cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
467
Views
0
Helpful
6
Replies

Network Management triffic and VLANs

morrisbk1
Level 1
Level 1

How does one assign a network management traffic (rip, BPDUs, CDP, etc.) to a VLAN? I know to assign a computer to a VLAN, you simply add the port in that VLAN, but what I do not understand is adding network traffic to VLAN when they do not have ports. I have read countless documentations about uses of VLANs, and it was mentioned in several of the documentations that you can separate network management traffic by putting them in VLANs.

Any help will be appreciated.

6 Replies 6

Reza Sharifi
Hall of Fame
Hall of Fame

Hi,

By default control traffic protocols like CDP, BPDU, VTP, PAGP, etc use VLAN 1, even when this VLAN is cleared from the trunk. But no user traffic is send using VLAN 1

HTH

Reza

http://www.cisco.com/en/US/tech/tk389/tk689/technologies_tech_note09186a0080890613.shtml#topic13

Giuseppe Larosa
Hall of Fame
Hall of Fame

Hello Morris,

in practice

1 vlan <=> 1 IP subnet

in modern designs

having separate Vlans for management provides:

more security you can avoid users to be able to access network devices

a chance to connect to devices when troubles affect client vlans.

>> but what I do not understand is adding network traffic to VLAN when they do not have ports

a trunk port is a member of all vlans that are permitted over it so you don't need access ports on a device to have it to take part in a vlan.

Access ports can be on access layer switches for client vlans.

Hope to help

Giuseppe

say, you no longer want your management vlan to be VLAN1, so you create VLAN25 for just management traffic, how to you assign the triffic to that VLAN? i know fow a trunk you can just allowed the traffic with this command ==switchport trunk allowed vlan add 5,6,2==. but how do you do this without the trunk?

Depends what you mean by management traffic. If you mean the vlan used to remotely login to switches to adminster them just make sure that no user end devices are allocated into that vlan ie. only switches should be allocated IP addresses from this vlan.

As for CDP, PagP, VTP, well these will still be sent on vlan 1 and you can't change this but what you can do is make sure that no devices are allocated into vlan 1 so no device anywhere is allocated an IP address from vlan 1 subnet.

Jon

Hello Morris,

the idea is to use

Vlan 25 just for management ip addresses of switches and routers.

other vlans 30, 35, and so on for client vlans.

L2 trunks are the best solution for interconnecting switches

the alternative is to use access ports = 1 link for each vlan and it is not scalable at all.

Hope to help

Giuseppe

thanks everybody, i think i got it know.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: