cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

VLAN hygeine

Highlighted
A model citizen

VLAN hygeine

I was considering taking some advice I heard here and put my switches on their own VLAN, and some other advice.

 

@PhilipDAth you commented on this thread: https://community.meraki.com/t5/Security-SD-WAN/Best-practices-for-native-VLAN-configuration/td-p/48...

 

that the OP shouldn't really worry about all this. But say you are like me and have a relatively low risk network (rural area, guest network, nobody unknown allowed onto bridge SSID, etc) how would you arrange the VLANs? 

Networking geek since high school where I got half of a CCNA. Played Marathon II and Infinity over localtalk.
Made many a network over the years, now de facto admin of a retreat center with some of this fine Meraki hardware.
Fortune 100 Tech veteran/refugee.
5 REPLIES 5
Building a reputation

Re: VLAN hygeine

The nice thing about a mgmt vlan in large networks is you can reduce the number of vlans you trunk. For example, if you had a large deployment with dozens of data, voice and wireless vlans, you may not want to trunk every vlan every where.

Instead, you trunk just the required vlans to the physical switches, then add a single mgmt vlan. This accomplishes two thing.

1) you can easily move a switch at any time and have mgmt access to it since the mgmt vlan is trunked everywhere

2) you can spin up/down the user vlans separate from the mgmt vlan. Handy if you need to do work on the vlan and don't want to kill the vlan the Meraki is on.

Yes, this is maybe the old way to do it and not required for the Meraki deployments, but it's still good practice and something to consider.

Kind of a big deal

Re: VLAN hygeine

If you are not doing things like 802.1x I wouldn't bother with a management VLAN.  I prefer simplicity over complexity.

A model citizen

Re: VLAN hygeine

@PhilipDAth ditto. So leaving the VLAN situation more or less alone then? I dont use 802.1x. I just dont want to leave myself unnecessarily open to attack of some kind. It wouldn't come from within and all my switches (2 Mikrotik and 2 Netgear) are password protected. Just thinking if those switches should be on another VLAN or something. Precautionary only. 

Networking geek since high school where I got half of a CCNA. Played Marathon II and Infinity over localtalk.
Made many a network over the years, now de facto admin of a retreat center with some of this fine Meraki hardware.
Fortune 100 Tech veteran/refugee.
Kind of a big deal

Re: VLAN hygeine

I wouldn't personally move them.  Ultimately it is your choice.

A model citizen

Re: VLAN hygeine

I’m going w your advice. I’d prefer to keep my switches on the native default VLAN so I’m gonna do that. Thanks for the info and guidance as always, @PhilipDAth 

Networking geek since high school where I got half of a CCNA. Played Marathon II and Infinity over localtalk.
Made many a network over the years, now de facto admin of a retreat center with some of this fine Meraki hardware.
Fortune 100 Tech veteran/refugee.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.