[unisog] Who is using Management VLANs?

Daniel Hagan daniel at kickidle.com
Sat Apr 3 16:48:52 GMT 2004


 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> I'd be curious to know if you leave the management VLAN in VLAN 1,
> as many switching vendors recommend.   

Cisco, at least, recommends not using VLAN 1.  For a discussion of
VLAN security issues, you can see
http://www.cisco.com/warp/public/cc/pd/si/casi/ca6000/prodlit/vlnwp_wp
.pdf and http://www.cisco.com/warp/public/473/103.pdf .  If you're
not using Cisco, check for Best Practice Configuration guides from
your vendor for similar information.

I've implemented management vlans at sites (not a university) with
good results.  It's a big step up over using your data vlans to
handle your management traffic.  After implementing this, penetration
tests simulating internal and external attacks failed to compromise
any network device.

Good luck,

Daniel

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0.3

iQA/AwUBQG7qM4+dXBFYBv+GEQLuLQCfXTQGyVPI4i0yDl15D3HPaIHyZlQAoIs8
qikwLXjMSU4pgQZI+IXvzY3h
=5/6m
-----END PGP SIGNATURE-----



More information about the unisog mailing list