After you install switches into a network, it is important that you are able to manage them remotely using IP-based management protocols, such as Telnet and Simple Network Management Protocol (SNMP). Cisco Catalyst switches include a virtual management interface, which can be configured with an IP address and can provide a remote administration and management interface into the switch. These management interfaces are referred to as in-band management interfaces because they are attached to and can be accessed from the data network.
Some Catalyst switches include an out-of-band management interface, which is simply a physical port allocated for management purposes only and is not connected to the switching backplane. This arrangement ensures that the data network is completely segregated from the management interface of each switch and the management network attached to the management interface, increasing the security of the network. For example, the Catalyst 4000 Supervisor 2 engine includes an Ethernet management interface called me0.
In a multi-VLAN environment, such as the topology shown in Figure 2-8, it is important to be able to place the management interface into the appropriate VLAN that uses the IP subnet addressing that your switch is configured to reside in. For example, in Figure 2-8, you can see that both Switch-A and Switch-B are configured with an IP address of 192.168.10.1.
Switch-A and Switch-B reside in separate topologies, so the fact that they use the same IP addressing does not matter. If they resided in the same network, you would need to ensure the IP addresses of each were unique.
VLAN 10 (Engineering VLAN) is configured with the IP subnet 192.168.10.0/24, which means that the management interface of each switch needs to reside in VLAN 10 to ensure communications with other devices on the network.
On CatOS, the virtual management interface is called sc0 and is configured via the set interface sc0 command:
set interface sc0 [vlan] [ip-address] [mask]
If you don't specify a VLAN, the management interface is assigned to VLAN 1. If you specify an IP address but don't specify a subnet mask, the appropriate Class A, B, or C subnet mask is assumed for the mask. Example 2-27 demonstrates configuring the management interface on Switch-A.
Example 2-81. Configuring the sc0 Management Interface on Switch-A
Switch-A> (config) set interface sc0 10 192.168.10.1 255.255.255.0 Interface sc0 vlan set, IP address and netmask set.
On Cisco IOS, a virtual management interface is created, which can then be configured with an IP address to enable management access to the switch. Cisco IOS can attach to any VLAN by creating a switched virtual interface (SVI), which is essentially a virtual interface that can be configured with IP and is attached to a particular VLAN (you learn more about these in Chapters 5, "Inter-VLAN Routing" and 6, "Layer 3 Switching"). You can create multiple SVIs ; however, only a single SVI can be active at any one time for management purposes.
The exception to this restriction is on Layer 3 switches, where any SVI or physical interface with an IP address can be used for management purposes.
It is important to note that by default an SVI for the default VLAN (VLAN 1) exists, which can be configured via the interface vlan 1 global configuration command. This interface is shut down by default, so you must explicitly enable the interface by using the no shutdown interface configuration mode command. You can then configure an IP address for the VLAN 1 SVI. If you wish to use an SVI for another VLAN, you must create a new SVI. To create an SVI, you simply use the interface global configuration command as follows:
Switch(config)# interface vlan vlan-id
When you create an SVI, the default state of the interface is shutdown, which means you must explicitly enable the interface.
On the Catalyst 2900XL/3500XL, if you use a management interface other than interface VLAN 1, you must designate the SVI as a management interface by using the management interface configuration command. Furthermore on IOS versions earlier than Release 12.0(5)XP, you cannot modify the management VLAN from VLAN 1.
After you have created the SVI, you need to configure an IP address on the interface, which then enables management access via the IP address configured. Example 2-28 demonstrates configuring a management interface on Switch-B and assigning the appropriate IP address.
Example 2-82. Configuring a Management Interface on Switch-B
Switch-B# configure terminal Enter configuration commands, one per line. End with CNTL/Z. Switch-B(config)# interface VLAN 10 Switch-B(config-if)# no shutdown Switch-B(config-if)# ip address 192.168.10.1 255.255.255.0
An SVI must have at least one device connected to a Layer 2 interface within the VLAN, otherwise the interface line protocol will be down.