Overclock.net › Forums › Software, Programming and Coding › Networking & Security › VLAN Trunk question?
New Posts  All Forums:Forum Nav:

VLAN Trunk question? - Page 2

post #11 of 19
If you want to use vlan 1 for management, just configure and IP address on vlan 1. You then make sure it is allowed on your trunked up links. You don't actually assign any of the access layer client ports to vlan 1. You could even use the IP address of vlan 2 as your management address if you wanted.
1090T
(13 items)
 
  
CPUMotherboardGraphicsRAM
1090T GA-890FXA-UD5 HIS 4670 G.SKILL ECO Series 4GB (1600) 
Hard DriveOSPowerCase
WD Black (Raid 0) Win 7 Home Premium x64 CORSAIR 850W COOLER MASTER Storm Sniper 
  hide details  
Reply
1090T
(13 items)
 
  
CPUMotherboardGraphicsRAM
1090T GA-890FXA-UD5 HIS 4670 G.SKILL ECO Series 4GB (1600) 
Hard DriveOSPowerCase
WD Black (Raid 0) Win 7 Home Premium x64 CORSAIR 850W COOLER MASTER Storm Sniper 
  hide details  
Reply
post #12 of 19
Quote:
Originally Posted by Tangoseal View Post

So a good practice would be to assign a port to vlan 1 (which all are defaulted) for management reasons, and every other port to VLAN 2 or whatever you want for access reasons?

If you wanted to keep it simple as possible yes. Also exactly what the guy above me said. But as i said a few posts up, for security reasons, it is recommended to not use anything in vlan 1 just because it is commonly known as the default. So putting the trunks in vlan 3 with the access devices in vlan 2 would be recommended, but you have the idea biggrin.gif
Skyship
(13 items)
 
  
CPUMotherboardGraphicsRAM
Phenom II 1090T BE ASUS Crosshair IV XFX 5770 OCZ AMD Edition  
Hard DriveOSMonitorKeyboard
Seagate Windows 7 Pro Sceptre 22" widescreen Saitek Eclipse 1 
PowerCaseMouseMouse Pad
XION 800w modular Cooler Master Storm Scout Razer DeathAdder Steel Series QCK 
  hide details  
Reply
Skyship
(13 items)
 
  
CPUMotherboardGraphicsRAM
Phenom II 1090T BE ASUS Crosshair IV XFX 5770 OCZ AMD Edition  
Hard DriveOSMonitorKeyboard
Seagate Windows 7 Pro Sceptre 22" widescreen Saitek Eclipse 1 
PowerCaseMouseMouse Pad
XION 800w modular Cooler Master Storm Scout Razer DeathAdder Steel Series QCK 
  hide details  
Reply
post #13 of 19
Quote:
Originally Posted by Tangoseal View Post

So a good practice would be to assign a port to vlan 1 (which all are defaulted) for management reasons, and every other port to VLAN 2 or whatever you want for access reasons?

No, best practice isn't to use VLAN 1. Also, go big. The vlan numbering is limited to like 1000?

At my work, we base it on our subnets, we use /22 subnets, so we start at vlan 4, 8, 12,16,20 ......ETC.

You can make 2 vlans, 100 and 200 or 100 and 101.

Don't think so small.
post #14 of 19
Thread Starter 
Quote:
Originally Posted by herkalurk View Post

No, best practice isn't to use VLAN 1. Also, go big. The vlan numbering is limited to like 1000?
At my work, we base it on our subnets, we use /22 subnets, so we start at vlan 4, 8, 12,16,20 ......ETC.
You can make 2 vlans, 100 and 200 or 100 and 101.
Don't think so small.

We'll I used 1 and 2 for simple descriptive ways. I know Cisco uses big numbers. I was keeping it simple stupid, KISS method.
6 Core Battle Box
(15 items)
 
  
CPUMotherboardGraphicsGraphics
Intel Core I7-3930K Asus Rampage IV Extreme Powercolor Radeon HD 6990 LCS Edition Diamond Radeon HD 6990 
RAMHard DriveHard DriveHard Drive
Corsair Vengeance Black DDR3-1600 32GB Samsung HD103SJ Crucial M4 60GB SSD Corsair Force3 120GB SSD 
CoolingOSMonitorKeyboard
Custom build water cooling loop Windows 7 Ultimate 64bit Asus Pro 24" Pro-IPS 16:10 x 3 in eyefinity Razer Black Widow Ultimate Cherry Blue switches 
PowerCaseMouse
Corsair AX-1200 GPU PSU and Antec True Power New Caselabs TH10 Razer Deathadder 1800dpi 
  hide details  
Reply
6 Core Battle Box
(15 items)
 
  
CPUMotherboardGraphicsGraphics
Intel Core I7-3930K Asus Rampage IV Extreme Powercolor Radeon HD 6990 LCS Edition Diamond Radeon HD 6990 
RAMHard DriveHard DriveHard Drive
Corsair Vengeance Black DDR3-1600 32GB Samsung HD103SJ Crucial M4 60GB SSD Corsair Force3 120GB SSD 
CoolingOSMonitorKeyboard
Custom build water cooling loop Windows 7 Ultimate 64bit Asus Pro 24" Pro-IPS 16:10 x 3 in eyefinity Razer Black Widow Ultimate Cherry Blue switches 
PowerCaseMouse
Corsair AX-1200 GPU PSU and Antec True Power New Caselabs TH10 Razer Deathadder 1800dpi 
  hide details  
Reply
post #15 of 19
Quote:
Originally Posted by herkalurk View Post

No, best practice isn't to use VLAN 1. Also, go big. The vlan numbering is limited to like 1000?
At my work, we base it on our subnets, we use /22 subnets, so we start at vlan 4, 8, 12,16,20 ......ETC.
You can make 2 vlans, 100 and 200 or 100 and 101.
Don't think so small.

I hope that /22 is a typo... That is 1022 hosts per subnet... I wouldn't even use a /23 unless I had no other choice...
1090T
(13 items)
 
  
CPUMotherboardGraphicsRAM
1090T GA-890FXA-UD5 HIS 4670 G.SKILL ECO Series 4GB (1600) 
Hard DriveOSPowerCase
WD Black (Raid 0) Win 7 Home Premium x64 CORSAIR 850W COOLER MASTER Storm Sniper 
  hide details  
Reply
1090T
(13 items)
 
  
CPUMotherboardGraphicsRAM
1090T GA-890FXA-UD5 HIS 4670 G.SKILL ECO Series 4GB (1600) 
Hard DriveOSPowerCase
WD Black (Raid 0) Win 7 Home Premium x64 CORSAIR 850W COOLER MASTER Storm Sniper 
  hide details  
Reply
post #16 of 19
Couple things..

  • Don't use Vlan1 for anything. VTP and DTP will always use Vlan1 even if the native VLAN configured as something else. You also can not prune Vlan1
  • Create and set a parking lot VLAN, shutdown all of the unused ports and move them all into the parking lot VLAN.
  • Set your Native Vlan to anything you want besides VLAN1, Helps prevent Vlan hopping attacks.
  • Configure your SVI management address on a management VLAN with no other traffic passing though. Your SVI will stop and listen to *all* broadcast and multicast traffic on it's subnet.. Just don't do it.
  • If you have the SVI on the same Vlan as your traffic, every port security setting but shutdown will not prevent attackers from telneting into the device, even if the port the Mac address shouldn't be allowed.

As with everything else - Just test things. You'll find more often then not, what you read about doesn't always stay true, there are always mitigating circumstances with almost all configurations that shouldn't let something happen, but does.. Epically with Cisco.. They are not bugs, just conditions..
My System
(13 items)
 
  
CPUMotherboardGraphicsRAM
Cisco Cisco Cisco Cisco 
  hide details  
Reply
My System
(13 items)
 
  
CPUMotherboardGraphicsRAM
Cisco Cisco Cisco Cisco 
  hide details  
Reply
post #17 of 19
Quote:
Originally Posted by Thorn-Blade View Post

I hope that /22 is a typo... That is 1022 hosts per subnet... I wouldn't even use a /23 unless I had no other choice...

It's not a typo, I work for a university that owns a /16.....

Actually my guest wireless network is a /20. During the normal operation, it peaks at about 1200 users with a 30 minute dhcp lease.
post #18 of 19
Thread Starter 
Quote:
Originally Posted by herkalurk View Post

It's not a typo, I work for a university that owns a /16.....
Actually my guest wireless network is a /20. During the normal operation, it peaks at about 1200 users with a 30 minute dhcp lease.

Yeah with a big giant college like that I can see the need for a less than /23 subnet.

I use a /16 at my home. Why? I have no idea why. I just do. I guess I really do not need 65534 wireless clients on my network hahaha!
6 Core Battle Box
(15 items)
 
  
CPUMotherboardGraphicsGraphics
Intel Core I7-3930K Asus Rampage IV Extreme Powercolor Radeon HD 6990 LCS Edition Diamond Radeon HD 6990 
RAMHard DriveHard DriveHard Drive
Corsair Vengeance Black DDR3-1600 32GB Samsung HD103SJ Crucial M4 60GB SSD Corsair Force3 120GB SSD 
CoolingOSMonitorKeyboard
Custom build water cooling loop Windows 7 Ultimate 64bit Asus Pro 24" Pro-IPS 16:10 x 3 in eyefinity Razer Black Widow Ultimate Cherry Blue switches 
PowerCaseMouse
Corsair AX-1200 GPU PSU and Antec True Power New Caselabs TH10 Razer Deathadder 1800dpi 
  hide details  
Reply
6 Core Battle Box
(15 items)
 
  
CPUMotherboardGraphicsGraphics
Intel Core I7-3930K Asus Rampage IV Extreme Powercolor Radeon HD 6990 LCS Edition Diamond Radeon HD 6990 
RAMHard DriveHard DriveHard Drive
Corsair Vengeance Black DDR3-1600 32GB Samsung HD103SJ Crucial M4 60GB SSD Corsair Force3 120GB SSD 
CoolingOSMonitorKeyboard
Custom build water cooling loop Windows 7 Ultimate 64bit Asus Pro 24" Pro-IPS 16:10 x 3 in eyefinity Razer Black Widow Ultimate Cherry Blue switches 
PowerCaseMouse
Corsair AX-1200 GPU PSU and Antec True Power New Caselabs TH10 Razer Deathadder 1800dpi 
  hide details  
Reply
post #19 of 19
Thread Starter 
Quote:
Originally Posted by Tangoseal View Post

Yeah with a big giant college like that I can see the need for a less than /23 subnet.
I use a /16 at my home. I left it that way from studying more advanced networking. I guess I really do not need 65534 wireless clients on my network hahaha!

I guess I will change it a /23 later sometime.
6 Core Battle Box
(15 items)
 
  
CPUMotherboardGraphicsGraphics
Intel Core I7-3930K Asus Rampage IV Extreme Powercolor Radeon HD 6990 LCS Edition Diamond Radeon HD 6990 
RAMHard DriveHard DriveHard Drive
Corsair Vengeance Black DDR3-1600 32GB Samsung HD103SJ Crucial M4 60GB SSD Corsair Force3 120GB SSD 
CoolingOSMonitorKeyboard
Custom build water cooling loop Windows 7 Ultimate 64bit Asus Pro 24" Pro-IPS 16:10 x 3 in eyefinity Razer Black Widow Ultimate Cherry Blue switches 
PowerCaseMouse
Corsair AX-1200 GPU PSU and Antec True Power New Caselabs TH10 Razer Deathadder 1800dpi 
  hide details  
Reply
6 Core Battle Box
(15 items)
 
  
CPUMotherboardGraphicsGraphics
Intel Core I7-3930K Asus Rampage IV Extreme Powercolor Radeon HD 6990 LCS Edition Diamond Radeon HD 6990 
RAMHard DriveHard DriveHard Drive
Corsair Vengeance Black DDR3-1600 32GB Samsung HD103SJ Crucial M4 60GB SSD Corsair Force3 120GB SSD 
CoolingOSMonitorKeyboard
Custom build water cooling loop Windows 7 Ultimate 64bit Asus Pro 24" Pro-IPS 16:10 x 3 in eyefinity Razer Black Widow Ultimate Cherry Blue switches 
PowerCaseMouse
Corsair AX-1200 GPU PSU and Antec True Power New Caselabs TH10 Razer Deathadder 1800dpi 
  hide details  
Reply
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Networking & Security
Overclock.net › Forums › Software, Programming and Coding › Networking & Security › VLAN Trunk question?