10-05-2009 08:00 AM - edited 03-06-2019 08:00 AM
How does one assign a network management traffic (rip, BPDUs, CDP, etc.) to a VLAN? I know to assign a computer to a VLAN, you simply add the port in that VLAN, but what I do not understand is adding network traffic to VLAN when they do not have ports. I have read countless documentations about uses of VLANs, and it was mentioned in several of the documentations that you can separate network management traffic by putting them in VLANs.
Any help will be appreciated.
10-05-2009 08:39 AM
Hi,
By default control traffic protocols like CDP, BPDU, VTP, PAGP, etc use VLAN 1, even when this VLAN is cleared from the trunk. But no user traffic is send using VLAN 1
HTH
Reza
http://www.cisco.com/en/US/tech/tk389/tk689/technologies_tech_note09186a0080890613.shtml#topic13
10-05-2009 11:46 AM
Hello Morris,
in practice
1 vlan <=> 1 IP subnet
in modern designs
having separate Vlans for management provides:
more security you can avoid users to be able to access network devices
a chance to connect to devices when troubles affect client vlans.
>> but what I do not understand is adding network traffic to VLAN when they do not have ports
a trunk port is a member of all vlans that are permitted over it so you don't need access ports on a device to have it to take part in a vlan.
Access ports can be on access layer switches for client vlans.
Hope to help
Giuseppe
10-05-2009 12:03 PM
say, you no longer want your management vlan to be VLAN1, so you create VLAN25 for just management traffic, how to you assign the triffic to that VLAN? i know fow a trunk you can just allowed the traffic with this command ==switchport trunk allowed vlan add 5,6,2==. but how do you do this without the trunk?
10-05-2009 12:07 PM
Depends what you mean by management traffic. If you mean the vlan used to remotely login to switches to adminster them just make sure that no user end devices are allocated into that vlan ie. only switches should be allocated IP addresses from this vlan.
As for CDP, PagP, VTP, well these will still be sent on vlan 1 and you can't change this but what you can do is make sure that no devices are allocated into vlan 1 so no device anywhere is allocated an IP address from vlan 1 subnet.
Jon
10-05-2009 12:09 PM
Hello Morris,
the idea is to use
Vlan 25 just for management ip addresses of switches and routers.
other vlans 30, 35, and so on for client vlans.
L2 trunks are the best solution for interconnecting switches
the alternative is to use access ports = 1 link for each vlan and it is not scalable at all.
Hope to help
Giuseppe
10-05-2009 12:13 PM
thanks everybody, i think i got it know.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide