管理 VLAN 网络
Management VLAN Networking
关于管理 VLAN 的问题。您需要管理的每台设备都应该有一个 IP 地址,还是子网上的地址足以供少数人管理设备?
来自Cisco Design Best Practices for VLAN:
A good security practice is to separate management and user data traffic. The management VLAN, which is VLAN 1 by default, should be changed to a separate, distinct VLAN. To communicate remotely with a Cisco switch for management purposes, the switch must have an IP address configured on the management VLAN. Users in other VLANs would not be able to establish remote access sessions to the switch unless they were routed into the management VLAN, providing an additional layer of security.
通常,可以访问管理 VLAN 的管理员工作站没有直接连接,而是通过防火墙进行路由。
关于管理 VLAN 的问题。您需要管理的每台设备都应该有一个 IP 地址,还是子网上的地址足以供少数人管理设备?
来自Cisco Design Best Practices for VLAN:
A good security practice is to separate management and user data traffic. The management VLAN, which is VLAN 1 by default, should be changed to a separate, distinct VLAN. To communicate remotely with a Cisco switch for management purposes, the switch must have an IP address configured on the management VLAN. Users in other VLANs would not be able to establish remote access sessions to the switch unless they were routed into the management VLAN, providing an additional layer of security.
通常,可以访问管理 VLAN 的管理员工作站没有直接连接,而是通过防火墙进行路由。