Hi Guys,
In the real world usually first thing we do is change the native vlan /
management vlan to something other than Vlan 1 and shut Vlan 1 interface on
all switches. Any other vlan for eg: 999 is picked up as both native vlan
and used for management. Access to this new Vlan is restricted using
Access-List.
As a CCIE you must understand the purpose of this interface and how it is
going to affect your overall topology. Things to know about Vlan 1 whether
you like it or not you can get rid of it (you cannot delete vlan 1) from any
switch and you gotta live with it but at the same time you can shut it or
remove any assigned ip address to it. Now whether the vlan 1 svi is shut or
not shut it is not going to change anything in the layer 2 topology so you
need not worry about breaking things at Layer 2. The only problem you might
be concerned is by having the vlan 1 interface and if it is used to be a
transit path on your layer 3 network it is going to hurt things. Basically
you need to work around how the l3 is setup and what all interfaces of
switch are being used for the same.
Pearson.
On Sat, Aug 1, 2009 at 1:02 AM, Joe Astorino <jastorino_at_ipexpert.com> wrote:
> In the real world, I would shut it down unless you are using VLAN 1 (which
> is not recommended). In the lab, I would not do a thing to it unless it is
> required. If you need to use VLAN 1 for layer 3 purposes then you need to
> make sure the SVI is up. Otherwise, just leave it alone. Curiosity killed
> the cat (well, and made a career out of networking for me lol)
>
> On Fri, Jul 31, 2009 at 1:26 PM, Anthony Sequeira <asequeira_at_ine.com>
> wrote:
>
> > I think we need to clarify on real world versus exam here.
> >
> > Real world - yes - we should move all ports out of this VLAN and not use
> > the default VLAN for anything.
> >
> > The exam - we need to do whatever the lab implicitly or explicitly asks
> us
> > to do. Not much more - and certainly nothing less!
> >
> > Warmest Regards,
> >
> > Anthony J. Sequeira, CCIE #15626
> > http://www.INE.com <http://www.ine.com/>
> >
> > Test your Core Knowledge today!
> > Q: For RIPng, you can only disable split-horizon ...
> > A: globally
> > More Info: http://www.ietf.org/rfc/rfc2080.txt
> >
> >
> >
> > On Jul 31, 2009, at 1:18 PM, John Pelletier wrote:
> >
> > Cisco recommends you shut it down for security/other reasons check out
> >> this
> >> whitepaper for more details.
> >>
> >>
> >>
> http://www.cisco.com/en/US/products/hw/switches/ps708/products_white_paper091
> >> 86a008013159f.shtml#wp39009
> >>
> >> --- On Fri, 7/31/09, Cisco Fanatic <ebay_products_at_hotmail.com> wrote:
> >>
> >>
> >> From: Cisco Fanatic <ebay_products_at_hotmail.com>
> >> Subject: VLAN 1 on switches
> >> To: ccielab_at_groupstudy.com
> >> Date: Friday, July 31, 2009, 12:41 PM
> >>
> >>
> >> All,
> >>
> >> This is a strange question .. not sure if it breaks or do anything. But,
> >> thought will just run by the group.
> >>
> >> Normally, I have seen 'interface vlan 1' sometimes in shutdown mode and
> >> sometime it is not. I don't pay much attention to vlan 1 interface
> unless
> >> the
> >> question is specifically looking for native vlan stuff etc.
> >>
> >> What is the best and safest policy when it comes to shut/no shut this
> >> interface. It does play a part in trunking so want to make sure should i
> >> leave
> >> it as it is or do no shut on the interface.
> >>
> >> !
> >> interface Vlan1
> >> no ip address
> >> shutdown
> >> !
> >>
> >> -Yuri
> >>
> >>
> >> _________________________________________________________________
> >> Windows Live Hotmail.: Search, add, and share the webs latest sports
> >> videos.
> >> Check it out.
> >>
> >>
> http://www.windowslive.com/Online/Hotmail/Campaign/QuickAdd?ocid=TXT_TAGLM_WL
> >> _QA_HM_sports_videos_072009&cat=sports
> >>
> >>
> >> Blogs and organic groups at http://www.ccie.net
> >>
> >> _______________________________________________________________________
> >> Subscription information may be found at:
> >> http://www.groupstudy.com/list/CCIELab.html
> >>
> >>
> >> Blogs and organic groups at http://www.ccie.net
> >>
> >> _______________________________________________________________________
> >> Subscription information may be found at:
> >> http://www.groupstudy.com/list/CCIELab.html
> >>
> >
> >
> > Blogs and organic groups at http://www.ccie.net
> >
> > _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
> >
> >
> >
> >
> >
> >
> >
> >
>
>
> --
> Regards,
>
> Joe Astorino - CCIE #24347 R&S
> Technical Instructor - IPexpert, Inc.
> Cell: +1.586.212.6107
> Fax: +1.810.454.0130
> Mailto: jastorino_at_ipexpert.com
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
Blogs and organic groups at http://www.ccie.net
Received on Sat Aug 01 2009 - 09:42:21 ART
This archive was generated by hypermail 2.2.0 : Tue Sep 01 2009 - 05:43:56 ART