Hi,
In my production network,vlan 1 is up on some switches(all cisco model).Vlan 1 used for Mgmt purpose on some of the switches and many of the switches default configurations are present.How do remove vlan 1 without any impact in production and pls consider the switches are placed in remote sites?
Thanks,
Kandan
www.unix.org.ua
How to remove vlan 1 from exsisting network infrastructure?
Moderator: sva
5 posts • Page 1 of 1
How to remove vlan 1 from exsisting network infrastructure?
by KANDAN ARUMUGAM on Tue Feb 23, 2010 12:57 pm
- KANDAN ARUMUGAM
Re: How to remove vlan 1 from exsisting network infrastructure?
by KARUPPUCHAMY MALAIYANDI on Tue Feb 23, 2010 12:57 pm
Hi,
Before shutdown the vlan 1, we need to complete the below migrations on step by step basis.
1.Collect the user's detail including the IP address,vlan information per switch basis.
2.Create the necessary L2 vlan's on per switch basis and assign each port into the respective vlan based on your information gathered.
3.Create one L3 vlan for switch management purpose.
Hope it helps you
Thanks & Regads
Karuppu
Before shutdown the vlan 1, we need to complete the below migrations on step by step basis.
1.Collect the user's detail including the IP address,vlan information per switch basis.
2.Create the necessary L2 vlan's on per switch basis and assign each port into the respective vlan based on your information gathered.
3.Create one L3 vlan for switch management purpose.
Hope it helps you
Thanks & Regads
Karuppu
- KARUPPUCHAMY MALAIYANDI
Re: How to remove vlan 1 from exsisting network infrastructure?
by ganeshh_iyer on Tue Feb 23, 2010 12:58 pm
Hi Kandan,
By default, there is only a single VLAN for all ports. This VLAN is called default. You cannot rename or delete VLAN 1.
If you talk about a management VLAN is nothing more than a VLAN that is used for in-band management of your network switching devices. In order to configure this on a switch you need to create a Switch Virtual Interface (SVI) that is mapped to that VLAN and then assign that virtual interface an IP address. On a Cisco switch it would look like the following.
Interface Vlan99
ip address 192.168.1.1 255.255.255.0
no shut
I also want to make something very clear. Your management VLAN does not have to be the same as your Native VLAN. Matter of fact, it is good practice to make sure that they are different. Your management VLAN should only carry in-band management traffic and should not be the default VLAN. By in-band management traffic I am refering to SSH or telnet (although telnet is not recommended because it is not secure). Traffic such as BPDUs, PagP, CDP, use the native VLAN and I would recommend setting that to something other than the default VLAN as well, but still seperate from your management VLAN.
Once that is done setup a simple access list on whatever device routes for the management VLAN so that only the computers you want to access those devices are permitted and all others are denied.
Hope to Help !!
Ganesh.H
By default, there is only a single VLAN for all ports. This VLAN is called default. You cannot rename or delete VLAN 1.
If you talk about a management VLAN is nothing more than a VLAN that is used for in-band management of your network switching devices. In order to configure this on a switch you need to create a Switch Virtual Interface (SVI) that is mapped to that VLAN and then assign that virtual interface an IP address. On a Cisco switch it would look like the following.
Interface Vlan99
ip address 192.168.1.1 255.255.255.0
no shut
I also want to make something very clear. Your management VLAN does not have to be the same as your Native VLAN. Matter of fact, it is good practice to make sure that they are different. Your management VLAN should only carry in-band management traffic and should not be the default VLAN. By in-band management traffic I am refering to SSH or telnet (although telnet is not recommended because it is not secure). Traffic such as BPDUs, PagP, CDP, use the native VLAN and I would recommend setting that to something other than the default VLAN as well, but still seperate from your management VLAN.
Once that is done setup a simple access list on whatever device routes for the management VLAN so that only the computers you want to access those devices are permitted and all others are denied.
Hope to Help !!
Ganesh.H
- ganeshh_iyer
Re: How to remove vlan 1 from exsisting network infrastructure?
by jon_marshall on Tue Feb 23, 2010 1:01 pm
Hi Ganesh
Just to clarify. CDP/VTP/PagP use vlan 1 not the native vlan. By default the native vlan is vlan 1 but if you change the native vlan then CDP/VTP/PagP will still use vlan 1 but the packets will be tagged.
As far as i know only DTP uses the native vlan so if you changed the native vlan then DTP would use the new vlan to send frames.
With PVST+ BPDUs obviously run on all vlans.
Jon
ganeshh_iyer wrote:Traffic such as BPDUs, PagP, CDP, use the native VLAN
Just to clarify. CDP/VTP/PagP use vlan 1 not the native vlan. By default the native vlan is vlan 1 but if you change the native vlan then CDP/VTP/PagP will still use vlan 1 but the packets will be tagged.
As far as i know only DTP uses the native vlan so if you changed the native vlan then DTP would use the new vlan to send frames.
With PVST+ BPDUs obviously run on all vlans.
Jon
- jon_marshall
Re: How to remove vlan 1 from exsisting network infrastructure?
by ganeshh_iyer on Tue Feb 23, 2010 1:02 pm
Hi Jon,
Thanx Jon for giving clear view and understanding !!
Ganesh.H
Thanx Jon for giving clear view and understanding !!
Ganesh.H
- ganeshh_iyer
5 posts • Page 1 of 1
Who is online
Users browsing this forum: No registered users and 2 guests