Creating a Management-only VLAN & using QOS

Unanswered Question
Apr 30th, 2008

Are there any folks on this forum using Management-only VLANs with QOS?

We are seriously looking into doing this, not only for management of our Cisco switches but for security purposes,

and maybe combine it with QoS to make management a littel more robust.

Like a lot of folks we suffered thru the

nightmare memories of Slammer. And since our network was eaten up by the

worm, network management of our devices was pretty much a bust. So we are

looking at dropping in a management VLAN across campus and maybe giving that Mgmt

VLAN a high priority slot in QoS. Hopefully, this would allow us to

continue managing the network in the event of another Slammer level attack -- assuming that some sort of QoS scheme really works :-)

So I am curious to know if anyone else doing this now or are planning to do this in the near term. If so, has it been worth the move? What type of unforeseen problems spanning-tree(if any) did you run into? And is there a useful URL on setting this up?

Any thoughts?


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
a.cruea1980 Wed, 04/30/2008 - 08:25

A useful url:

That is a really big QoS file on setting up QoS properly. Basically, it states what your Management traffic should be at (DSCP 16 or CS2), which is one step over your bulk data. And actually, that document also mentions about worm mitigation (although I haven't gotten through the entire thing, I can't tell you what it says completely).


This Discussion