HPE Community
HPE Aruba Networking & ProVision-based
1820038 Members
3080 Online
109608 Solutions
New Discussion

Default VLAN & Primary VLAN

 
summitville
Visitor

‎06-26-2015 08:36 AM

‎06-26-2015 08:36 AM

Default VLAN & Primary VLAN

  We have two HP 2620 Switches configured as follows:  "Voice VLAN 10" and "Data VLAN 40".  I am not knowingly using "Default VLAN 1" for anything. The VOIP  VLAN is only in the main HP 2620 Switch #1 and is working well.  There is a "Switch Port - to - Switch Port" connection between the main HP 2620 Switch #1 and the secondary HP 2620 Switch #2. Switch #1 is routing to a Metro-Ethernet connection and Switch #2 is not routing. Both switches have Static IP Addresses and Static Default Gateways.

 

 My first set of questions are ...

 

1) Should I leave the Primary LAN as the "Default LAN 1" or change to "Data LAN 40" ? 

     I cannot find any information as to WHY I should or should not change the Primary LAN setting.

 

2) Do I need to assign a static IP Address to the "Default  VLAN 1" in each HP 2620 Switch ?

    What information, if any, is processed by the "Default VLAN 1" ?

 

 3) Do I need to pass the "Default VLAN 1" packets between the two switch-to-switch ports ?

 

Thank You,

Summitville

0 Kudos
1 REPLY 1
Vince-Whirlwind
Honored Contributor

‎06-28-2015 04:46 PM

‎06-28-2015 04:46 PM

Re: Default VLAN & Primary VLAN

Which VLAN's subnet are you using to address your switches?

 

1/ I usually make the Primary VLAN the same as the "Management" VLAN, which is the VLAN the switch has its IP address in.

 

2/ Switch #1: No, you don't need an address on VLAN1 if you are not using it for routing.

Switch #2: No, this is a layer2 switch, you should not have any other IP addresses on this switch except its management VLAN IP address.

 

3/ If I'm setting up a new network, I remove VLAN1 from all switch-switch links. If I'm working on an existing network, and they've left VLAN1 on links, I remove it if it's convenient, but I'm not massively paranoid about it.

Your basic security best-practice for switch-switch links:

 - no untagged VLAN, or, if you must have one, use an untagged VLAN that exists nowhere else in your network.

 - no VLAN1

0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.