HPE Community
Switches, Hubs, and Modems
1753595 Members
6428 Online
108796 Solutions
New Discussion юеВ

Procurve Management & untagged default VLAN

 
SOLVED
Go to solution
Ian Vaughan
Honored Contributor

тАО01-06-2010 07:05 AM

тАО01-06-2010 07:05 AM

Procurve Management & untagged default VLAN

Hi,
I will soon be implementing some new VLANs and wanted to have someone sanity check my thinking.
I want to introduce a Management VLAN, say VLAN101, that all of the IP addresses that I will put on my switches can live on. In order to make my life easier in the future I've read that I should really make this the untagged VLAN on any dot1q uplinks back to the core.

So I guess my question is, am I right in thinking that all I have to do on the uplinks between switches is change the untagged VLAN1 at each end to tagged and make sure that VLAN101 is added as untagged on the interfaces or trunk-groups at each end?

Many thanks
Ian
Hope that helps - please click "Thumbs up" for Kudos if it does
## ---------------------------------------------------------------------------##
Which is the only cheese that is made backwards?
Edam!
Tweets: @2techie4me
0 Kudos
7 REPLIES 7
Michael_Breuer
Esteemed Contributor

тАО01-06-2010 07:57 AM

тАО01-06-2010 07:57 AM

Solution

Re: Procurve Management & untagged default VLAN

Hi Ian,

I have never heard that the management VLAN should be untagged on the uplinks. Basically there is no need to untag the management VLAN. Independant of the tagging state all other mangement traffic (like LLDP, STP, ..) will work.

My best practice rules:
1) Keep VLAN 1 untagged, no user traffic in this, all unused port in VLAN 1
2) All other VLANs tagged
3) Dedicated VLAN for management (VLAN ID >1)

Cheers,

Michael
Ingentive Networks GmbH
0 Kudos
Ian Vaughan
Honored Contributor

тАО01-06-2010 08:07 AM

тАО01-06-2010 08:07 AM

Re: Procurve Management & untagged default VLAN

OK,
Thanks for that. I'll plan for the MGMT VLAN to be tagged and I'll move the used ports off VLAN 1 so that the default only has unused ports in it.

Cheers
Ian
Hope that helps - please click "Thumbs up" for Kudos if it does
## ---------------------------------------------------------------------------##
Which is the only cheese that is made backwards?
Edam!
Tweets: @2techie4me
0 Kudos
Shadow13
Respected Contributor

тАО01-06-2010 10:55 PM

тАО01-06-2010 10:55 PM

Re: Procurve Management & untagged default VLAN

you can make anyother vlan as management vlan by issuing the command
management-vlan VLAN-ID

that way vlan 1 will not be the management vlan and the other vlan will take the role
0 Kudos
Ian Vaughan
Honored Contributor

тАО01-07-2010 01:35 PM

тАО01-07-2010 01:35 PM

Re: Procurve Management & untagged default VLAN

I wasn't entirely sure what to do with the "official" management-vlan so I just left it as it was. I thought that it might stop us getting onto the switch remotely from our desktops on another vlan and didn't have time to test so erred on the side of caution.

Made a load of new VLANs, trunks & trunk groups and connected up the new Vsphere servers so feeling a bit more at home on the Procurve now.

Cheers for your help.
Ian
Hope that helps - please click "Thumbs up" for Kudos if it does
## ---------------------------------------------------------------------------##
Which is the only cheese that is made backwards?
Edam!
Tweets: @2techie4me
0 Kudos
Michael_Breuer
Esteemed Contributor

тАО01-07-2010 01:46 PM

тАО01-07-2010 01:46 PM

Re: Procurve Management & untagged default VLAN

Hi Ian,

indeed: If you use the command "management-vlan " the switch will behave in the followin manner:
1) it is not possible to access the switch from any other VLAN.
2) It is also forbidden to route between the MGMT-VLAN to any other VLAN.
3) All other IP addresses on the switch except the IP address of the MGMT-VLAN are not accessible anymore.

So I recommend to define a dedicated VLAN for management IP addresses of the switch but not to use the command because it is very restrictive.

For the weekend I recommend the following reading ;-)
http://www.procurve.com/docs/rnd/pdfs/Hardening_ProCurve_Switches_White_Paper.pdf

Cheers,

Michael
Ingentive Networks GmbH
0 Kudos
Ian Vaughan
Honored Contributor

тАО01-07-2010 02:09 PM

тАО01-07-2010 02:09 PM

Re: Procurve Management & untagged default VLAN

Many thanks for the doc I'll take a look when I get chance.
Back on Cisco's tomorrow with a stack of 3750's and a brace of ASA's to start looking at.
Cheers
Ian
Hope that helps - please click "Thumbs up" for Kudos if it does
## ---------------------------------------------------------------------------##
Which is the only cheese that is made backwards?
Edam!
Tweets: @2techie4me
0 Kudos
Ian Vaughan
Honored Contributor

тАО01-07-2010 02:14 PM

тАО01-07-2010 02:14 PM

Re: Procurve Management & untagged default VLAN

Problem solved - thanks to the guys above
Hope that helps - please click "Thumbs up" for Kudos if it does
## ---------------------------------------------------------------------------##
Which is the only cheese that is made backwards?
Edam!
Tweets: @2techie4me
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.