Solved: How to remove vlan 1 from exsisting network infrastructure?

kandanarumugam · ‎02-21-2010

Hi,

In my production network,vlan 1 is up on some switches(all cisco model).Vlan 1 used for Mgmt purpose on some of the switches and many of the switches default configurations are present.How do remove vlan 1 without any impact in production and pls consider the switches are placed in remote sites?

Thanks,

Kandan

KARUPPUCHAMY MALAIYANDI · ‎02-21-2010

Hi,

Before shutdown the vlan 1, we need to complete the below migrations on step by step basis.

1.Collect the user's detail including the IP address,vlan information per switch basis.

2.Create the necessary L2 vlan's on per switch basis and assign each port into the respective vlan based on your information gathered.

3.Create one L3 vlan for switch management purpose.

Hope it helps you

Thanks & Regads

Karuppu

View solution in original post

Ganesh Hariharan · ‎02-21-2010

Hi,

In my production network,vlan 1 is up on some switches(all cisco model).Vlan 1 used for Mgmt purpose on some of the switches and many of the switches default configurations are present.How do remove vlan 1 without any impact in production and pls consider the switches are placed in remote sites?

Thanks,

Kandan

Hi Kandan,

By default, there is only a single VLAN for all ports. This VLAN is called default. You cannot rename or delete VLAN 1.

If you talk about a management VLAN is nothing more than a VLAN that is used for in-band management of your network switching devices. In order to configure this on a switch you need to create a Switch Virtual Interface (SVI) that is mapped to that VLAN and then assign that virtual interface an IP address. On a Cisco switch it would look like the following.

Interface Vlan99
ip address 192.168.1.1 255.255.255.0
no shut

I also want to make something very clear. Your management VLAN does not have to be the same as your Native VLAN. Matter of fact, it is good practice to make sure that they are different. Your management VLAN should only carry in-band management traffic and should not be the default VLAN. By in-band management traffic I am refering to SSH or telnet (although telnet is not recommended because it is not secure). Traffic such as BPDUs, PagP, CDP, use the native VLAN and I would recommend setting that to something other than the default VLAN as well, but still seperate from your management VLAN.

Once that is done setup a simple access list on whatever device routes for the management VLAN so that only the computers you want to access those devices are permitted and all others are denied.

Hope to Help !!

if helpful do rate the post

Ganesh.H

View solution in original post

KARUPPUCHAMY MALAIYANDI · ‎02-21-2010

Hi,

Before shutdown the vlan 1, we need to complete the below migrations on step by step basis.

1.Collect the user's detail including the IP address,vlan information per switch basis.

2.Create the necessary L2 vlan's on per switch basis and assign each port into the respective vlan based on your information gathered.

3.Create one L3 vlan for switch management purpose.

Hope it helps you

Thanks & Regads

Karuppu

Ganesh Hariharan · ‎02-21-2010

Hi,

In my production network,vlan 1 is up on some switches(all cisco model).Vlan 1 used for Mgmt purpose on some of the switches and many of the switches default configurations are present.How do remove vlan 1 without any impact in production and pls consider the switches are placed in remote sites?

Thanks,

Kandan

Hi Kandan,

By default, there is only a single VLAN for all ports. This VLAN is called default. You cannot rename or delete VLAN 1.

If you talk about a management VLAN is nothing more than a VLAN that is used for in-band management of your network switching devices. In order to configure this on a switch you need to create a Switch Virtual Interface (SVI) that is mapped to that VLAN and then assign that virtual interface an IP address. On a Cisco switch it would look like the following.

Interface Vlan99
ip address 192.168.1.1 255.255.255.0
no shut

I also want to make something very clear. Your management VLAN does not have to be the same as your Native VLAN. Matter of fact, it is good practice to make sure that they are different. Your management VLAN should only carry in-band management traffic and should not be the default VLAN. By in-band management traffic I am refering to SSH or telnet (although telnet is not recommended because it is not secure). Traffic such as BPDUs, PagP, CDP, use the native VLAN and I would recommend setting that to something other than the default VLAN as well, but still seperate from your management VLAN.

Once that is done setup a simple access list on whatever device routes for the management VLAN so that only the computers you want to access those devices are permitted and all others are denied.

Hope to Help !!

if helpful do rate the post

Ganesh.H

Jon Marshall · ‎02-22-2010

Hi Ganesh

Traffic such as BPDUs, PagP, CDP, use the native VLAN

Just to clarify. CDP/VTP/PagP use vlan 1 not the native vlan. By default the native vlan is vlan 1 but if you change the native vlan then CDP/VTP/PagP will still use vlan 1 but the packets will be tagged.

As far as i know only DTP uses the native vlan so if you changed the native vlan then DTP would use the new vlan to send frames.

With PVST+ BPDUs obviously run on all vlans.

Jon

Ganesh Hariharan · ‎02-22-2010

Hi Ganesh

Traffic such as BPDUs, PagP, CDP, use the native VLAN

Just to clarify. CDP/VTP/PagP use vlan 1 not the native vlan. By default the native vlan is vlan 1 but if you change the native vlan then CDP/VTP/PagP will still use vlan 1 but the packets will be tagged.

As far as i know only DTP uses the native vlan so if you changed the native vlan then DTP would use the new vlan to send frames.

With PVST+ BPDUs obviously run on all vlans.

Jon

Hi Jon,

Thanx Jon for giving clear view and understanding !!

Ganesh.H