10-23-2008 10:23 AM - edited 03-09-2019 09:43 PM
Hi guys,
I have a client with a data center where they have lots of VLANs running off a 3750 (main switch) and then they have a 3550 and a 2950 running off from this main 3750.
They have lots of VLANs configured and I see that Vlan1 is not being used. Currently, all the IPs of the switches and routers belong to one of the customer Vlan's.
I've read that this is bad practice and that a management VLAN should be created. But I think I've also read that when it comes to management Vlans, one needs to stay away from Vlan1
So I am not sure how to tackle this.
any help?
thanks
10-23-2008 11:42 AM
Here is a very good discussion which should answer all your questions.
http://www.cisco.com/warp/public/cc/pd/si/casi/ca6000/prodlit/vlnwp_wp.htm#wp39009
10-29-2008 03:00 PM
Establishing a VLAN for management functionality is a good practice. Using VLAN 1 for it is a bad practice. Essentially it is recommended to get everything you can off of vlan 1 (the default untagged vlan, in most cases). You cannot eliminate all traffic, but if you cut it to a minimum, you can easily discern any big jump in traffic which might be a vlan hopping attack by a hacker. This will also allow you to isolate your management traffic where prying eyes will have a harder time finding it.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide