Educause Security Discussion mailing list archives

Re: management vlan

From: "Julian Y. Koh" <kohster () NORTHWESTERN EDU>
Date: Mon, 2 Oct 2006 09:26:50 -0500

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

At 09:47 -0400 10/02/2006, Scott Adamson wrote:

i was wondering from a network/management/security standpoint if most
users create a management vlan and IP structure for their network
switches/routers?


You definitely want a separate management VLAN, and you should definitely
also use ACLs to restrict access to that VLAN from your management subnets
only.  Note that if you're a Cisco shop, Cisco specifically recommends
against using VLAN 1.  You might also want to look at possibly putting the
management interfaces into RFC1918 space as well.


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.6 (Build 6060)
Comment: <http://bt.ittns.northwestern.edu/julian/pgppubkey.html>

iQA/AwUBRSEhpw5UB5zJHgFjEQKcwACgsOJivQ8oEj5a6MHy0BmPPB6g+PQAoIjF
UZIZsXHrVWrmDOpp+iQvmpTi
=VsAu
-----END PGP SIGNATURE-----

--
Julian Y. Koh                         <mailto:kohster () northwestern edu>
Network Engineer                                   <phone:847-467-5780>
Telecommunications and Network Services         Northwestern University
PGP Public Key:<http://bt.ittns.northwestern.edu/julian/pgppubkey.html>

Current thread:

management vlan Scott Adamson (Oct 02)
- <Possible follow-ups>
- Re: management vlan Julian Y. Koh (Oct 02)
- Re: management vlan Graham Toal (Oct 02)
- Re: management vlan Russell Fulton (Oct 02)