I am attempt to align myself with the best practices of cisco, i would like to change my management vlan to something other than vlan 1. right now i have a few trunks between several switches and i am running vtp as well.
i have read so many different things on this issue, that i believe i am even more confused than when i started.
to make this change, i should remove the ip addressing from vlan 1 correct? will this vlan need to be or can it even be shut down? i should assign another random vlan an ip address and do so on all of my switches. now on the trunks between these switches, what do i set as my native vlan? also, do i prune vlan 1 from my trunks? am i missing anything?
1. If you are changing the management VLAN from vlan1 to another vlan then you would have to move the management IP to the newly created vlan interface from vlan1.
2. If you are using VTP then pruning is enabled by default on most Catalyst switches. Hence, trunks wouldn't carry vlan updates for inactive VLANs.
3. The switch may give you an error if you try the default vlan1 interface. Just shut it down. You may want to add a description like 'management vlan moved to xxx'.
4. The default native vlan is 1. You can make any vlan to be the native vlan on your trunks but it's not a mandatory requirement. But if you have too many trunks then that would mean lot of work for you and possible outages during the config change.
The reason why you may want to shut down the vlan1 interface is because most layer 2 switches would support only one management interface. In that case you would have to shut down vlan1 interface to activate another vlan interface.
No, I can't think of a complication by leaving the native vlan to be the default vlan1. If there's any untagged traffic that arrives at the port the switch assumes the traffic came in on vlan1 and that's all it does.
i find it a best practice to not use VLAN 1 for anything.
i would create a new VLAN for management and of course, change any respective IP, routes, ports, etc.
complications from leaving VLAN 1 native and/or active could arise from a rouge device being added to the switching environment (port) that is not configured for other than VLAN 1 and have that device cause problems of sorts. if VLAN 1 is carrying most of your vital traffic, this could be impacting and a problem to users.
since VLAN 1 is the default vlan for all ports in virtually all switches, i would keep it as far from impacting my production data/traffic flows as possible.
I have just a couple more pieces of experience to add.
I avoid explicitly using the native VLAN function (untagged frames) of all trunks. There's really no point in using it, and it adds more config and therefore potential for misconfig.
The _only_ places that I do use the native VLAN functionality is when trunking to a non-Cisco switch. That allows us to plug unmanaged switches into designated trunk ports and deliver a single (edge) VLAN.
Keep the production (client edge) traffic on seperate, regionalized VLANs. Put the servers on another seperate VLAN. This kind of layout allows you to easily set up packet filtering at layer 3 later on.
Hi everyone, I would like to thank you in advance for any help you can provide a newcomer like myself!
Im studying the 100-105 book by Odom and am currently on the topic of Port security. I purchased a used 2960 and I'm trying to follow a...
While deploying a number of 18xx/2802/3802 model access points (APs), which run AP-COS as their operating platform. It can be observed on some occasions that while many of their access points were able to join the fabric WLC withou...
I am going to design and build an LAN network under a tunnel underground with long distance between the switches.
I will have 2 Catalyst switches and 8 Industrial IE3000, and they will be connected with fiber.
For now I am planning on use Layer-2 s...