Switches, Hubs, and Modems
cancel
Showing results for 
Search instead for 
Did you mean: 

vlan'ing best practices

monodactylus
Occasional Contributor

vlan'ing best practices

Hello,

Just a quick question on what people feel is the best practice for vlan'ing in the HP world. Over in that other world (cisco) I've read some documentation that tagging all ports w/ vlans is considered the best practice even though almost no one does it. Is that the same feeling in the HP world? So that no untagged ports would ever be used?

Thanks,
Will
3 REPLIES
Mohammed Faiz
Honored Contributor

Re: vlan'ing best practices

Hi,

On switch interlinks I never have VLANs untagged. The main reason is because it avoids accidental VLAN "leaking" where, for example VLAN 1 is untagged on one switch but VLAN 2 is untagged on the other switch causing VLAN 1 to "leak" into VLAN 2.
Also there's no advantage to having VLANs untagged between switches so why do it?
Obviously access ports have to be untagged..
monodactylus
Occasional Contributor

Re: vlan'ing best practices

Hello,

If your network cards can tag the vlan right on the card, is there a reason why you wouldn't tagged the access ports also?

Thanks,
Will
Manfred M.
Advisor

Re: vlan'ing best practices

Hi!

I'm working in the HP and Cisco Network Business as well. I prefer the HP recommendations (and default settings). Clients on untagged ports will always work - no matter what OS or NIC technology. You should also consider, that a lot of server administrators still aren't aware of the possibility of using tagged ports on their NICs and Operating systems! I only use tagged ports on interswitch links and eventually on firewalls - and only the one I need (avoid traffic at the source). In an environment with IP telephony I'm setting the data vlan untagged and the voice vlan tagged.
If you plan to use GVRP read the HP Advanced Traffic Management Guide of the switch:
'To understand and use GVRP you must have a working knowledge of 802.1Q VLAN tagging' - that's very true...
Cisco always set's every VLAN tagged in a trunk unless you filter it - my opinion is, that it should be the opposite way around per default.

With regards
Manfred