Best Practices for management VLAN

Unanswered Question
Oct 23rd, 2008

Hi guys,

I have a client with a data center where they have lots of VLANs running off a 3750 (main switch) and then they have a 3550 and a 2950 running off from this main 3750.

They have lots of VLANs configured and I see that Vlan1 is not being used. Currently, all the IPs of the switches and routers belong to one of the customer Vlan's.

I've read that this is bad practice and that a management VLAN should be created. But I think I've also read that when it comes to management Vlans, one needs to stay away from Vlan1

So I am not sure how to tackle this.

any help?


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
flitcraft33 Wed, 10/29/2008 - 15:00

Establishing a VLAN for management functionality is a good practice. Using VLAN 1 for it is a bad practice. Essentially it is recommended to get everything you can off of vlan 1 (the default untagged vlan, in most cases). You cannot eliminate all traffic, but if you cut it to a minimum, you can easily discern any big jump in traffic which might be a vlan hopping attack by a hacker. This will also allow you to isolate your management traffic where prying eyes will have a harder time finding it.


This Discussion