Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
462
Views
5
Helpful
2
Replies

Management VLAN -- New to Cisco

dhaselhorst
Level 1
Level 1

‎01-19-2006 10:13 AM - edited ‎03-05-2019 11:45 AM

I've been working on configuring VLANs for my network and I came across something that confuses me. Under practical tips in this docuemnt http://www.cisco.com/warp/public/473/189.html#tips it states:

Separate the management VLAN from the user or server VLAN, as in this diagram. The management VLAN is different from the user or server VLAN. With this separation, any broadcast/packet storm that occurs in the user or server VLAN does not affect the management of switches.

Do not use VLAN 1 for management. All ports in Catalyst switches default to VLAN 1, and any devices that connect to nonconfigured ports are in VLAN 1. The use of VLAN 1 for management can cause potential issues for the management of switches, as the first tip explains.

I understand the concept, and i've made my managment VLAN 10. However, when I connect a computer to the switch it doesn't default to VLAN1 it defaults to VLAN10 which puts the computer by default in the management VLAN.

What's the point of creating a different VLAN ID for management if the workstations are going to default to it anyhow? I understand once I configure the ports it will take them out of the management VLAN, I'm just wondering why I couldn't use VLAN1 as the management domain.

Regards,

David

Labels:
0 Helpful
2 Replies 2

olorunloba
Level 5
Level 5

‎01-19-2006 01:03 PM

It seems to me that you must have changed the native vlan of the switch. Can you post your config for us to see?.

By configuring a management VLAN, PCs should not by default be in this Vlan.

0 Helpful

hculver
Level 1
Level 1

‎01-19-2006 01:20 PM

To support an inband management VLAN, you'll have to configure trunking (802.1Q) between switch uplinks allowing your management vlan (VLAN 10) traffic to traverse the trunk in addition to the user vlan (lets say vlan 20). To trunk, you must utilize a unique VLANs per subnet. I like to force trunking (switchport encap dot1q, switchport mode trunk, switchport nonnegotiate) so as not to utilize DTP (dynamic trunking protocol).

For user access, you need to configure the vlan on the switch and enable switchport mode access along with switchport access vlan 20 (user vlan).

Keep in mind, inband management works well for user access; however, for data center server access trunking is not recommended.

With all that said, you still may have to use VLAN 1 in certain scenarios. For instance, an IBM Blade center management module required the use of vlan 1 to manage the blade center.

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card