March 22, 2002 8:30 PM
To: [EMAIL PROTECTED]
Subject: RE: Catalyst 6509 [7:39192]
Correct, it's essentially a 802.1q native VLAN issue, not a VLAN 1 issue
per
se. I would note though that although the change to make a non-active VLAN
the native VLAN is an obvious fix, it strikes me as a bug th
I will reach
to the managment VLAN.
Regards,
Ali
-Original Message-
From: maverick hurley
To: [EMAIL PROTECTED]
Sent: 3/22/02 1:07 PM
Subject: RE: Catalyst 6509 [7:39192]
absoultly it will help for security, The thing to remember is that your
ports are default for native vlan1. You can
VLAN 1 first to reach to VLAN 10 where I have my management port.
Question
is if VLAN 1 is already attacked with Broadcast storm then how I will
reach
to the managment VLAN.
Use a console cable on the nearest switch and telnet to the others. The
point is to avoid having to walk to
Michael
Sent: Saturday, March 23, 2002 5:38 PM
To: [EMAIL PROTECTED]
Subject: Re: Catalyst 6509 [7:39192]
VLAN 1 first to reach to VLAN 10 where I have my management port.
Question
is if VLAN 1 is already attacked with Broadcast storm then how I will
reach
to the managment VLAN.
Use a console
I have always been advised to use Vlan 1 for management only? Just dont use
vlan 1 for users and other devices. I would use vlan 1 for the managemnet
under a different subnet than your devices. Assign the subnet for vlan1 on
your router card. Use a ip under that subnet for your SC0 interface and
You are 100% correct on the default route for SC0.
The design you have is what I would recommend. The reason I would
keep the management VLAN off of the uer VLAN is if you have a meltdown
for some reason on the user VLAN you will still have connectivity
between switches while you try to
Message-
From: maverick hurley [mailto:[EMAIL PROTECTED]]
Sent: Friday, March 22, 2002 11:41 AM
To: [EMAIL PROTECTED]
Subject: RE: Catalyst 6509 [7:39192]
I have always been advised to use Vlan 1 for management only? Just dont use
vlan 1 for users and other devices. I would use vlan 1
absoultly it will help for security, The thing to remember is that your
ports are default for native vlan1. You can specify a different vlan number
for your management like vlan 5. But in case of trunking mishaps/issues and
vlan pruning issues it is safer using vlan 1.
Message Posted at:
The big problem with Vlan 1 is that if it exists on your network a hacker
can do VLAN hopping (not a good thing). Cisco recommends deleting Vlan 1
from switches.
--
RFC 1149 Compliant.
Get in my head:
http://sar.dynu.com
maverick hurley wrote in message
[EMAIL PROTECTED]">news:[EMAIL
How??
C6509 (enable) clear vlan 1
VLAN number must be in the range 2..1000,1025..4094.
C6509 (enable)
You can disable it on trunks however
dave
Steven A. Ridder wrote:
The big problem with Vlan 1 is that if it exists on your network a hacker
can do VLAN hopping (not a good thing).
I'm embarrased to say, I got it wrong, you must use any Vlan but 1 on the
trunk port. Here's the direct quote from the link below
... prolonged discussions took place with the switch vendor to discuss the
implications of the results above. After consultation with their developers
it was
Sent: Friday, March 22, 2002 7:18 PM
To: [EMAIL PROTECTED]
Subject: Re: Catalyst 6509 [7:39192]
I'm embarrased to say, I got it wrong, you must use any Vlan but 1 on the
trunk port. Here's the direct quote from the link below
... prolonged discussions took place with the switch vendor
PROTECTED]]On Behalf Of
Kent Hundley
Sent: Friday, March 22, 2002 8:30 PM
To: [EMAIL PROTECTED]
Subject: RE: Catalyst 6509 [7:39192]
Correct, it's essentially a 802.1q native VLAN issue, not a VLAN 1 issue per
se. I would note though that although the change to make a non-active VLAN
the native
13 matches
Mail list logo
