Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
572
Views
11
Helpful
7
Replies

Switch management

rhltechie
Level 1
Level 1

‎05-25-2006 05:57 AM - edited ‎03-03-2019 03:22 AM

Hi All,

I am attempt to align myself with the best practices of cisco, i would like to change my management vlan to something other than vlan 1. right now i have a few trunks between several switches and i am running vtp as well.

i have read so many different things on this issue, that i believe i am even more confused than when i started.

to make this change, i should remove the ip addressing from vlan 1 correct? will this vlan need to be or can it even be shut down? i should assign another random vlan an ip address and do so on all of my switches. now on the trunks between these switches, what do i set as my native vlan? also, do i prune vlan 1 from my trunks? am i missing anything?

TIA,

R

Labels:
0 Helpful
7 Replies 7

sundar.palaniappan
Level 10
Level 10

‎05-25-2006 02:01 PM

1. If you are changing the management VLAN from vlan1 to another vlan then you would have to move the management IP to the newly created vlan interface from vlan1.

2. If you are using VTP then pruning is enabled by default on most Catalyst switches. Hence, trunks wouldn't carry vlan updates for inactive VLANs.

3. The switch may give you an error if you try the default vlan1 interface. Just shut it down. You may want to add a description like 'management vlan moved to xxx'.

4. The default native vlan is 1. You can make any vlan to be the native vlan on your trunks but it's not a mandatory requirement. But if you have too many trunks then that would mean lot of work for you and possible outages during the config change.

Hope I covered all your questions.

HTH,

Sundar

*Please rate all helpful posts.

rhltechie
Level 1
Level 1
In response to sundar.palaniappan

‎05-26-2006 03:59 AM

Thanks for your reply.

I was indeed intending on moving the ip from vlan 1 to the new management vlan. And you are saying that I should indeed just shutdown vlan 1?

are there any complications to me leaving my native vlan 1 instead of the new management vlan?

Thanks

0 Helpful

sundar.palaniappan
Level 10
Level 10
In response to rhltechie

‎05-26-2006 03:23 PM

The reason why you may want to shut down the vlan1 interface is because most layer 2 switches would support only one management interface. In that case you would have to shut down vlan1 interface to activate another vlan interface.

No, I can't think of a complication by leaving the native vlan to be the default vlan1. If there's any untagged traffic that arrives at the port the switch assumes the traffic came in on vlan1 and that's all it does.

HTH,

Sundar

*Please rate all helpful posts.

gpulos
Level 8
Level 8
In response to rhltechie

‎06-01-2006 08:07 AM

i find it a best practice to not use VLAN 1 for anything.

i would create a new VLAN for management and of course, change any respective IP, routes, ports, etc.

complications from leaving VLAN 1 native and/or active could arise from a rouge device being added to the switching environment (port) that is not configured for other than VLAN 1 and have that device cause problems of sorts. if VLAN 1 is carrying most of your vital traffic, this could be impacting and a problem to users.

since VLAN 1 is the default vlan for all ports in virtually all switches, i would keep it as far from impacting my production data/traffic flows as possible.

0 Helpful

devang_etcom
Level 7
Level 7
In response to sundar.palaniappan

‎06-01-2006 11:16 AM

hi Sundar,

so here we need to remove the pruning of newly created native VLAN

and what comand 'management vlan moved to xxx' will exectly do...

if we move the native VLAN then it will creat the issue of 802.1Q when two differnet switch trunk port are in different native vlan

please reply me

regards

Devang

0 Helpful

eric_chan
Level 1
Level 1

‎05-26-2006 07:33 AM

My experience are:

1) put management on differnet vlan.

2) use Vlan 1 for native vlan.

3) Don't put any user/managment traffic on vlan 1.

4) shutdown Vlan 1 ..

You shouldn't have to re-address your switches.. just move the management IP to new vlan interface.

lburleso
Level 1
Level 1
In response to eric_chan

‎06-01-2006 10:42 AM

I have just a couple more pieces of experience to add.

I avoid explicitly using the native VLAN function (untagged frames) of all trunks. There's really no point in using it, and it adds more config and therefore potential for misconfig.

The _only_ places that I do use the native VLAN functionality is when trunking to a non-Cisco switch. That allows us to plug unmanaged switches into designated trunk ports and deliver a single (edge) VLAN.

Keep the production (client edge) traffic on seperate, regionalized VLANs. Put the servers on another seperate VLAN. This kind of layout allows you to easily set up packet filtering at layer 3 later on.

- Lee

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents