Le 2010-11-12 15:30, Jon Reynolds a écrit :
> Good info Guy. One thing to watch out for is using a vlan id of 1.
> Some switches use this as their management vlan id.
> Sorry Guy, I meant for this to go to the list and not directly to you.
Good to point that out Jon, i forgot to mention the "special aspect" of
the VLAN 1. That's why i called it "Management", i may have been
misleading because i was meaning for telecom infrastructure management.
For those who don't know, VLAN 1 is a special one. Citing Cisco:
"All switchports must be members of a VLAN, and, by default, it is VLAN
1. Because VLAN 1 was selected as the default VLAN for all switchports,
it was also chosen to handle special traffic such as VLAN Trunking
Protocol (VTP) advertisements, CDP, Port Aggregation Protocol (PAgP), or
Link Aggregation Control Protocol messages (LACP). By default, in-band
management interfaces such as sc0 are members of VLAN 1."
"Over the years, a common scenario involving VLAN 1 and the management
interface developed. In this scenario, administrators assigned an IP
address to sc0, left it in VLAN 1, and created other VLANs for all user
traffic. All ports not changed or enabled remain in VLAN 1. Trunked
ports between switches are created to connect VLANs, and, by default,
all VLANs (1-1005 or 1-4096 depending on trunk type and switch software
version) are allowed across a trunk. Because each switch will have a
management interface, likely sc0, this can result in VLAN 1 spanning the
entire switched network. Remember that IEEE spanning tree only allows
seven switch hops between end stations, and many times large networks
that allow all VLANs to be trunked can approach or exceed the limit,
especially for VLAN 1. When a spanning tree exceeds seven switch hops,
the spanning-tree topology can become unpredictable during a topology
change and reconvergence can be slow if the spanning tree reconverges at
all. A few different options should be considered to alleviate this
problem. The first option is to use a different VLAN other than VLAN 1
for the management interfaces in the network. As of Catalyst OS version
5.4(1) and later, VLAN 1 can be cleared from both Inter-Switch Link
(ISL) Protocol and 802.1q trunks, thus removing VLAN 1 from the
spanning-tree topology on those trunks. Simply substituting a different
VLAN number does not alleviate the problem of new VLAN spanning the
switched network and potentially exceeding the allowed number of hops.
To avoid the problem, either multiple VLANs must be dedicated to network
management or the management interfaces must be placed in multiple VLANs
along with user traffic. Either way, the management interfaces must be
reachable by the network management stations. In the configuration
examples later in this chapter, the sc0 interface is placed in a user
VLAN along with other ports. "
Thanks again Jon for pointing that out.
Guy Boisvert, ing.
AVIS DE CONFIDENTIALITÉ : ce message peut contenir des
renseignements confidentiels appartenant exclusivement à
IngTegration Inc. ou à ses filiales. Si vous n'êtes pas
le destinataire indiqué ou prévu dans ce message (ou
responsable de livrer ce message à la personne indiquée ou
prévue) ou si vous pensez que ce message vous a été adressé
par erreur, vous ne pouvez pas utiliser ou reproduire ce
message, ni le livrer à quelqu'un d'autre. Dans ce cas, vous
devez le détruire et vous êtes prié d'avertir l'expéditeur
en répondant au courriel.
CONFIDENTIALITY NOTICE : Proprietary/Confidential Information
belonging to IngTegration Inc. and its affiliates may be
contained in this message. If you are not a recipient
indicated or intended in this message (or responsible for
delivery of this message to such person), or you think for
any reason that this message may have been addressed to you
in error, you may not use or copy or deliver this message to
anyone else. In such case, you should destroy this message
and are asked to notify the sender by reply email.