Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
248
Views
0
Helpful
0
Replies

Meraki Maintenance VLAN Clarification

AsheHerrick
Level 1
Level 1

‎08-14-2023 10:11 AM

Hello Everyone!

I'm very new to networking, although I've been addicted to learning more ever since I started working in the field. I've been securing my network to the best of my ability between a combination of youtube, CCNA books, reddit, Meraki support, and the Meraki Best Practices article, but I had some questions I've been struggling to find answers to and hoped someone here would be able to clarify.

I've recently changed my maintenance VLAN from it's native setting to something else for security and I had done it due to reading it was a Cisco Best Security practice. Upon delving deeper into trying to understand why it was a best practice, I learned it was because the maintenance VLAN contains information pertaining to DTP, STP, SVI, VTP, and BPDU. Therefore, if a threat actor were to gain access to monitoring that VLAN they could gain information pertaining to critical points in your network. However, I'm learning Meraki is different from regular Cisco.

I understand DTP, but learned Meraki doesn't have it. I'm less clear on SVI, VTP, and BPDU. When reading more about these protocols, I understood SVI to be another word for a L3 switch, but what confuses me is why I've read some people telling others to disable SVI on VLAN 1. I'm assuming this isn't something you can do in Meraki? From what I understand, you need to configure each VLAN on a switch for SVI so that the switch can route across other switches that are configured with SVI in order for them to speak to each other?

VTP is a little confusing. I understand it to be L2 for creation and deletion of VLANs and maintaining network-wide VLAN knowledge amongst everything? Does that mean it's responsible for passing information along about the MAC addresses within a VLAN while SVI is passing around information pertaining to how to find those VLANs via IP on the network, then relying on VTP to handle the rest of the mapping?

Last, but not least BPDU. Is it supposed to be the 1st line of defense for data looping inside it's own network, meaning it's L2? Then if it fails, STP/RSTP is there to ensure there's no looping on a L3 layer?

Also, exactly what information is encapsulated in Meraki's maintenance VLAN? Cisco defines management VLAN as what you use to remotely manage, control, and monitor devices in your network (but isn't that equivalent to Meraki's SD-WAN?) and states that users outside the management VLAN shouldn't have access to remote management, but with SD-WAN you're logging into an HTTPS portal, so technically speaking that means there's no way to secure this aside from account MFA, right?

Thank you in advance for taking the time to read and respond! I'm really interested in learning as much as I can and appreciate any knowledge anyone can offer.

Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card