Re: Managment VLAN 1

er.mandeep · ‎02-17-2006

Hi Everyone,

I m working with a leading ISP in India.The issue is that our engineering team has come up with the plan of migrating all management vlans for metro and other switches to vlan1.Presently we are using spearate vlans for management.Somethig like below.

Aggregation router#show runn inter gi0/2.137

Building configuration...

Current configuration : 250 bytes

!

interface GigabitEthernet0/2.137

description Connectivity for ABC

encapsulation dot1Q 137

ip address 203.154.26.97 255.255.255.240

ip policy route-map ABC

no cdp enable

end

Switch 1 end:(2950)

interface Vlan137

ip address 203.154.26.101 255.255.255.240

no ip route-cache

ip default-gateway 203.154.26.97

switch 2:(2950)

interface Vlan137

ip address 203.154.26.103 255.255.255.240

no ip route-cache

ip default-gateway 203.154.26.97

The router inter gi0/3 is connected to the trunk port on summit switch and a wireless device provides connectivity to the switch 1 and further another oen to switch 2.

The entire pasth is on layer 2.

Please suggest as to how can i migrate to mgmt vlan 1.

Can it be something like

inter gi0/2.1

encapsulation dot1q 1

ip addres

since 2950s dont support more thane one active mgmt vlan wat can be the best way of migration???

Roberto Salazar · ‎02-17-2006

This is a tricky proposition. Best way you mean without getting disconnected, right? Cause when you start to change the mgmt interface via telnet, you are risking of getting disconnected once the mgmt inteface is change. for example, you know that there can only be one active interface vlan on 2950 for mgmt purpose. If you are changing the interface vlan from vlan 237 to vlan 1, if they will have the same ip address, you'll have to shut down one of them. Let's say you are able to do that, then how will you bring up the other interface with getting disconnected? remember you are telneted in. the best way will be to console in when you make changes on the mgmt vlan. You'll probably have to walk to the switch anyway if you made the change via telnet. changing the mgmt vlan will not affect the switch's ability to switch packets.

er.mandeep · ‎02-17-2006

Thanks bosalaza ,

Say even if we arrange for the changes via console wat affect will mgmt vlan 1 have .wat i really need to know is that since all the ports of switches wud be in vlan 1 wont it allow braodcasts to pass along the trunks.

Moreover in the current setup that we have

rotuer---summit switch--2950 a---2950 b.

We have all trunks in between from router till 2950b.Wat i need to know is that at the rotuer end subinterface the config shud be like

encapsulation dot1q native 1 or encapsulation dot1q 1???

Again do i need to remove all the switch ports for summit and 2950s from vlan1.???

As far as i have read its not recommended to have vlan 1 for management.Hence the doubt

Roberto Salazar · ‎02-17-2006

Actually, what is recommended is not to have user traffic in mgmt vlan. If I understand you correctly, all you really want is to move the mgmt vlan of 2950 to vlan 1, right? and you do not want any port belonging to vlan 1 so no user can belong to vlan 1? if so then, yes you will need re-assigng the ports to another vlan. But if you do not care whether there are ports in vlan 1 then no need to remove them. If the purpose of removing the port from vlan 1 and moving the mgmt vlan is to make sure no user can be in the mgmt vlan, it will be eaiser to move the mgmt vlan to any vlan other than vlan 1 because all ports belong to vlan 1 by default.