Meraki Community

Thanks! Will I have to add the management vlan to trunk ports on all my switches, or just specific ones? And last question, creating a vlan for management on my MX with the same number I set my management vlan in config is still necessary, correct?

Hi @JMY34 , I’ve always used a none routable VLAN as the Native VLAN which I set across all uplink/Trunked ports across the networks.  I then define a Mgmt VLAN for device/dashboard mgmt.

Others will of course have their own opinion.

Interesting! What makes a non-routable VLAN? And once I make an mgmt VLAN, do I need to set any ports/switches to use it? Or is it automatic. Thanks.

One VLAN without a default gateway.

What advantage is there in doing it that way?

In my opinion it has no advantage, there are other smarter ways to restrict access, such as restriction by ACLs, access policies via Tacacs+, and a multitude of other ways.

In your case, I think you should hire a consultancy, since you don't have mastery of technology.

How is it smarter to add additional configuration when I can simply add a vlan number as the Native, job done, no further configuration required.  

Using a non-routable VLAN is not the best option, it won't improve your security, ACLs aren't a guarantee either but at least you can make some restrictions.

What will guarantee the security of your network are a series of features, my favorite in particular is using authentication on the wired network, because at least that way you prevent anyone who connects a cable to your network from being able to use it.

Not even a firewall guarantees 100% security, it is enough for a user to access something improper that your entire network can be compromised.

So in my opinion, the more security features you use, the more restricted you can make your network.

We have no more budget for the year, so we won't be hiring a consultancy. I have mastery of plenty of technology, just not networking yet, but that's going to change soon. Thanks for your help.