Network Management triffic and VLANs

Unanswered Question
Oct 5th, 2009
User Badges:

How does one assign a network management traffic (rip, BPDUs, CDP, etc.) to a VLAN? I know to assign a computer to a VLAN, you simply add the port in that VLAN, but what I do not understand is adding network traffic to VLAN when they do not have ports. I have read countless documentations about uses of VLANs, and it was mentioned in several of the documentations that you can separate network management traffic by putting them in VLANs.


Any help will be appreciated.


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Giuseppe Larosa Mon, 10/05/2009 - 11:46
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

Hello Morris,

in practice

1 vlan <=> 1 IP subnet

in modern designs


having separate Vlans for management provides:

more security you can avoid users to be able to access network devices

a chance to connect to devices when troubles affect client vlans.


>> but what I do not understand is adding network traffic to VLAN when they do not have ports


a trunk port is a member of all vlans that are permitted over it so you don't need access ports on a device to have it to take part in a vlan.

Access ports can be on access layer switches for client vlans.



Hope to help

Giuseppe


morrisbk1 Mon, 10/05/2009 - 12:03
User Badges:

say, you no longer want your management vlan to be VLAN1, so you create VLAN25 for just management traffic, how to you assign the triffic to that VLAN? i know fow a trunk you can just allowed the traffic with this command ==switchport trunk allowed vlan add 5,6,2==. but how do you do this without the trunk?

Jon Marshall Mon, 10/05/2009 - 12:07
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Depends what you mean by management traffic. If you mean the vlan used to remotely login to switches to adminster them just make sure that no user end devices are allocated into that vlan ie. only switches should be allocated IP addresses from this vlan.


As for CDP, PagP, VTP, well these will still be sent on vlan 1 and you can't change this but what you can do is make sure that no devices are allocated into vlan 1 so no device anywhere is allocated an IP address from vlan 1 subnet.


Jon

Giuseppe Larosa Mon, 10/05/2009 - 12:09
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

Hello Morris,

the idea is to use

Vlan 25 just for management ip addresses of switches and routers.


other vlans 30, 35, and so on for client vlans.


L2 trunks are the best solution for interconnecting switches


the alternative is to use access ports = 1 link for each vlan and it is not scalable at all.


Hope to help

Giuseppe


Actions

This Discussion