Vlan 1 question

Answered Question
Nov 4th, 2008
User Badges:

We have recently migrated our management vlan off vlan 1, to a new dedicated vlan. Our network consists of 2 6500 at the core, and the rest 3560, snd 3548 all running L2. Some of the switches have vlan 1 admin down, and some admin up, is it necessary to still have vlan 1 up or down on all switches?


Thanks.

Correct Answer by Giuseppe Larosa about 8 years 5 months ago

Hello David,

L2 only devices like a 2950 can have only one active vlan so on those platforms you will see only the new management vlan SVI up/up and the SVI for Vlan1 will be admin down.

Some switches that actually have some L3 capabilities can have both SVI up/up.


My suggestion is to shut down the SVI of Vlan1 manually on devices that have it still up/up.

The main reason for moving away from vlan1 as management vlan are security reasons: leaving an alive L3 interface in vlan1 would expose the switches to some threats as it was before the migration.


Hope to help

Giuseppe


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
Giuseppe Larosa Tue, 11/04/2008 - 12:03
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

Hello David,

L2 only devices like a 2950 can have only one active vlan so on those platforms you will see only the new management vlan SVI up/up and the SVI for Vlan1 will be admin down.

Some switches that actually have some L3 capabilities can have both SVI up/up.


My suggestion is to shut down the SVI of Vlan1 manually on devices that have it still up/up.

The main reason for moving away from vlan1 as management vlan are security reasons: leaving an alive L3 interface in vlan1 would expose the switches to some threats as it was before the migration.


Hope to help

Giuseppe


Actions

This Discussion