Cisco may recommend it but I believe it really depends on your perspective. For example, if your environment's policy is to have all of your ports enabled and ready for a connection, then it is conceivable that anyone could get onto your administrative "rail" by simply finding a jack to plug in to. Sniff the traffic, etc. On the other hand, if you lock down your switch ports it's not that big of an issue. Any way I've been in both types of environments and I guess it also depends on how security conscience the organization is.
HTH Darren At 01:43 PM 1/3/2002 -0500, Hire, Ejay wrote: >True enough, the management VLAN doesn't have to be 1. Using 1 is >reccomended however, because it is the default. > >-----Original Message----- >From: Darren Crawford [mailto:[EMAIL PROTECTED]] >Sent: Thursday, January 03, 2002 12:32 PM >To: [EMAIL PROTECTED] >Subject: RE: ISL Trunking [7:30728] > > >I must disagree with VLAN 1 being the only administrative VLAN. It is >simply the default VLAN. At a previous client I set up a DMZ switch with a >management VLAN of 999. This was on a Cat5505. > >HTH > >Darren > >At 11:28 PM 1/2/2002 -0500, Mark Odette II wrote: >>Ali- >>If my memory serves correct, you must first specify another VLAN as your >>administrative VLAN before you can drop VLAN 1 from the trunk...otherwise, >>your trunk would be orphaned (become unmanageable) and you wouldn't be able >>to control it anymore- until you cleared the config that is. >> >>Some Catalysts may just simply not allow dropping VLAN 1, as it can be the >>only Administrative Vlan. >> >>If you have a SmartNet contract, you might just call TAC to get a quick and >>straight forward answer to this. The call will probably last you 5 minutes >>+/-. >> >>-Mark Odette II >> >>-----Original Message----- >>From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of >>Ali, Abbas >>Sent: Wednesday, January 02, 2002 5:59 PM >>To: [EMAIL PROTECTED] >>Subject: ISL Trunking [7:30728] >> >> >>Is it possible to remove default Vlans 1, 1002-1005 from ISL trunking? I >am >>setting up a ISL trunking between Catalyst 2924 and 3640 router. >> >>I am running IOS on Catalyst XL 2924 and only want certain vlan on my link. >>IOS does it, but then it also inserts default vlan 1 and 1002-1005 >>automatically. The IOS accepts the remove command to remove vlans from the >>current list, but will not remove default vlans. >> >>Ali >x$:0`0:$x,,,,x$:0`0:$x,,,,x$:0`0:$x,,,,x$: > >Lucent Technologies >NetworkCare Professional Services >http//www.lucent.com/netcare/ >Darren S. Crawford - CCNP, CCDP, CCIE TBA > >Northwest Region - Sacramento Office >Voicemail (916) 859-5200 x310 >Pager (800) 467-1467 >mailto:[EMAIL PROTECTED] > >x$:0`0:$x,,,,x$:0`0:$x,,,,x$:0`0:$x,,,,x$: > >"You always have time for things you put first" - Tucker Resources x$:0`0:$x,,,,x$:0`0:$x,,,,x$:0`0:$x,,,,x$: Lucent Technologies NetworkCare Professional Services http//www.lucent.com/netcare/ Darren S. Crawford - CCNP, CCDP, CCIE TBA Northwest Region - Sacramento Office Voicemail (916) 859-5200 x310 Pager (800) 467-1467 mailto:[EMAIL PROTECTED] x$:0`0:$x,,,,x$:0`0:$x,,,,x$:0`0:$x,,,,x$: "You always have time for things you put first" - Tucker Resources Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=30815&t=30728 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
