Native, and management vlan "Vlan 1"|
|
|
Bookmark this page:
 Yahoo!
 Google
 Windows Live
 del.icio.us
 digg
 Netscape
|
|
|||||||||||||
|
Posted by Andy on September 21, 2005, 2:50 pm
Please log in for more thread options
vlan? I know that user traffic should be seperated from management traffic, and its better to use out-of-band management. But do we keep Vlan 1 the native vlan? and any other recommendation you think its important to know. Thank you!! | |||||||||||||
|
Posted by Walter Roberson on September 21, 2005, 3:21 pm
Please log in for more thread options :vlan? :I know that user traffic should be seperated from management traffic, :and its better to use out-of-band management. :But do we keep Vlan 1 the native vlan? and any other recommendation you :think its important to know. Thank you!! If an untagged packet somehow manages to get injected to a port (accident, misadventure, hacking, vlan hopping, remote machine isn't configured properly) then you probably don't want that packet to be treated as if it were legitimately generated by the remote device -- so you want the native vlan to be one that the remote device never uses for legitimate traffic. Some devices, don't handle per-vlan spanning tree and only generate spanning tree on vlan 1. Some only generate some of the layer 2 link- layer protocols on vlan 1. Some devices only accept management traffic on vlan 1. Some devices drop traffic into VLAN 1 if they can't figure out what else to do with it (e.g., an appletalk packet comes along and your vlans are 802.2 based). So... it depends ;-) My -personal- preference is to make the native vlan a vlan that is otherwise unused, and which is not being trunked to that port, thus achieving the -effect- of "filter all untagged packets" even on devices that don't offer that configuration option. -- Watch for our new, improved .signatures -- Wittier! Profounder! and with less than 2 grams of Trite! | |||||||||||||
| Similar Threads | Posted |
| Native, and management vlan "Vlan 1" | September 21, 2005, 2:50 pm |
| VLAN Project and Native VLAN | July 13, 2007, 5:06 am |
| Native VLAN | February 8, 2007, 9:40 pm |
| native vlan | December 18, 2008, 6:45 am |
| Native VLAN Warning | August 23, 2005, 8:24 am |
| understanding native VLAN | September 23, 2005, 10:10 pm |
| Native VLAN question | November 22, 2005, 5:58 am |
| native vlan question | April 15, 2008, 3:51 am |
| native vlan for mgmt | July 18, 2009, 9:20 pm |
| Management VLAN | November 9, 2008, 11:16 pm |
| Change native VLAN on ASA 5520 | July 5, 2007, 6:17 am |
| Native Vlan Mismatch error | January 20, 2008, 2:09 am |
| Trunk VLAN Management | February 25, 2006, 8:56 am |
| delegating vlan management | February 28, 2007, 4:27 pm |
| change native vlan globaly on 3560 | January 5, 2007, 2:08 pm |
|
Home Cabling GuideFinally, an instantly downloadable book that saves you thousands in home improvement dollars! Enjoy living in 21st century technology-advanced home while increasing its selling value and competitive advantage on the real estate market. Whether your cabling is for home office or high-tech leisure, you can wire your home yourself or learn "wirish" to speak with your cabling contractors in their language! Learn More |