Similar to OOB, in-band may be used for administrative management, such as SSH, Telnet, and TFTP, as well as SNMP management, monitoring, and system logging. In-band management can also take advantage of security provided by ACLs. One or more ports on a switch may be enabled for in-band management. A minimum of one port is necessary for the switch itself to be managed through the in-band network. Optionally, additional ports on the switch may also be configured to attach other devices to be managed. For configuring a single port, setting up the in-band management is as simple as providing an IP address to a port on the switch. The IP address should be in a dedicated management subnet. The example below enables port 1/1/12 for in-band management.
OS10(config)# interface ethernet 1/1/12
OS10(conf-if-eth1/1/12)# no switchport
OS10(conf-if-eth1/1/12)# ip address 10.1.1.1/24
Use the ping command from a remote switch or management station to test connectivity to the switch’s in-band management port. To quickly verify management access, SSH or telnet into the switch from a remote device. SSH is enabled by default on SmartFabric OS10. Telnet is disabled by default. To use telnet, it must first be enabled using the ip telnet server enable command from a global configuration prompt.
In-band management may also be configured using a VLAN dedicated for management. An IP address is assigned to the VLAN on each switch in order to access the switch. The management VLAN cannot be the default VLAN, such as VLAN 1, since an IP address cannot be assigned to it.
OS10(config)# interface vlan 11
OS10(conf-if-vl-11)# description management
OS10(conf-if-vl-11)# ip address 10.1.1.1/24
Add one or more ports to the VLAN that will participate in in-band management. A minimum of one port is necessary for the switch itself to be managed through the in-band network. Extra ports can be used to attach and manage downstream devices.
OS10(conf)# interface range eth 1/1/3-1/1/4
OS10(conf-range-eth1/1/1-1/1/2# switchport access vlan 11
OS10(conf-range-eth1/1/1-1/1/2)# no shutdown
OS10(conf-range-eth1/1/1-1/1/2)# exit
If two ports are added to the management VLAN, cable either port to connect to the management VLAN upstream (toward the management station), or directly into the management station. If only one port is configured, cable that port to the management VLAN upstream. The figure below shows how the administrator may use SSH or Telnet to access either switch in the figure.
Use the ping command from a remote switch or management station to test connectivity to the switch. You may ping the switch from a remote switch or management station. To verify in-band access, SSH or telnet into the switch from a remote device. SSH is enabled by default on SmartFabric OS10. Telnet is disabled by default. To use telnet, it must first be enabled using the ip telnet server enable command from a global configuration prompt.
If necessary, you can attach another port on the management VLAN to another device downstream that has been configured to use the same management VLAN.