not have a mangement address on VLAN 1 from a security perspective.

All switch ports are automatically assigned to VLAN1 when first initialised.

A new management VLAN should be created and the IP Assigned to that VLAN and then VLAN should be administratively shut down.

Routing can be enabled on a "whole" switch basis or a "port" basis, for layer 3 usability as paulk29 has written above.

 

[duster123]

So what you are saying is that I should not assign an management IP to Vlan1? Whats the common practice? If i created a new Vlan and then shut it down, how then could i telnet to the switch if the vlan is down?

 

[chieftan]

Okay, you need to set up a management VLAN (whatever number you want to give it - but it will have to be the same VLAN on all switches) and then assign your IP address to it.

I would normally create the VLAN (let's call it VLAN20) and assign a relevant IP address :- for example 192.168.20.xxx (see the relevance of the number 20).

Once this has been completed you can shutdown VLAN 1 and access the management VLAN still, but obviously you will have to ensure the route's are all correct for the new address range (unless you are using the same as the old VLAN1 address range).

There are a lot of systems out there that still have Management assigned to VLAN1 for whatever reason, but the general practice is that VLAN1 should not be used.
As all switch ports are automatically assigned to VLAN1 when no other configuration is in place you can imagine how dangerous this is, even across tagged .1q trunks (treated as native).