Actually in my network i hav 5 vlan and vlan 1 is native vlan whenever i use 'sh spanning-tree' command it shows me the root bridge it means that stp is already configured in my network
but as per ur explanation if i disable vlan 1 and define any oother vlan as a native vlan then a question arise that do i hav to configure stp again? regards narendra -----Original Message----- From: Max Pierson Sent: 05/03/2011, 10:30 pm To: marc abel Cc: [email protected]; [email protected] Subject: Re: [OSL | CCIE_RS] (ccie_rs)_native_vlan > It is actually best practice to make the native VLAN an unused VLAN, and > make sure all production VLANS are tagged. I like hearing "best common practice" :) > It means we should not change tha native vlan from 1 to any other, > vlan 1 should be always for the network management purpose. This isn't 100% correct. See below. > One more thing which is asked bye interviewer to me that > why do we not need to configure STP if our managent vlan is already 1? It is BCP to NOT use VLAN 1 for production. This is an old "myth" I think though, if you wish to call it that. VLAN 1 itself is just another VLAN like 2 - 1000 (1001 - 1005 are usually reserved and internally allocated). It can be used the same way any other VLAN can. There's nothing at all special about it (other than Cisco's recommendation years ago was that is was for management only because of older switch code). The older switches (think 2900's and 3500XL's) had to have VLAN 1 for it's management purposes and could not be removed from the database (although it can be changed from 1 to whatever if you manage switches like us, but you still couldn't completely remove it from the DB). Alot of other vendors followed suit and made the same recommendations. But as you both have stated, most use it for management purposes. We have gone one step farther and decided to use another vlan for management and disable vlan 1 all together (yes, remove it from the vlanDB, even though that in itself breaks stuff like STP, VTP, etc, if you don't already have any other VLAN defined on the switch for L2 control traffic to traverse). We specify the "native vlan" as the management vlan we chose, and put the new "native" vlan command on all trunks (this will fix all of your L2 stuff as well if you were only using vlan 1 to begin with). This way when a new switch gets provisioned for roll out, even though the ports are in vlan1 by default, that vlan is dead on our network, so anyone who plugs in can't see anything but other stuff that's on just that switch in vlan 1 since vlan 1 is not allowed over ANY trunks. More for secureity than anything else. - m On Sat, Mar 5, 2011 at 8:43 AM, marc abel <[email protected]> wrote: > Yes you could, but at that point you are going to need to do layer 3 > routing > to be able to communicate end to end. It's all about what do you want to > do. > In most cases I can't think of a good reason to have this kind of > inconsistency in a production network. The network I currently administer > was setup with some weirdness like this before I arrived. I discovered some > of the "Bad Things" mentioned earlier where they actually had traffic > bleeding between VLANS that they thought were isolated. > > It is actually best practice to make the native VLAN an unused VLAN, and > make sure all production VLANS are tagged. > > On Sat, Mar 5, 2011 at 1:40 AM, [email protected] < > [email protected] > > wrote: > > > Correct me if i m wrong > > > > i m using three switches 3750, 2950,2960 respectively... > > > > I have connected Fa0/1 of 3750 to Fa0/1 of 2950 i m naming this link as > > link North > > and > > Fa0/2 of 3750 to Fa0/2 of 2960 i m naming this link as link south > > > > I hav three vlan 1,2 and 3 respectively > > now my question arises that > > can i use vlan 2 as a native vlan for south link > > and vlan 3 as native vlan for north link? > > > > If yes then what is the benifit it will give me? > > > > Help will be appriciated becoz i m too much confuse about this question > > > > > > -----Original Message----- > > From: Kurt Bales > > Sent: 05/03/2011, 12:50 pm > > To: [email protected] > > Cc: [email protected]; Michael > > Smith; [email protected] > > Subject: Re: [OSL | CCIE_RS] (ccie_rs)_native_vlan > > > > > > Native VLAN is only relevant per link - and in a proper confiiguration > all > > hosts on a link should agree on the native vlan or Bad Things (TM) can > > happen. > > > > Simply put: Yes, your northbound link can use native 9, and your > southband > > link can use native 11. > > > > On Sat, Mar 5, 2011 at 17:38, [email protected] > > <[email protected]>wrote: > > > > > I know this dear michael but my confusion is something else that > > > do whole network have same native vlan or native vlan can be changed > > > according to each trunk port in switches? > > > > > > If canbe changed according to switche's trunk port then why do we make > > this > > > change in all trunk port? > > > > > > > > > > _______________________________________________ > > For more information regarding industry leading CCIE Lab training, please > > visit www.ipexpert.com > > > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
