03-14-2018 03:18 PM - edited 03-08-2019 02:15 PM
I see a lot of switches configures with vlans & interfaces without IP addresses eg vlan 500 & int vlan 500
Now it may be a silly question (as I've never thought to ask it) but is there any need to have these interfaces on there rather than just have the vlan by itself?
Does having an unassigned interface waste resources or offer less security?
03-14-2018 03:26 PM
Hello,
each VLAN interface (SVI) uses an IDB (Interface Descriptor Block), and each IDB uses memory. How many do you have ? I can imagine someone putting them in the config to quickly see which VLANs are present.
03-14-2018 11:07 PM
Hi Georg,
I would guess you are 100% right with your assessment. There are multiple sites each with 6 vlans, an interface to match each vlan but only one interface (for management) with an IP address.
It's a tidy setup but the part I'm wondering about (and never asked) is..... is there any point? Is it good practice or pointless? Does it unnecessarily open any security issue eg less secure?
It's not doing any harm at the moment apart from adding some lines to the config....
03-15-2018 03:21 AM
03-15-2018 03:48 PM
So, with the above in mind, should I look to remove the unassigned interfaces. They certainly ain't doing anything apart from mirroring the vlan setup.
03-16-2018 04:18 AM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide