Use vlan1 in router
indra26
Member Posts: 10 ■□□□□□□□□□
in CCNA & CCENT
Comments
-
TechGuru80 Member Posts: 1,539 ■■■■■■□□□□Google is an amazing tool...plenty of results with in depth discussions come up.
-
Hondabuff Member Posts: 667 ■■■□□□□□□□Vlan 1 is more of the default VLAN for switches from the default config. This is how they come out of the box so non-Cisco people can just plug and play them. Step one of securing a switch is to change the native VLAN to something other than 1 since every new switch uses it. Simplest solution is to make a new VLAN such as 2 and assign it to all used "access" switchports and on the trunkport to the router use the "switchport trunk native vlan 2" so the traffic is now sent untagged on VLAN 2 so devices plugged into the switch can talk to the router. Most of the control plane traffic "CDP,VTP,PAgP" is using VLAN 1 and is still needed on the switch for these to function.
“The problem with quotes on the Internet is that you can’t always be sure of their authenticity.” ~Abraham Lincoln -
huntert Banned Posts: 231i saw in the book exam cram for ccent that vlan 1 could be useful when setting up router on a stick.
-
hurricane1091 Member Posts: 919 ■■■■□□□□□□In our branch offices, we have Meraki switches which connect to the router. In reality, the switches should be stacked or each one should plug into the router (usually two switches), but really what ended up happening was one switch plugged into the other, and that one plugged into the router. Done before I got here. We should really go back and change it, but not the point. You can either have an IP address on the port on the router that connects to the switch to act as the default gateway for the local LAN, or you could use that VLAN interface instead. You could use 1, or you could use another number. The guy before me was using a different number for each office, but that's not actually necessary.
The whole VLAN 1 debate, I don't know. If I recall correctly, I've worked somewhere that used VLAN1 for management. Engineers all worked in a different building in the same VLAN, and that VLAN was allowed to access the VTY lines on equipment + a VLAN with specific servers. I'm fairly young and not perfect so I'm open for correction, but this did seem to be an okay setup. VLAN 1 is not a subnet in my data center though. -
indra26 Member Posts: 10 ■□□□□□□□□□Vlan 1 is more of the default VLAN for switches from the default config. This is how they come out of the box so non-Cisco people can just plug and play them. Step one of securing a switch is to change the native VLAN to something other than 1 since every new switch uses it. Simplest solution is to make a new VLAN such as 2 and assign it to all used "access" switchports and on the trunkport to the router use the "switchport trunk native vlan 2" so the traffic is now sent untagged on VLAN 2 so devices plugged into the switch can talk to the router. Most of the control plane traffic "CDP,VTP,PAgP" is using VLAN 1 and is still needed on the switch for these to function.
#solved