Management VLAN Cisco Catalyst

Question

I have configured a couple of VLANs on a Cisco Catalyst switch with IOS, i will put all the ports that clients is connected to, into these VLANs. I want to configure the native VLAN [vlan 1] as management VLAN so i can use a telnet client to connect to the switch.

How can i block all but one specific IP-address to telnet into the switch? As i understand vlan 1 has many task regarding different protocols and i do not want to break that but only allow one specific IP-address to connect to the switch with a telnet client [actually the gateway ip address of the switch].

It's bad form to use VLAN 1 for anything but a parking vlan for unused ports. — Zypher, Apr 17 '10 at 18:01

score 3 · Answer 1 · answered Apr 17 '10 at 14:25

You can apply an ACL just to management access. For instance:

! replace x.x.x.x with the IP to permit
access-list 1 permit host x.x.x.x

! some switches range from 0 to 15 instead of 0 to 4, adjust as necessary
line vty 0 4
 access-class 1 in

This applies standard access list 1 to just inbound access on virtual terminals (which includes telnet and ssh access), irrespective of VLAN. You can use a more sophisticated access-list if needed. Chopper3 provided a good link for that.

score 2 · Answer 2 · answered Apr 17 '10 at 09:31

2

I'd suggest you use an ACL - they can be quite complex to setup but HERE is Cisco's guide on how to.

answered Apr 17 '10 at 09:31

Chopper3

100,240
9
106
238

Management VLAN Cisco Catalyst

2 Answers2