- Community Home
- >
- Networking
- >
- Legacy
- >
- Switches, Hubs, Modems
- >
- Re: Procurve Management & untagged default VLAN
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-06-2010 07:05 AM
тАО01-06-2010 07:05 AM
I will soon be implementing some new VLANs and wanted to have someone sanity check my thinking.
I want to introduce a Management VLAN, say VLAN101, that all of the IP addresses that I will put on my switches can live on. In order to make my life easier in the future I've read that I should really make this the untagged VLAN on any dot1q uplinks back to the core.
So I guess my question is, am I right in thinking that all I have to do on the uplinks between switches is change the untagged VLAN1 at each end to tagged and make sure that VLAN101 is added as untagged on the interfaces or trunk-groups at each end?
Many thanks
Ian
## ---------------------------------------------------------------------------##
Which is the only cheese that is made backwards?
Edam!
Tweets: @2techie4me
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-06-2010 07:57 AM
тАО01-06-2010 07:57 AM
SolutionI have never heard that the management VLAN should be untagged on the uplinks. Basically there is no need to untag the management VLAN. Independant of the tagging state all other mangement traffic (like LLDP, STP, ..) will work.
My best practice rules:
1) Keep VLAN 1 untagged, no user traffic in this, all unused port in VLAN 1
2) All other VLANs tagged
3) Dedicated VLAN for management (VLAN ID >1)
Cheers,
Michael
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-06-2010 08:07 AM
тАО01-06-2010 08:07 AM
Re: Procurve Management & untagged default VLAN
Thanks for that. I'll plan for the MGMT VLAN to be tagged and I'll move the used ports off VLAN 1 so that the default only has unused ports in it.
Cheers
Ian
## ---------------------------------------------------------------------------##
Which is the only cheese that is made backwards?
Edam!
Tweets: @2techie4me
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-06-2010 10:55 PM
тАО01-06-2010 10:55 PM
Re: Procurve Management & untagged default VLAN
management-vlan VLAN-ID
that way vlan 1 will not be the management vlan and the other vlan will take the role
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-07-2010 01:35 PM
тАО01-07-2010 01:35 PM
Re: Procurve Management & untagged default VLAN
Made a load of new VLANs, trunks & trunk groups and connected up the new Vsphere servers so feeling a bit more at home on the Procurve now.
Cheers for your help.
Ian
## ---------------------------------------------------------------------------##
Which is the only cheese that is made backwards?
Edam!
Tweets: @2techie4me
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-07-2010 01:46 PM
тАО01-07-2010 01:46 PM
Re: Procurve Management & untagged default VLAN
indeed: If you use the command "management-vlan
1) it is not possible to access the switch from any other VLAN.
2) It is also forbidden to route between the MGMT-VLAN to any other VLAN.
3) All other IP addresses on the switch except the IP address of the MGMT-VLAN are not accessible anymore.
So I recommend to define a dedicated VLAN for management IP addresses of the switch but not to use the command because it is very restrictive.
For the weekend I recommend the following reading ;-)
http://www.procurve.com/docs/rnd/pdfs/Hardening_ProCurve_Switches_White_Paper.pdf
Cheers,
Michael
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-07-2010 02:09 PM
тАО01-07-2010 02:09 PM
Re: Procurve Management & untagged default VLAN
Back on Cisco's tomorrow with a stack of 3750's and a brace of ASA's to start looking at.
Cheers
Ian
## ---------------------------------------------------------------------------##
Which is the only cheese that is made backwards?
Edam!
Tweets: @2techie4me
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-07-2010 02:14 PM
тАО01-07-2010 02:14 PM
Re: Procurve Management & untagged default VLAN
## ---------------------------------------------------------------------------##
Which is the only cheese that is made backwards?
Edam!
Tweets: @2techie4me