Meraki

Community

Management Vlan SVI

Solved
Mac1
Comes here often
‎Aug 5 2021 1:22 PM
‎Aug 5 2021 1:22 PM

Management Vlan SVI

Hello. I've read here that Best practice suggest using a management vlan

 

So lets just say I want to use 10.1.1.0/24 as management for reachability to the cloud (this will be natted)

 

should this 10.1.1.0/24  be configured on my layer 3 gateway as a normal SVI along with my Data & Voice svi's and whatever else?

Labels:
0 Kudos
1 Accepted Solution
In response to Mac1
Inderdeep
Kind of a big deal
‎Aug 11 2021 9:33 AM
‎Aug 11 2021 9:33 AM

@Mac1 : Well check the below thread for best practices. I would say always separate management and user data traffic VLANs and if possible not to use the Native VLAN ( Hardening)

 

https://community.meraki.com/t5/Security-SD-WAN/Best-practices-for-native-VLAN-configuration/td-p/48...

 

I can give my native vlan whichever number i want, right? It doesn't have to be one does it?

Yes, you can have any number and dont use 1.

Cisco Awarded Blogs 2020/2021 https://www.thenetworkdna.com/

View solution in original post

0 Kudos
5 Replies 5
Aaron_Wilson
A model citizen
‎Aug 5 2021 6:31 PM
‎Aug 5 2021 6:31 PM

That is how I do it

0 Kudos
Inderdeep
Kind of a big deal
‎Aug 6 2021 6:29 AM
‎Aug 6 2021 6:29 AM

@Mac1 : Check this out 

By default, the switch will try to contact Meraki Dashboard on the untagged (native) VLAN. Alternately, you can specify the management VLAN under Configure > Switch settings. This allows the switch to reach the internet via a trunk port. 

https://documentation.meraki.com/MS/Other_Topics/Switch_Settings 

Cisco Awarded Blogs 2020/2021 https://www.thenetworkdna.com/
0 Kudos
In response to Inderdeep
Mac1
Comes here often
‎Aug 11 2021 9:10 AM
‎Aug 11 2021 9:10 AM

Thanks Inderdeep. So what is the best practice?

 

Native vlan or separate managment network?

 

 

Or use the Native vlan  with the intended /24 network you were going to use as managment?

 

 

I can give my native vlan whichever number i want, right? It doesn't have to be one does it?

0 Kudos
In response to Mac1
Inderdeep
Kind of a big deal
‎Aug 11 2021 9:33 AM
‎Aug 11 2021 9:33 AM

@Mac1 : Well check the below thread for best practices. I would say always separate management and user data traffic VLANs and if possible not to use the Native VLAN ( Hardening)

 

https://community.meraki.com/t5/Security-SD-WAN/Best-practices-for-native-VLAN-configuration/td-p/48...

 

I can give my native vlan whichever number i want, right? It doesn't have to be one does it?

Yes, you can have any number and dont use 1.

Cisco Awarded Blogs 2020/2021 https://www.thenetworkdna.com/
0 Kudos
In response to Inderdeep
Mac1
Comes here often
‎Aug 12 2021 4:39 AM
‎Aug 12 2021 4:39 AM

Thanks for your help. Much appreciated.

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco ID. If you don't yet have a Cisco ID, you can sign up.
Labels
© 2025 Cisco Systems, Inc.