Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

native vlan on 3560x

Posted on 2012-08-24
2
Medium Priority
?
742 Views
Last Modified: 2012-09-08
My setup: Router<--trunk-->3560X<-->Avaya phone<-->PC
vlan 20 (data)
vlan 30 (voice)
vlan 1 (native vlan)

I'd like to stay away from vlan 1 and make vlan 200 my management vlan. But I am not sure if it is working correctly as far as best practice is concerned.

When I changed the management interface vlan id to 200 (see attached), vlan 200 becomes management and native. Two statements switchport access vlan 200 &  switchport trunk native vlan 200 were added to all of my interfaces. I then removed them all because my ports are reserved for vlan 20 and vlan 30.

So traffic like cdp, vtp, and PAgP will then be placed in vlan 200. Correct?

Cisco recommends to remove vlan 200 from the trunk. How will this work in my scenario?

Can I have vlan 1 as native and vlan 200 as the management vlan? If yes then 3560X won't allow me to do that.

Thanks
tmp.jpg
0
Comment
Question by:biggynet
2 Comments
 
LVL 50

Accepted Solution

by:
Don Johnston earned 1000 total points
ID: 38332443
If you're going from the switch to the a phone, you will only have to VLANs. The native VLAN (which will be the data VLAN) and the voice VLAN.

VTP, CDP, etc are always carried on VLAN 1.
0
 
LVL 4

Assisted Solution

by:TI2Heaven
TI2Heaven earned 1000 total points
ID: 38332709
The only security concern is to secure the physical port. IF you really want to secure the management of the switch you should connect to the switch port seen physically the switch (one vlan for just that port), ask the switch to encrypt the management connection, or let the firewall be a proxy to manage the switch (the firewall and the switch must be in the same room, and the room must be locked, vlan for just that port connection).
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Originally, this post was published on Monitis Blog, you can check it here . It goes without saying that technology has transformed society and the very nature of how we live, work, and communicate in ways that would’ve been incomprehensible 5 ye…
This article explains the fundamentals of industrial networking which ultimately is the backbone network which is providing communications for process devices like robots and other not so interesting stuff.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…

564 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question