09-06-2017 02:17 AM - edited 03-08-2019 11:56 AM
I am currently studying for ICND1. I just suddently got curious which VLAN do protocols use.
I guess my questions is pretty not worthy, but I desparately want to know. I tested some protocols I have learned on the Packet Tracer and figured out that CDP, VTP, PAgP somehow always use VLAN1 no matter VLAN1 is a native VLAN or blocked from the trunk port. DTP seems to always use the native VLAN. I googled about this and figured out that control and management protocols always use VLAN1. However, I don't think this is the right answer cuz according ARP and ICMP are considered as Control Plane protocol, but when I tested, they didn't always use VLAN1.
Solved! Go to Solution.
09-06-2017 02:29 AM - edited 09-06-2017 02:46 AM
Hi
The control protocols are sent using vlan 1 even when its shutdown thats why its recommenemded not to use vlan1 for production traffic as your mixing it with control traffic
Best practice shut vlan 1 down diss-allow from trunk and then only control traffic passes it and no transit traffic , if you shut it down and still allow on trunk as native vlan your susceptible still to attacks and flooding
1 if you want further classifcation of control protiocl you can use a feature called CoPP
2 CDP/PAGP/VTP are some of them
3 You can control ICMP in the control plane to rate limit if required to prevent issues , read below on ICMP https://learningnetwork.cisco.com/thread/81815
09-06-2017 02:29 AM - edited 09-06-2017 02:46 AM
Hi
The control protocols are sent using vlan 1 even when its shutdown thats why its recommenemded not to use vlan1 for production traffic as your mixing it with control traffic
Best practice shut vlan 1 down diss-allow from trunk and then only control traffic passes it and no transit traffic , if you shut it down and still allow on trunk as native vlan your susceptible still to attacks and flooding
1 if you want further classifcation of control protiocl you can use a feature called CoPP
2 CDP/PAGP/VTP are some of them
3 You can control ICMP in the control plane to rate limit if required to prevent issues , read below on ICMP https://learningnetwork.cisco.com/thread/81815
09-06-2017 07:25 AM
09-08-2017 11:23 AM - edited 09-08-2017 11:24 AM
My friend who has a CCNP Cert told me that it is possible to remove the VLAN 1 in CISCO SW. Is it true? I have been thought it is impossible to remove the VLAN 1.
09-08-2017 10:48 PM
No not possible as even when shutdown at l3 and no ports assigned it carries the control protocols
09-08-2017 10:59 PM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide