×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

VLAN Management

Unanswered Question
Jul 16th, 2006
User Badges:

Hello,

I have almost 50 cisco switches, they are accessable through there public IPs, some ports of the switches are used for the local IPs, but some ports of the switchs are used for the Public IP clients, local IP clients are working through VLAN, but public IP clints are not working any VLAN, they are working under VLAN 1, and all switches are also managed through VLAN 1..

* Is it a good method, Or i configure a different VLAN for a Public IP Clients.


Thank You

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
jackyoung Sun, 07/16/2006 - 23:44
User Badges:
  • Gold, 750 points or more

What I suggest is to use separated VLANs for public, private and management traffic. It can prevent the attack from public to your equipment and limited the broadcast domain. However, VLAN routing and ACL is required for the security issue.

Rolf Fischer Sun, 07/16/2006 - 23:58
User Badges:

The special thing about VLAN1 is that it's the native VLAN (as long as you don't change that by configuring a different one as nativ).

The switches exchange a lot of managent-data on the native VLAN, e.g. VTP, STP, CDP etc.

An other thing is that the native VLAN is transmited untagged on trunks which can be a security risk. And port that are not assigned to a VLAN, operate in VLAN1 by default.

That's why some people don't use VLAN1 at all.

A good link regarding switch security: www.nsa.gov/snac/os/switch-guide-version1_01.pdf

Actions

This Discussion