Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Cisco > Native, and management vlan "Vlan 1"

Reply
Thread Tools

Native, and management vlan "Vlan 1"

 
 
Andy
Guest
Posts: n/a
 
      09-21-2005
Hi, what is the recommendations for both Native vlan, and management
vlan?
I know that user traffic should be seperated from management traffic,
and its better to use out-of-band management.
But do we keep Vlan 1 the native vlan? and any other recommendation you
think its important to know. Thank you!!

 
Reply With Quote
 
 
 
 
Walter Roberson
Guest
Posts: n/a
 
      09-21-2005
In article <(E-Mail Removed). com>,
Andy <(E-Mail Removed)> wrote:
:Hi, what is the recommendations for both Native vlan, and management
:vlan?
:I know that user traffic should be seperated from management traffic,
:and its better to use out-of-band management.
:But do we keep Vlan 1 the native vlan? and any other recommendation you
:think its important to know. Thank you!!

If an untagged packet somehow manages to get injected to a port
(accident, misadventure, hacking, vlan hopping, remote machine isn't
configured properly) then you probably don't want that packet
to be treated as if it were legitimately generated by the remote
device -- so you want the native vlan to be one that the remote
device never uses for legitimate traffic.

Some devices, don't handle per-vlan spanning tree and only generate
spanning tree on vlan 1. Some only generate some of the layer 2 link-
layer protocols on vlan 1. Some devices only accept management traffic
on vlan 1.

Some devices drop traffic into VLAN 1 if they can't figure out what
else to do with it (e.g., an appletalk packet comes along and your
vlans are 802.2 based).

So... it depends


My -personal- preference is to make the native vlan a vlan that is
otherwise unused, and which is not being trunked to that port,
thus achieving the -effect- of "filter all untagged packets"
even on devices that don't offer that configuration option.
--
Watch for our new, improved .signatures -- Wittier! Profounder! and
with less than 2 grams of Trite!
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Cisco C2900XL want ports to work on native vlan and switchport vlan paul1537 Cisco 0 05-15-2008 03:30 PM
port access to vlan and non-vlan traffic. JavierI Cisco 0 11-17-2007 01:10 AM
VLAN Project and Native VLAN mlp128@sfx.liverpool.sch.uk Cisco 4 08-16-2007 09:23 AM
User's VLAN and special VLAN Rahan Cisco 0 08-25-2006 03:45 PM
HI, I have some question about native vlan and default vlan. PS2 gamer Cisco 1 05-28-2004 11:47 AM



Advertisments