Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
297
Views
0
Helpful
1
Replies

Management interface and log server

donohoecompanies
Level 1
Level 1

‎05-03-2021 12:00 PM

On our switches we have a production network (172.16.4.0/22) (VLAN4) that servers and clients sit on, then we have a management network (172.16.8.0/22) (VLAN10) which the management interfaces of various systems sit on, including our switches. We want to send logs from our switches to a data collector which sits on the production network, but only allow management of the switch from the management network.

 

Would this configuration achieve that, and is there a better way to do it?

 

interface Vlan4
ip address 172.16.4.40 255.255.252.0
!
interface Vlan10
ip address 172.16.8.40 255.255.252.0
!
ip access-list standard Management-SSH
permit 172.16.8.0 0.0.0.255
logging trap debugging
logging host 172.16.4.19
!
line con 0
line vty 0 4
access-class Management-SSH in
line vty 5 15
access-class Management-SSH in
transport input all

Labels:
0 Helpful
1 Reply 1

balaji.bandi
Hall of Fame
Hall of Fame

‎05-04-2021 03:26 AM

As long as routing in place to reach management network and data network Logs will reach destination.

 

you can also use Logging using the interface.

Logging source-interface x/x

 

or you would like to make ACL to allow only syslog messages to allow ?

 

is this make sense ? what challenges you see here ?

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card