|
||||||||
Le 2010-11-12 15:30, Jon Reynolds a écrit : > Good info Guy. One thing to watch out for is using a vlan id of 1. > Some switches use this as their management vlan id. >> >> Jon > > Sorry Guy, I meant for this to go to the list and not directly to you. > > Jon Good to point that out Jon, i forgot to mention the "special aspect" of the VLAN 1. That's why i called it "Management", i may have been misleading because i was meaning for telecom infrastructure management. For those who don't know, VLAN 1 is a special one. Citing Cisco: "All switchports must be members of a VLAN, and, by default, it is VLAN 1. Because VLAN 1 was selected as the default VLAN for all switchports, it was also chosen to handle special traffic such as VLAN Trunking Protocol (VTP) advertisements, CDP, Port Aggregation Protocol (PAgP), or Link Aggregation Control Protocol messages (LACP). By default, in-band management interfaces such as sc0 are members of VLAN 1." "Over the years, a common scenario involving VLAN 1 and the management interface developed. In this scenario, administrators assigned an IP address to sc0, left it in VLAN 1, and created other VLANs for all user traffic. All ports not changed or enabled remain in VLAN 1. Trunked ports between switches are created to connect VLANs, and, by default, all VLANs (1-1005 or 1-4096 depending on trunk type and switch software version) are allowed across a trunk. Because each switch will have a management interface, likely sc0, this can result in VLAN 1 spanning the entire switched network. Remember that IEEE spanning tree only allows seven switch hops between end stations, and many times large networks that allow all VLANs to be trunked can approach or exceed the limit, especially for VLAN 1. When a spanning tree exceeds seven switch hops, the spanning-tree topology can become unpredictable during a topology change and reconvergence can be slow if the spanning tree reconverges at all. A few different options should be considered to alleviate this problem. The first option is to use a different VLAN other than VLAN 1 for the management interfaces in the network. As of Catalyst OS version 5.4(1) and later, VLAN 1 can be cleared from both Inter-Switch Link (ISL) Protocol and 802.1q trunks, thus removing VLAN 1 from the spanning-tree topology on those trunks. Simply substituting a different VLAN number does not alleviate the problem of new VLAN spanning the switched network and potentially exceeding the allowed number of hops. To avoid the problem, either multiple VLANs must be dedicated to network management or the management interfaces must be placed in multiple VLANs along with user traffic. Either way, the management interfaces must be reachable by the network management stations. In the configuration examples later in this chapter, the sc0 interface is placed in a user VLAN along with other ports. " http://www.ciscopress.com/articles/article.asp?p=358549 Thanks again Jon for pointing that out. Guy -- Guy Boisvert, ing. IngTegration inc. http://www.ingtegration.com AVIS DE CONFIDENTIALITÉ : ce message peut contenir des renseignements confidentiels appartenant exclusivement à IngTegration Inc. ou à ses filiales. Si vous n'êtes pas le destinataire indiqué ou prévu dans ce message (ou responsable de livrer ce message à la personne indiquée ou prévue) ou si vous pensez que ce message vous a été adressé par erreur, vous ne pouvez pas utiliser ou reproduire ce message, ni le livrer à quelqu'un d'autre. Dans ce cas, vous devez le détruire et vous êtes prié d'avertir l'expéditeur en répondant au courriel. CONFIDENTIALITY NOTICE : Proprietary/Confidential Information belonging to IngTegration Inc. and its affiliates may be contained in this message. If you are not a recipient indicated or intended in this message (or responsible for delivery of this message to such person), or you think for any reason that this message may have been addressed to you in error, you may not use or copy or deliver this message to anyone else. In such case, you should destroy this message and are asked to notify the sender by reply email. |