Meraki

Community

Management VLAN - is it VLAN 1, untagged, or other?

KiloBravo
Here to help
‎Mar 22 2018 2:13 AM
‎Mar 22 2018 2:13 AM

Management VLAN - is it VLAN 1, untagged, or other?

Hi,

 

Looking just to clarify something I'm a little puzzled over. 

 

in the advances MS setup guide it states that the following item is one of the 'out of the box' behaviours for MS switches:

 

"All interfaces will send management traffic on VLAN1 (untagged)"

 

Does this mean that the packets are default 'tagged' with vlan ID 1, or that the packets aren't tagged at all? It looks contradictory to me to say that the packets are sent on 'vlan1' and 'untagged' as I understand vlan1 to be a tag as all the others are, with the exception that vlan 1 is typically the native vlan that all switch ports use and so by default are tagged with that ID.

 

Perhaps the statement is presuming that vlan 1 is the native vlan to which the connecting ports will uplinked to?

 

Please feel free to tell me where I've gone 🙂

 

Thanks in advance

0 Kudos
4 Replies 4
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Mar 22 2018 2:42 AM
‎Mar 22 2018 2:42 AM

Out of the box VLAN1 is native (as it is for every switch vendor I know of).  VLAN1 is used for management traffic (out of the box), and being native, is not tagged.

0 Kudos
In response to PhilipDAth
KiloBravo
Here to help
‎Mar 22 2018 2:50 AM
‎Mar 22 2018 2:50 AM

Thanks for the quick reply Phil 🙂

"and being native, is not tagged"

That's interesting to me. Fundamentally i guess the above is the source of my confusion as my understanding is/was that in networking the 'Native vlan' does not equal 'untagged', but instead it means 'tagged with whatever the native vlan is on that switch' which is, as you said, typically vlan 1....


0 Kudos
In response to KiloBravo
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Mar 22 2018 2:53 AM
‎Mar 22 2018 2:53 AM

The definition of "native vlan" is the vlan which is presented untagged.

 

https://en.wikipedia.org/wiki/IEEE_802.1Q

"Each frame must be distinguishable as being within exactly one VLAN. A frame in the VLAN-aware portion of the network that does not contain a VLAN tag is assumed to be flowing on the native VLAN."

0 Kudos
In response to KiloBravo
Uberseehandel
Kind of a big deal
‎Mar 22 2018 3:03 AM
‎Mar 22 2018 3:03 AM

The reality is that it is not difficult to set up:

 

  • a separate management VLAN
  • all VLANs explicitly declared
  • explicit declaration of VLANs permitted on trunks
  • use of a blackhole VLAN where configuration insists upon an entry

Personally, I suggest using 101 as the black hole

 

You asked me once, what was in Room 101. I told you that you knew the answer already. Everyone knows it. The thing that is in Room 101 is the worst thing in the world.

                                                — O'Brien, Part III, Chapter V - George Orwell, 1984

 @PhilipDAth suggested using a non-existent VLAN, the selection of an appropriate number was an automatic choice

Robin St.Clair | Principal, Caithness Analytics | @uberseehandel
0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.