Sunday, March 27, 2011


When deploying VLANs consider the following points for best practice. Sometimes limitations may occur such as budget or physical locations (lack of space in your racks) however where possible try to deploy the configuration points.
  • For local VLANs try to limit access modules to 1-3 VLANs. Limit these local VLANs to the Access and Distribution switches in your switching block
  • Avoid using VLAN 1 as the 'black hole' for unused ports. 
  • Have separate Data, Voice, Management, Native, 'Black Hole' or 'Parked' VLANs 
  •  Avoid VTP for local VLAN deployments (you're not intending on populating the local VLANs across the campus therefore you don't want VTP to inadvertently advertise these VLANs across your switching infrastructure)
  • For Trunk ports - hard set your ports to trunks - don't rely on DTP. (#switchport mode trunk NOT #switchport mode desirable)
  • Use Dot1q not ISL - this has better support for QoS.
  • Manually configure access ports - #switchport mode access
  • Prevent data traffic from VLAN 1, only use it for management protocols that default to using VLAN 1 such as DTP, VTP, STP BPDU's, PAgP, LACP, CDP et al
  • Use SSH for management access not telnet.

No comments:

Post a Comment