I am working in ultinational com in middle east and we never use vlan 1 as a native vlan i have attented cisco technical seminar, what they said dont use vlan 1 as a native vlan because that vlan is default vlan so creat some other vlan any name like vvlan 999 give name native so identification will be also easy. and then you can use vlan 999 as a native vlan in you network.
On Sun, Mar 6, 2011 at 2:10 PM, <[email protected]> wrote: > Send CCIE_RS mailing list submissions to > [email protected] > > To subscribe or unsubscribe via the World Wide Web, visit > http://onlinestudylist.com/mailman/listinfo/ccie_rs > or, via email, send a message with subject or body 'help' to > [email protected] > > You can reach the person managing the list at > [email protected] > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of CCIE_RS digest..." > > > Today's Topics: > > 1. Re: (ccie_rs)_native_vlan (Max Pierson) > 2. Re: (ccie_rs)_native_vlan ([email protected]) > 3. Re: - trouble in selecting the referencial book for switching > (John Doe) > 4. Re: (ccie_rs)_native_vlan (Max Pierson) > 5. BGP Conditional Advertisement (fads fdas) > > > ---------------------------------------------------------------------- > > Message: 1 > Date: Sat, 5 Mar 2011 11:00:03 -0600 > From: Max Pierson <[email protected]> > To: marc abel <[email protected]> > Cc: "[email protected]" <[email protected]>, > "[email protected]" <[email protected]> > Subject: Re: [OSL | CCIE_RS] (ccie_rs)_native_vlan > Message-ID: > <[email protected]> > Content-Type: text/plain; charset=ISO-8859-1 > > > It is actually best practice to make the native VLAN an unused VLAN, and > > make sure all production VLANS are tagged. > > > I like hearing "best common practice" :) > > > > It means we should not change tha native vlan from 1 to any other, > > vlan 1 should be always for the network management purpose. > > > This isn't 100% correct. See below. > > > > One more thing which is asked bye interviewer to me that > > why do we not need to configure STP if our managent vlan is already 1? > > > > > It is BCP to NOT use VLAN 1 for production. This is an old "myth" I think > though, if you wish to call it that. VLAN 1 itself is just another VLAN > like > 2 - 1000 (1001 - 1005 are usually reserved and internally allocated). It > can > be used the same way any other VLAN can. There's nothing at all special > about it (other than Cisco's recommendation years ago was that is was for > management only because of older switch code). The older switches (think > 2900's and 3500XL's) had to have VLAN 1 for it's management purposes and > could not be removed from the database (although it can be changed from 1 > to > whatever if you manage switches like us, but you still couldn't completely > remove it from the DB). Alot of other vendors followed suit and made the > same recommendations. > > But as you both have stated, most use it for management purposes. We have > gone one step farther and decided to use another vlan for management and > disable vlan 1 all together (yes, remove it from the vlanDB, even though > that in itself breaks stuff like STP, VTP, etc, if you don't already have > any other VLAN defined on the switch for L2 control traffic to traverse). > We > specify the "native vlan" as the management vlan we chose, and put the new > "native" vlan command on all trunks (this will fix all of your L2 stuff as > well if you were only using vlan 1 to begin with). This way when a new > switch gets provisioned for roll out, even though the ports are in vlan1 by > default, that vlan is dead on our network, so anyone who plugs in can't see > anything but other stuff that's on just that switch in vlan 1 since vlan 1 > is not allowed over ANY trunks. More for secureity than anything else. > > - > m > > On Sat, Mar 5, 2011 at 8:43 AM, marc abel <[email protected]> wrote: > > > Yes you could, but at that point you are going to need to do layer 3 > > routing > > to be able to communicate end to end. It's all about what do you want to > > do. > > In most cases I can't think of a good reason to have this kind of > > inconsistency in a production network. The network I currently administer > > was setup with some weirdness like this before I arrived. I discovered > some > > of the "Bad Things" mentioned earlier where they actually had traffic > > bleeding between VLANS that they thought were isolated. > > > > It is actually best practice to make the native VLAN an unused VLAN, and > > make sure all production VLANS are tagged. > > > > On Sat, Mar 5, 2011 at 1:40 AM, [email protected] < > > [email protected] > > > wrote: > > > > > Correct me if i m wrong > > > > > > i m using three switches 3750, 2950,2960 respectively... > > > > > > I have connected Fa0/1 of 3750 to Fa0/1 of 2950 i m naming this link as > > > link North > > > and > > > Fa0/2 of 3750 to Fa0/2 of 2960 i m naming this link as link south > > > > > > I hav three vlan 1,2 and 3 respectively > > > now my question arises that > > > can i use vlan 2 as a native vlan for south link > > > and vlan 3 as native vlan for north link? > > > > > > If yes then what is the benifit it will give me? > > > > > > Help will be appriciated becoz i m too much confuse about this question > > > > > > > > > -----Original Message----- > > > From: Kurt Bales > > > Sent: 05/03/2011, 12:50 pm > > > To: [email protected] > > > Cc: [email protected]; Michael > > > Smith; [email protected] > > > Subject: Re: [OSL | CCIE_RS] (ccie_rs)_native_vlan > > > > > > > > > Native VLAN is only relevant per link - and in a proper confiiguration > > all > > > hosts on a link should agree on the native vlan or Bad Things (TM) can > > > happen. > > > > > > Simply put: Yes, your northbound link can use native 9, and your > > southband > > > link can use native 11. > > > > > > On Sat, Mar 5, 2011 at 17:38, [email protected] > > > <[email protected]>wrote: > > > > > > > I know this dear michael but my confusion is something else that > > > > do whole network have same native vlan or native vlan can be changed > > > > according to each trunk port in switches? > > > > > > > > If canbe changed according to switche's trunk port then why do we > make > > > this > > > > change in all trunk port? > > > > > > > > > > > > > > _______________________________________________ > > > For more information regarding industry leading CCIE Lab training, > please > > > visit www.ipexpert.com > > > > > _______________________________________________ > > For more information regarding industry leading CCIE Lab training, please > > visit www.ipexpert.com > > > > > ------------------------------ > > Message: 2 > Date: Sat, 05 Mar 2011 18:09:54 +0000 > From: "[email protected]" <[email protected]> > To: "marc abel" <[email protected]> , "Max Pierson" > <[email protected]> > Cc: "[email protected]" <[email protected]> > Subject: Re: [OSL | CCIE_RS] (ccie_rs)_native_vlan > Message-ID: <[email protected]> > Content-Type: text/plain; charset="utf-8" > > Actually in my network > i hav 5 vlan and vlan 1 is native vlan whenever i use 'sh spanning-tree' > command it shows me the root bridge it means that stp is already configured > in my network > > but as per ur explanation if i disable vlan 1 and define any oother vlan as > a native vlan then a question arise that > > > do i hav to configure stp again? > regards > narendra > -----Original Message----- > From: Max Pierson > Sent: 05/03/2011, 10:30 pm > To: marc abel > Cc: [email protected]; [email protected] > Subject: Re: [OSL | CCIE_RS] (ccie_rs)_native_vlan > > > > It is actually best practice to make the native VLAN an unused VLAN, and > > make sure all production VLANS are tagged. > > > I like hearing "best common practice" :) > > > > It means we should not change tha native vlan from 1 to any other, > > vlan 1 should be always for the network management purpose. > > > This isn't 100% correct. See below. > > > > One more thing which is asked bye interviewer to me that > > why do we not need to configure STP if our managent vlan is already 1? > > > > > It is BCP to NOT use VLAN 1 for production. This is an old "myth" I think > though, if you wish to call it that. VLAN 1 itself is just another VLAN > like > 2 - 1000 (1001 - 1005 are usually reserved and internally allocated). It > can > be used the same way any other VLAN can. There's nothing at all special > about it (other than Cisco's recommendation years ago was that is was for > management only because of older switch code). The older switches (think > 2900's and 3500XL's) had to have VLAN 1 for it's management purposes and > could not be removed from the database (although it can be changed from 1 > to > whatever if you manage switches like us, but you still couldn't completely > remove it from the DB). Alot of other vendors followed suit and made the > same recommendations. > > But as you both have stated, most use it for management purposes. We have > gone one step farther and decided to use another vlan for management and > disable vlan 1 all together (yes, remove it from the vlanDB, even though > that in itself breaks stuff like STP, VTP, etc, if you don't already have > any other VLAN defined on the switch for L2 control traffic to traverse). > We > specify the "native vlan" as the management vlan we chose, and put the new > "native" vlan command on all trunks (this will fix all of your L2 stuff as > well if you were only using vlan 1 to begin with). This way when a new > switch gets provisioned for roll out, even though the ports are in vlan1 by > default, that vlan is dead on our network, so anyone who plugs in can't see > anything but other stuff that's on just that switch in vlan 1 since vlan 1 > is not allowed over ANY trunks. More for secureity than anything else. > > - > m > > On Sat, Mar 5, 2011 at 8:43 AM, marc abel <[email protected]> wrote: > > > Yes you could, but at that point you are going to need to do layer 3 > > routing > > to be able to communicate end to end. It's all about what do you want to > > do. > > In most cases I can't think of a good reason to have this kind of > > inconsistency in a production network. The network I currently administer > > was setup with some weirdness like this before I arrived. I discovered > some > > of the "Bad Things" mentioned earlier where they actually had traffic > > bleeding between VLANS that they thought were isolated. > > > > It is actually best practice to make the native VLAN an unused VLAN, and > > make sure all production VLANS are tagged. > > > > On Sat, Mar 5, 2011 at 1:40 AM, [email protected] < > > [email protected] > > > wrote: > > > > > Correct me if i m wrong > > > > > > i m using three switches 3750, 2950,2960 respectively... > > > > > > I have connected Fa0/1 of 3750 to Fa0/1 of 2950 i m naming this link as > > > link North > > > and > > > Fa0/2 of 3750 to Fa0/2 of 2960 i m naming this link as link south > > > > > > I hav three vlan 1,2 and 3 respectively > > > now my question arises that > > > can i use vlan 2 as a native vlan for south link > > > and vlan 3 as native vlan for north link? > > > > > > If yes then what is the benifit it will give me? > > > > > > Help will be appriciated becoz i m too much confuse about this question > > > > > > > > > -----Original Message----- > > > From: Kurt Bales > > > Sent: 05/03/2011, 12:50 pm > > > To: [email protected] > > > Cc: [email protected]; Michael > > > Smith; [email protected] > > > Subject: Re: [OSL | CCIE_RS] (ccie_rs)_native_vlan > > > > > > > > > Native VLAN is only relevant per link - and in a proper confiiguration > > all > > > hosts on a link should agree on the native vlan or Bad Things (TM) can > > > happen. > > > > > > Simply put: Yes, your northbound link can use native 9, and your > > southband > > > link can use native 11. > > > > > > On Sat, Mar 5, 2011 at 17:38, [email protected] > > > <[email protected]>wrote: > > > > > > > I know this dear michael but my confusion is something else that > > > > do whole network have same native vlan or native vlan can be changed > > > > according to each trunk port in switches? > > > > > > > > If canbe changed according to switche's trunk port then why do we > make > > > this > > > > change in all trunk port? > > > > > > > > > > > > > > _______________________________________________ > > > For more information regarding industry leading CCIE Lab training, > please > > > visit www.ipexpert.com > > > > > _______________________________________________ > > For more information regarding industry leading CCIE Lab training, please > > visit www.ipexpert.com > > > > > > ------------------------------ > > Message: 3 > Date: Sun, 6 Mar 2011 00:22:42 +0100 > From: John Doe <[email protected]> > To: Narendra <[email protected]> > Cc: [email protected], [email protected] > Subject: Re: [OSL | CCIE_RS] - trouble in selecting the referencial > book for switching > Message-ID: > <[email protected]> > Content-Type: text/plain; charset=ISO-8859-1 > > Hi Narendra, > > I am using these books: > > Implementing Cisco IP Switched Networks (SWITCH) Foundation Learning Guide: > Foundation learning for SWITCH 642-813 > Cisco LAN Switching Configuration Handbook, 2nd Edition > Cisco Lan Switching - little bit outdated but concepts still apply > CCIE Routing and Switching Exam Certification Guide 4th Edition > > Ivan > > > > On Fri, Mar 4, 2011 at 8:30 AM, Narendra <[email protected]> wrote: > > > hi guys, > > > > i have recently finished the todd lammle book, but now i want to do more > > practice in layer2 and layer3 switching. > > so kindly suggest me the referencial book for this pupose. > > > > > > > > -- > > Best Regards, > > > > Narendra Prasad > > _______________________________________________ > > For more information regarding industry leading CCIE Lab training, please > > visit www.ipexpert.com > > > > > ------------------------------ > > Message: 4 > Date: Sat, 5 Mar 2011 17:37:45 -0600 > From: Max Pierson <[email protected]> > To: [email protected] > Cc: "[email protected]" <[email protected]> > Subject: Re: [OSL | CCIE_RS] (ccie_rs)_native_vlan > Message-ID: > <[email protected]> > Content-Type: text/plain; charset=ISO-8859-1 > > > vlan 1 is native vlan whenever i use 'sh spanning-tree' command it shows > me the root bridge it means that stp is already configured in my network > > If you do a "show span vlan x" where x = any other vlan you are using, it > will essentially show you the same thing. The "native" VLAN has nothing to > do with spanning-tree (other than the fact it runs on VLAN 1 by default). > All the "native" vlan is used for is to tell the switchport "if your > trunking and you expect VLAN tags but a frame comes in without one, it > belongs to vlan x. (Where x is whatever the ports native vlan is set to). > > >do i hav to configure stp again? > > Spanning-tree runs just the same on the "native" vlan as it does on any > other vlan. As long as you don't have vlan 1 (or interface vlan 1) in use > for anything, you would not have to change anything. STP just doesn't run > anymore on VLAN 1 since you've deleted it and moved those ports to another > vlan. So STP will just do it's thing on all of the other VLANS as normal. > Once again, this was NOT the case with some older/lower end/older IOS > released switches. > > Think of the "native" vlan somewhat like a "voice vlan". All thats involved > is the switchport acts like a "trunk port" and an "access port" at the same > time. Frame tags are honored while non-tagged frames are sent to the > "native" vlan you specify. (Same as "voice port", you're telling it what > vlan voice frames belong to). > > HTH's, > m > > On Sat, Mar 5, 2011 at 12:09 PM, [email protected] < > [email protected]> wrote: > > > Actually in my network > > i hav 5 vlan and vlan 1 is native vlan whenever i use 'sh spanning-tree' > > command it shows me the root bridge it means that stp is already > configured > > in my network > > > > but as per ur explanation if i disable vlan 1 and define any oother vlan > as > > a native vlan then a question arise that > > > > > > do i hav to configure stp again? > > regards > > narendra > > -----Original Message----- > > From: Max Pierson > > Sent: 05/03/2011, 10:30 pm > > To: marc abel > > Cc: [email protected]; [email protected] > > Subject: Re: [OSL | CCIE_RS] (ccie_rs)_native_vlan > > > > > > > It is actually best practice to make the native VLAN an unused VLAN, > and > > > make sure all production VLANS are tagged. > > > > > > I like hearing "best common practice" :) > > > > > > > It means we should not change tha native vlan from 1 to any other, > > > vlan 1 should be always for the network management purpose. > > > > > > This isn't 100% correct. See below. > > > > > > > One more thing which is asked bye interviewer to me that > > > why do we not need to configure STP if our managent vlan is already 1? > > > > > > > > > > It is BCP to NOT use VLAN 1 for production. This is an old "myth" I think > > though, if you wish to call it that. VLAN 1 itself is just another VLAN > > like > > 2 - 1000 (1001 - 1005 are usually reserved and internally allocated). It > > can > > be used the same way any other VLAN can. There's nothing at all special > > about it (other than Cisco's recommendation years ago was that is was for > > management only because of older switch code). The older switches (think > > 2900's and 3500XL's) had to have VLAN 1 for it's management purposes and > > could not be removed from the database (although it can be changed from 1 > > to > > whatever if you manage switches like us, but you still couldn't > completely > > remove it from the DB). Alot of other vendors followed suit and made the > > same recommendations. > > > > But as you both have stated, most use it for management purposes. We have > > gone one step farther and decided to use another vlan for management and > > disable vlan 1 all together (yes, remove it from the vlanDB, even though > > that in itself breaks stuff like STP, VTP, etc, if you don't already have > > any other VLAN defined on the switch for L2 control traffic to traverse). > > We > > specify the "native vlan" as the management vlan we chose, and put the > new > > "native" vlan command on all trunks (this will fix all of your L2 stuff > as > > well if you were only using vlan 1 to begin with). This way when a new > > switch gets provisioned for roll out, even though the ports are in vlan1 > by > > default, that vlan is dead on our network, so anyone who plugs in can't > see > > anything but other stuff that's on just that switch in vlan 1 since vlan > 1 > > is not allowed over ANY trunks. More for secureity than anything else. > > > > - > > m > > > > On Sat, Mar 5, 2011 at 8:43 AM, marc abel <[email protected]> wrote: > > > > > Yes you could, but at that point you are going to need to do layer 3 > > > routing > > > to be able to communicate end to end. It's all about what do you want > to > > > do. > > > In most cases I can't think of a good reason to have this kind of > > > inconsistency in a production network. The network I currently > administer > > > was setup with some weirdness like this before I arrived. I discovered > > some > > > of the "Bad Things" mentioned earlier where they actually had traffic > > > bleeding between VLANS that they thought were isolated. > > > > > > It is actually best practice to make the native VLAN an unused VLAN, > and > > > make sure all production VLANS are tagged. > > > > > > On Sat, Mar 5, 2011 at 1:40 AM, [email protected] < > > > [email protected] > > > > wrote: > > > > > > > Correct me if i m wrong > > > > > > > > i m using three switches 3750, 2950,2960 respectively... > > > > > > > > I have connected Fa0/1 of 3750 to Fa0/1 of 2950 i m naming this link > as > > > > link North > > > > and > > > > Fa0/2 of 3750 to Fa0/2 of 2960 i m naming this link as link south > > > > > > > > I hav three vlan 1,2 and 3 respectively > > > > now my question arises that > > > > can i use vlan 2 as a native vlan for south link > > > > and vlan 3 as native vlan for north link? > > > > > > > > If yes then what is the benifit it will give me? > > > > > > > > Help will be appriciated becoz i m too much confuse about this > question > > > > > > > > > > > > -----Original Message----- > > > > From: Kurt Bales > > > > Sent: 05/03/2011, 12:50 pm > > > > To: [email protected] > > > > Cc: [email protected]; Michael > > > > Smith; [email protected] > > > > Subject: Re: [OSL | CCIE_RS] (ccie_rs)_native_vlan > > > > > > > > > > > > Native VLAN is only relevant per link - and in a proper > confiiguration > > > all > > > > hosts on a link should agree on the native vlan or Bad Things (TM) > can > > > > happen. > > > > > > > > Simply put: Yes, your northbound link can use native 9, and your > > > southband > > > > link can use native 11. > > > > > > > > On Sat, Mar 5, 2011 at 17:38, [email protected] > > > > <[email protected]>wrote: > > > > > > > > > I know this dear michael but my confusion is something else that > > > > > do whole network have same native vlan or native vlan can be > changed > > > > > according to each trunk port in switches? > > > > > > > > > > If canbe changed according to switche's trunk port then why do we > > make > > > > this > > > > > change in all trunk port? > > > > > > > > > > > > > > > > > > _______________________________________________ > > > > For more information regarding industry leading CCIE Lab training, > > please > > > > visit www.ipexpert.com > > > > > > > _______________________________________________ > > > For more information regarding industry leading CCIE Lab training, > please > > > visit www.ipexpert.com > > > > > > > > > > ------------------------------ > > Message: 5 > Date: Sun, 6 Mar 2011 12:10:55 +0100 (CET) > From: fads fdas <[email protected]> > To: [email protected] > Subject: [OSL | CCIE_RS] BGP Conditional Advertisement > Message-ID: <[email protected]> > Content-Type: TEXT/plain; CHARSET=ISO-8859-2 > > Hi Experts! I have some problem with a BGP feature called Conditional > Advertisement. It has got a "wierd" (or i don't know how does it work) > behavior in my scenario... :)Topology: R1 ======= R3| > |R2 ======= R4 R1-R2 and R3-R4 iBGP peers, R1-R3 and R2-R4 are eBGP > peers.By default all traffic goes through the R1-R3 links (2 links). If one > of the primary link beetween the R1-R3 is down, I would like to reroute > the traffic to the backup links (2 links) beetween R2-R4.I would like to > achieve the following:In normal case R1 advertise routes with as-path > prepend (nei x.x.x.x route-map ADVERTISE). route-map ADVERTISEmatch ip > address prefix-list SUBNETSset as-path prepend y y If there is a link issue, > R1 advertise routes with as.path prepend (nei x.x.x.x advertise-map NEW > exist CHECK)route-map ADVERTISEmatch ip address prefix-list SUBNETS This > scenario is not working because if there is a link failure, R1 does not > advertise any routes. > I think The route-map maybe "supressed" by the advertise-map (if in the > ADVERTISE route-map there are another prefixes it works fine) Do you have > any idea what coudl be the problem? Or how to solve this? In advance Thanks > for your help Best Regards,Attila > > End of CCIE_RS Digest, Vol 62, Issue 20 > *************************************** > -- _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
