Danilo Dy Sat, 12/08/2007 - 23:35
User Badges:
  • Blue, 1500 points or more


Here are some

- Disable the default management VLAN1, use another (i.e. VLAN123) for management. This however may not be doable if you create a VTP Domain

- One VLAN per network/subnet or security segment

- Name the VLAN to their use/purpose or security segment

- Use VTP transparent mode if you are not creating a VTP Domain (by default all switch VTP is in server mode)

If you are creating a VTP Domain, the best practices recommendation differs. Some of them are;

- Configure primary and backup root bridge (don't make the election choose them)

- Set a VTP Domain password

- Choosing between ISL and 802.1Q depends on the feature (MST, PVST) that you want to use and also depends on the other equipment to be use (Netscreen, Checpoint, ASA VLAN Trunking).




This Discussion