Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
760
Views
10
Helpful
5
Replies

VLAN vs Control/Mangement/Data Protocols

Go to solution
169.254.X.Y
Level 1
Level 1

‎09-06-2017 02:17 AM - edited ‎03-08-2019 11:56 AM

I am currently studying for ICND1. I just suddently got curious which VLAN do protocols use. 

 

I guess my questions is pretty not worthy, but I desparately want to know. I tested some protocols I have learned on the Packet Tracer and figured out that CDP, VTP, PAgP somehow always use VLAN1 no matter VLAN1 is a native VLAN or blocked from the trunk port. DTP seems to always use the native VLAN. I googled about this and figured out that control and management protocols always use VLAN1. However, I don't think this is the right answer cuz according  ARP and ICMP are considered as Control Plane protocol, but when I tested, they didn't always use VLAN1. 

 

 

 

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Mark Malone
VIP Alumni
VIP Alumni

‎09-06-2017 02:29 AM - edited ‎09-06-2017 02:46 AM

Hi

The control protocols are sent using vlan 1 even when its shutdown thats why its recommenemded not to use vlan1 for production traffic as your mixing it with control traffic

Best practice shut vlan 1 down diss-allow from trunk and then only control traffic passes it and no transit traffic , if you shut it down and still allow on trunk as native vlan your susceptible still to attacks and flooding

 

1 if you want further classifcation of control protiocl you can use a feature called CoPP

2 CDP/PAGP/VTP are some of them

3 You can control ICMP in the control plane to rate limit if required to prevent issues   , read below on ICMP https://learningnetwork.cisco.com/thread/81815

View solution in original post

5 Replies 5

Go to solution
Mark Malone
VIP Alumni
VIP Alumni

‎09-06-2017 02:29 AM - edited ‎09-06-2017 02:46 AM

Hi

The control protocols are sent using vlan 1 even when its shutdown thats why its recommenemded not to use vlan1 for production traffic as your mixing it with control traffic

Best practice shut vlan 1 down diss-allow from trunk and then only control traffic passes it and no transit traffic , if you shut it down and still allow on trunk as native vlan your susceptible still to attacks and flooding

 

1 if you want further classifcation of control protiocl you can use a feature called CoPP

2 CDP/PAGP/VTP are some of them

3 You can control ICMP in the control plane to rate limit if required to prevent issues   , read below on ICMP https://learningnetwork.cisco.com/thread/81815

Go to solution
169.254.X.Y
Level 1
Level 1
In response to Mark Malone

‎09-06-2017 07:25 AM

Thank you very much :)
0 Helpful

Go to solution
169.254.X.Y
Level 1
Level 1
In response to Mark Malone

‎09-08-2017 11:23 AM - edited ‎09-08-2017 11:24 AM

My friend who has a CCNP Cert told me that it is possible to remove the VLAN 1 in CISCO SW. Is it true? I have been thought it is impossible to remove the VLAN 1.

0 Helpful

Go to solution
Mark Malone
VIP Alumni
VIP Alumni
In response to 169.254.X.Y

‎09-08-2017 10:48 PM

No not possible as even when shutdown at l3 and no ports assigned it carries the control protocols

Go to solution
169.254.X.Y
Level 1
Level 1
In response to Mark Malone

‎09-08-2017 10:59 PM

Thank you very much :)
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card