Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

Bronze

int vlan 1

Hi everybody!

I have this question .

let say we have a distribution switch sw2 which is providing communication between two vlans, 1, and 2 which exist on access switch ,sw1.

Is it possible to use int vlan 1(1.1.1 on sw2 as management int to manage sw2 while at the same time hosts in vlan 1 are using 1.1.1.1(int vlan 1) as their default gateway ?

thanks a lot

3 ACCEPTED SOLUTIONS

Accepted Solutions
Hall of Fame Super Silver

Re: int vlan 1

Hello Sarah,

generally speaking the answer is yes but it is not recommended.

First of all, because it could allow end users to try to access the switch management.

Second because any issue in client vlan could cause problems in accessing devices when it is very important to be able to access them to see what it is happening.

For example if a broadcast storm is happening on client vlan users are affected but if switch management ip address is in a different vlan it may be possible to access it.

Best practice is to use a separate ip subnet for network managements from client Vlans/ IP subnets

Security best practice suggests to do not use vlan1 (the default vlan) at all.

Hope to help

Giuseppe

Hall of Fame Super Blue

Re: int vlan 1

Sarah

It depends on whether you are running L2 or L3 from the access-layer to the distribution layer.

If you are running L2 then often the access-layer switches are connected via trunks with multiple vlans going across them. Even if you limited the vlans to just one for user data you should really have a separate vlan for managing the switches as discussed already in this thread.

If you are running L3 from the access-layer then the switches will be L3 capable and then you only create the vlans you need on each switch. Management of the switch can be taken care of with a loopback interface so you do not need to worry about the management vlan.

But even with L3 it is common to have at least 2 vlans per switch, one for user data and one for VOIP.

Jon

Hall of Fame Super Blue

Re: int vlan 1

Sarah

"Is it possible to configure loopback interface on L2 switch ?" - from memory no it isn't. The option is there ie. "int loopback 10" but the switch won't accept the command.

Note that this is for a L2 capable switch only. A L3 switch that is being used a L2 switch only will still allow you to create a loopback interface.

Jon

5 REPLIES
Hall of Fame Super Silver

Re: int vlan 1

Hello Sarah,

generally speaking the answer is yes but it is not recommended.

First of all, because it could allow end users to try to access the switch management.

Second because any issue in client vlan could cause problems in accessing devices when it is very important to be able to access them to see what it is happening.

For example if a broadcast storm is happening on client vlan users are affected but if switch management ip address is in a different vlan it may be possible to access it.

Best practice is to use a separate ip subnet for network managements from client Vlans/ IP subnets

Security best practice suggests to do not use vlan1 (the default vlan) at all.

Hope to help

Giuseppe

Bronze

Re: int vlan 1

Thanks Giuseppe.

just one more question if yo don't mind

Is it correct the best practice dictatates one vlan per access switch ?

Hall of Fame Super Blue

Re: int vlan 1

Sarah

It depends on whether you are running L2 or L3 from the access-layer to the distribution layer.

If you are running L2 then often the access-layer switches are connected via trunks with multiple vlans going across them. Even if you limited the vlans to just one for user data you should really have a separate vlan for managing the switches as discussed already in this thread.

If you are running L3 from the access-layer then the switches will be L3 capable and then you only create the vlans you need on each switch. Management of the switch can be taken care of with a loopback interface so you do not need to worry about the management vlan.

But even with L3 it is common to have at least 2 vlans per switch, one for user data and one for VOIP.

Jon

Bronze

Re: int vlan 1

Hi Jon.

Is it possible to configure loopback interface on L2 switch ?

Thanks and have a nice day !

Hall of Fame Super Blue

Re: int vlan 1

Sarah

"Is it possible to configure loopback interface on L2 switch ?" - from memory no it isn't. The option is there ie. "int loopback 10" but the switch won't accept the command.

Note that this is for a L2 capable switch only. A L3 switch that is being used a L2 switch only will still allow you to create a loopback interface.

Jon

360
Views
0
Helpful
5
Replies
CreatePlease to create content