Skip to main content

Best Practices for VLAN Design

Following these General Best practices when implementing VLANs can help to design and implement VLANs in a simple, secure and less troubleshooting-requiring Campus Network.
  • For the Local VLANs model, it is usually recommended to have only one to three VLANs per access module and limit those VLANs to a couple of access switches and the distribution switches.
  • Avoid using VLAN 1 as the “blackhole” for all unused ports. Use any other VLAN except 1 to assign all the unused ports to it.
  • Try to always have separate voice VLANs, data VLANs, management VLANs, native VLANs, blackhole VLANs, and default VLANs (VLAN 1).
  • In the local VLANs model, avoid VTP; it is feasible to use manually allowed VLANs in a network on trunks.
  • For trunk ports, turn off DTP and configure it manually. Use IEEE 802.1Q rather than ISL because it has better support for QoS and is a standard protocol.
  • Manually configure access ports that are not specifically intended for a trunk link.
  • Prevent all data traffic from VLAN 1; only permit control protocols to run on VLAN 1 (DTP, VTP, STP BPDUs, PAgP, LACP, CDP, and such.).
  • Avoid using Telnet because of security risks; enable SSH support on management VLANs.

Comments

Popular posts from this blog

What is Cisco Supervisor Engine?

Supervisor Engine is a module that is installed in the Cisco Chassis-based Catalyst Switches or Routers. Supervisor engine contains nearly all the same components of a fixed Cisco Switches or Routers. These Supervisor engines come in a variety of different types with different functionalities and are installed in the Switches/Router Chassis as per requirements of the network types.

Benefits of Supervisor Engines
By installing Latest Supervisor Engines in your existing investments (Switches and Routers) you can scale system performance and integrate next-generation services into your Networks.
Within a single multilayer switch chassis, two supervisor modules with integrated route processors can be used to provide hardware redundancy. If an entire supervisor module fails, the other module can pick up the pieces and continue operating the switch.
The supervisor engine contains the following integrated daughter cards that perform forwarding and routing and provide the protocols supported …

GNS3 Docker Error while creating node: Docker has returned an error: Cannot connect to host docker:80

Error while creating node: Docker has returned an error: Cannot connect to host docker:80 ssl:False [No such file or directory]

After adding docker template for Alpine Linux in gns3, you get above mentioned message when you want to use alpine linux in GNS3.

To get rid of this message you have to install Docker by following below link
curl -fsSL https://get.docker.com/ | sh

If you do not have curl installed then instal curl first with below command.apt-get install curl
After installing Docker you need to add your user name in the docker group with the following command. $ sudo usermod -aG docker your_username

Verify if the docker service is started with following command$ service docker status
If docker is not started then start with following command $ sudo service docker start
Logout from GNS3 Virtual Machines and log back. Start gns3 and use alpine linux.

Telnet Client is Disabled Enable it to use it from this application

This is a Cisco Network Assistant (CNA) error when you want to telnet any Cisco Devices from within CNA.
Solution to remove this error is related to Windows 7 or Windows Vista. First of all you need to Add TELNET program from Control Panel, which by Default is not added in fresh installation of Windows 7.For adding and using Telnet Program in Windows 7, Click Start > Control Panel > Uninstall a Program > Turn Windows Features On and OFF > Scroll to TELNET and Select it > Press OK After Adding Telnet Program into the Windows 7 you need to Copy Telent.exe from C:\Windows\System32 folder and paste it to C:\Windows\SysWOW64\ Now you should not get the same error.