Who is using Management VLANs?

Clarke Morledge chmorl at wm.edu
Mon Mar 29 23:05:10 GMT 2004


Are there many folks on the list using Management-only VLANs?

We are seriously looking into doing this, not only for security purposes,
but also to combine it with QoS to make management more robust. 

Thankfully, we missed getting infected with Witty Worm, but it brought up
nightmare memories of Slammer.  And since our network was eaten up by the
worm, network management of our devices was pretty much a bust.  So we are
looking at dropping in a management VLAN across campus and giving that
VLAN a high priority slot in QoS.  Hopefully, this would allow us to
continue managing the network in the event of a Slammer/Witty-worm level
attack -- assuming that our QoS scheme really works :-)

So I am curious to know if many other universities are doing this now or
are planning to do this in the near term.  If so, has it been worth the
move? What type of unforeseen problems (if any) did you eventually run
into?

I'd be curious to know if you leave the management VLAN in VLAN 1, as
many switching vendors recommend.   

In a perfect world, I'd just run a separate physical network to each
infrastructure device instead of a VLAN.  But to think of it that way, in
a perfect world, I would not be putting so much effort into network
security :-(

Any thoughts?


Clarke Morledge
College of William and Mary
Information Technology - Network Engineering
Jones Hall (Room 18)
Williamsburg VA 23187




More information about the unisog mailing list