Management VLAN

Answered Question
May 4th, 2010

By default there are three types of traffic that pass through Catalyst switches:

Control traffic

Management traffic

End-user traffic

Control traffic includes CDP, VTP ,PAgP

Management traffic includes end-to-end and IP-based protocols such as Telnet, SNMP, and VQP (the protocol used by VMPS). These protocols always use the VLAN assign to SC0.

by default all three traffics are assigned to VLAN 1. Can we change a management VLAN to any VLAN ?, if we change a management vlan to another VLAN will control traffic is also changed automatically to the new management vlan or not?

And if we change management vlan to another VLAN and if we assume that even control traffic is changed automatically to new management vlan, will this switch in which management vlan has changed to another VLAN will communicate with control traffic of another switch's control traffic that uses VLAN 1 as management vlan .

And i studied that, if we move default management vlan (VLAN 1) to another VLAN and control traffic is not moved along with management vlan, we have to shut down the VLAN 1 as Only one management VLAN can be active at a time. If we shut down vlan1 what will happen to control traffic that uses VLAN 1 ( if it control traffic is not automatically moved to new management vlan and stays in VLAN 1).

Please anyone suggest the solution...........Thanks in advance.

Message was edited by: fgfgu nhty

I have this problem too.
0 votes
Correct Answer by Jon Marshall about 6 years 8 months ago

tecknology wrote:

is there any situation where native vlan 100 id is attached to a TAG in 802.1q header to represent that native vlan traffic user data  ?

Thank you very much for quick and clear explanation for my own  preperation of ccnp..

No, by definition the native vlan is untagged so even user data would be untagged if sent on the native vlan.

There is a command available on some switches where you can tell the switch to tag all vlans including the native so all traffic including traffic on vlan 100 in your example would have a vlan tag but by default the native vlan is always untagged.

Jon

Correct Answer by Jon Marshall about 6 years 8 months ago

tecknology wrote:

really thanks for very quick reply.........

so on a switch with native vlan configured as 100, vlan1 user traffic is sent with a tag specifying VLAN ID as VLAN 1 in 802.1q header and this traffic is not considered as untagged traffic, Then what traffic is considered as untagged traffic on a switch configured with native vlan of 100 except DTP.?

Any traffic being sent on vlan 100 is considered to be untagged traffic. If you have configured vlan 100 to be the native vlan and you have no user ports in vlan 100 then DTP is the only protocol that i am aware of that will be untagged plus of course STP BPDUs for vlan 100.

Jon

Correct Answer by Jon Marshall about 6 years 8 months ago

tecknology wrote:

By default there are three types of traffic that pass through Catalyst switches:

Control traffic

Management traffic

End-user traffic

Control traffic includes CDP, VTP ,PAgP

Management traffic includes end-to-end and IP-based protocols such as Telnet, SNMP, and VQP (the protocol used by VMPS). These protocols always use the VLAN assign to SC0.

by default all three traffics are assigned to VLAN 1. Can we change a management VLAN to any VLAN ?, if we change a management vlan to another VLAN will control traffic is also changed automatically to the new management vlan or not?

And if we change management vlan to another VLAN and if we assume that even control traffic is changed automatically to new management vlan, will this switch in which management vlan has changed to another VLAN will communicate with control traffic of another switch's control traffic that uses VLAN 1 as management vlan .

And i studied that, if we move default management vlan (VLAN 1) to another VLAN and control traffic is not moved along with management vlan, we have to shut down the VLAN 1 as Only one management VLAN can be active at a time. If we shut down vlan1 what will happen to control traffic that uses VLAN 1 ( if it control traffic is not automatically moved to new management vlan and stays in VLAN 1).

Please anyone suggest the solution...........Thanks in advance.

You can use any vlan as a management vlan. It is recommended not to use vlan 1 and not to use any vlan that carries user data traffic.

If you change the management vlan this does not affect the control traffic, that will still go on vlan 1. If you change the native vlan to a vlan other than vlan 1 then all control traffic ie. CDP/VTP/PagP etc. still uses vlan 1 except DTP which uses the native vlan.

If you shut down vlan 1 interface on your switches so you can bring up another L3 SVI for your management vlan this will have no effect on vlan 1 being used to send control traffic. In fact you can clear vlan 1 off trunks cisco switches will still use vlan 1 to send the control traffic between switches.

Recommendation is not to use vlan 1 for anything that you can configure so -

1) switch management vlan on different vlan

2) user vlans not to include vlan 1

3) unused ports in a "holding vlan" - this does not need a L3 SVI

4) native vlan not vlan 1 and not any of the other vlans - this does not need a L3 SVI

Jon

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (4 ratings)
Loading.
tecknology Tue, 05/04/2010 - 10:16

Thanks Mr.Jon for clear explanation......

One more request regarding 802.1q native vlan............

.Suppose we have two switches A and B with native VLAN ID configured to 100 on both switches and we have few users connected to VLAN 1 and few users connected to VLAN 10 on a switch A with trunk link connected to another switch B.

  If a user from VLAN 10 in switch A sends data to a member in same VLAN 10 in switch B, then trunk adds a VLAN ID tag to the frame sent from switch A to B, then switch will identify respective VLAN and forwards accordingly.

If a user from VLAN 1 in switch A wants to send data to a user in VLAN 1 in switch B  --- is traffic sent as VLAN 1 id tag attached and not as native vlan traffic or vlan 1 traffic is considered as native vlan traffic (native vlan is set as 100).

  if vlan 1 traffic is considered as native vlan traffic then will it add native vlan ID of 100 to vlan 1 traffic?

Thanks...................

Jon Marshall Tue, 05/04/2010 - 10:22

If you have set the native vlan to vlan 100 then vlan 1 data will be tagged just like any other non-native vlan on the trunk link. So by default the native vlan is vlan 1 which means vlan 1 traffic on a trunk link is not tagged, but if you change the native vlan to vlan 100 then vlan 100 is not tagged and vlan 1 traffic is tagged.

Jon

tecknology Tue, 05/04/2010 - 10:37

really thanks for very quick reply.........

so on a switch with native vlan configured as 100, vlan1 user traffic is sent with a tag specifying VLAN ID as VLAN 1 in 802.1q header and this traffic is not considered as untagged traffic, Then what traffic is considered as untagged traffic on a switch configured with native vlan of 100 except DTP.?

Correct Answer
Jon Marshall Tue, 05/04/2010 - 10:40

tecknology wrote:

really thanks for very quick reply.........

so on a switch with native vlan configured as 100, vlan1 user traffic is sent with a tag specifying VLAN ID as VLAN 1 in 802.1q header and this traffic is not considered as untagged traffic, Then what traffic is considered as untagged traffic on a switch configured with native vlan of 100 except DTP.?

Any traffic being sent on vlan 100 is considered to be untagged traffic. If you have configured vlan 100 to be the native vlan and you have no user ports in vlan 100 then DTP is the only protocol that i am aware of that will be untagged plus of course STP BPDUs for vlan 100.

Jon

tecknology Tue, 05/04/2010 - 10:53

is there any situation where native vlan 100 id is attached to a TAG in 802.1q header to represent that native vlan traffic user data  ?

Thank you very much for quick and clear explanation for my own  preperation of ccnp..

Correct Answer
Jon Marshall Tue, 05/04/2010 - 10:56

tecknology wrote:

is there any situation where native vlan 100 id is attached to a TAG in 802.1q header to represent that native vlan traffic user data  ?

Thank you very much for quick and clear explanation for my own  preperation of ccnp..

No, by definition the native vlan is untagged so even user data would be untagged if sent on the native vlan.

There is a command available on some switches where you can tell the switch to tag all vlans including the native so all traffic including traffic on vlan 100 in your example would have a vlan tag but by default the native vlan is always untagged.

Jon

tecknology Tue, 05/04/2010 - 11:07

Thank you Mr.Jon for staying till doubts are cleared.Very happy to find answers here for doubts instead of  google serach

Jon Marshall Tue, 05/04/2010 - 11:10

tecknology wrote:

Thank you Mr.Jon for staying till doubts are cleared.Very happy to find answers here for doubts instead of  google serach

No problem, glad to have helped and thanks for the ratings.

Good luck with your CCNP.

Jon

Correct Answer
Jon Marshall Tue, 05/04/2010 - 07:55

tecknology wrote:

By default there are three types of traffic that pass through Catalyst switches:

Control traffic

Management traffic

End-user traffic

Control traffic includes CDP, VTP ,PAgP

Management traffic includes end-to-end and IP-based protocols such as Telnet, SNMP, and VQP (the protocol used by VMPS). These protocols always use the VLAN assign to SC0.

by default all three traffics are assigned to VLAN 1. Can we change a management VLAN to any VLAN ?, if we change a management vlan to another VLAN will control traffic is also changed automatically to the new management vlan or not?

And if we change management vlan to another VLAN and if we assume that even control traffic is changed automatically to new management vlan, will this switch in which management vlan has changed to another VLAN will communicate with control traffic of another switch's control traffic that uses VLAN 1 as management vlan .

And i studied that, if we move default management vlan (VLAN 1) to another VLAN and control traffic is not moved along with management vlan, we have to shut down the VLAN 1 as Only one management VLAN can be active at a time. If we shut down vlan1 what will happen to control traffic that uses VLAN 1 ( if it control traffic is not automatically moved to new management vlan and stays in VLAN 1).

Please anyone suggest the solution...........Thanks in advance.

You can use any vlan as a management vlan. It is recommended not to use vlan 1 and not to use any vlan that carries user data traffic.

If you change the management vlan this does not affect the control traffic, that will still go on vlan 1. If you change the native vlan to a vlan other than vlan 1 then all control traffic ie. CDP/VTP/PagP etc. still uses vlan 1 except DTP which uses the native vlan.

If you shut down vlan 1 interface on your switches so you can bring up another L3 SVI for your management vlan this will have no effect on vlan 1 being used to send control traffic. In fact you can clear vlan 1 off trunks cisco switches will still use vlan 1 to send the control traffic between switches.

Recommendation is not to use vlan 1 for anything that you can configure so -

1) switch management vlan on different vlan

2) user vlans not to include vlan 1

3) unused ports in a "holding vlan" - this does not need a L3 SVI

4) native vlan not vlan 1 and not any of the other vlans - this does not need a L3 SVI

Jon

Actions

This Discussion