Default vlan

Similar Messages

• 802.1x default VLAN

  Hi,
  I am trying to set up 802.1x on a Catalyst 4006 with a Supervisor III module with IOS 12.1(12c)EW1. I am using Cisco Secure ACS 3.0(2) Build 5 for my Radius server. I'm using the Windows 2000 802.1x hotfix for my 802.1x client software. My goal is as follows:
  If USER1 gets authenticated, authorize them to access VLAN 10.
  If USER2 gets authenticated, authorize them to access VLAN 20.
  If someone tries to logon to the network without the 802.1x Client, authorize them to access VLAN 30.
  I have been able to get USER1, and USER2 onto their correct VLANs, but I have been unable to setup a default VLAN for unauthenticated/unauthorized users to be able to access. The only thing I have been able to do is Force Authorization on to VLAN 30 for all users, but then I am unable to assign USER1 or USER2 to their correct VLANS because when I turn on Force Authorization, the switch ignores the client requests for authorization, it just automatically throws them onto VLAN 30.
  The reason I would like to do this is so that we can assign known users onto the VLANS we want them to access, and we want to throw unknown users onto VLAN 30. We want to allow unknown users access to the internet because we have outside venders teaching classes on our campus, and we can't be guarenteed that they will have 802.1x on their laptops, but they will still need to access the internet to teach their classes.
  If more information is needed (how we have the switch configured now) or I have not been very clear in what I need, let me know. Any help would be greatly appreciated.
  Jeremy Zanitsch

  From you question I understand that you want a procedure to authenticate unknown user, may be the following URLs could give you some ideas.
  http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_user_guide_chapter09186a008007dea7.html#xtocid2932211
  http://www.cisco.com/warp/public/cc/pd/sqsw/sq/tech/deacs_wp.htm

• Management and Default VLAN

  Hi All
  I need advice.
  At my former office, we used to have another vlan e.g. vlan 10 for management vlan purpose so that we do not use default VLAN 1 to access the switches which i think is good for security purpose.
  Now how can I convince my present company that it is the best way to go as they have only vlan 1 for management purposes but then use another vlan say vlan 189 for all unused port which alas, they do not keep to, so invariably, we have ports in vlan 1 and 99 and every where
  Is there a doc whereby I can show them why it is best to have a different management vlan from default vlan.?
  Thanks

  Hi, here is a link that gives a little explanation on Precautions for the use of default management vlan.
  Refer to "Precautions for the Use of VLAN 1" section.
  http://www.cisco.com/en/US/products/hw/switches/ps708/products_white_paper09186a008013159f.shtml#wp38986

• SRW224G4P only work on default VLAN 1

  I have a SRW224G4P linksys switch with the following configuration.
  VLAN 10 (untagged) excluded for port 1,2
  VLAN 100 (tagged) included for port 1,2
  VLAN 200 (untagged) included for port 1,2
  PVID set to 200 for port 1,2
  When I connect PCs onto port 1,2, they cannot ping each other.
  If I set the PVID for port 1,2 to 1 (the default VLAN), then it will work.
  Are there anything I missed in order to use VLAN 200 for the PCs ??
  Any input most appreciated. KL

  if admin is not accepted:
  1:launch IE
  2:click tools>>click internet options
  3:click on security tab>click customer level button
  4ut a check mark on automatic log-in with current username and password
  NOTE:make sure you click on apply button before the ok button
  and then close the internet browser and open a new one
  Last:access 192.168.1.1  with the password "admin"
  (reset router (30s)  and then shutdown 30s)
  expecting mother

• Default VLAN on SGE 2000

  Hi all,
  I would like to know if is there a way to change default VLAN on linksys sge2000?
  I would like to change default vlan 100 to vlan 1.
  Thanks.
  Regards

  why not create a new vlan and then add all the devices to the new vlan that you created. i believe that there is no way to remove the default vlan on the switch.

• Change Default VLAN on SRW2008P

  I have an SRW2008P switch I am trying to connect to my Layer3 network, which is all CIsco 3560 IOS.  i think the default vlan for cisco is 100 but the default vlan for linksys is 1.  I have port 8 on the SRW2008P connected to my cisco network and have it set as trunk on both sides.  I have the vlan 100 set as untagged on the SRW2008P.  Also, I have my user/mgt vlan 19 set as a tagged interface on the SRW2008P.  Now, when I set the Management VLAN on the SRW2008P to 19, I am not able to communicate with the switch at all from my 3560, no ping, http, etc.   My only idea is that the default vlan on the SRW2008P needs to be 100, not 1, is there a way to change that?  Am I missing some other step? 

  As per Linksys documentation, the default or native VLAN cannot be changed.
  I would prefer setting up one of the ports on the SRW2008P as TRUNK. Create VLAN 100, member ports to VLAN100 including the TRUNK port and check if that would work.
  Hope this helps!

• What is difference between Default VLAN and Native VLAN?

  Answer

  Cisco switches always have VLAN 1 as the default VLAN, which is needed for many protocol communication between switches like spanning-tree protocol for instance.
  You can't change or even delete the default VLAN, it is mandatory.
  The native VLAN is the only VLAN which is not tagged in a trunk, in other words, native VLAN frames are transmitted unchanged.
  Per default the native VLAN is VLAN 1 but you can change that:
  #show interface Fa0/8 trunk
  Port        Mode             Encapsulation  Status        Native vlan
  Fa0/8       on               802.1q         other         1
  (config-if)#switchport trunk native vlan 2
  (config-if)#do show interface f0/8 trunk
  Port        Mode             Encapsulation  Status        Native vlan
  Fa0/8       on               802.1q         other         2
  The default VLAN is still VLAN 1.
  #show vlan id 1
  VLAN Name Status    Ports
  1    default active    Fa0/8, Gi0/1
  HTH
  Rolf

• What steps are needed to untag default vlan to gigabit port on SRW208P

  We have VLAN 1 disabled on our standard Cisco Catalyst switches and use VLAN 11 as our default.  We have recently added VLAN 221 for voice while implementing a new Cisco UC system.  I can't seem to disable VLAN1, however, I have made the default VLAN 11 and Voice VLAN 221.  In VLAN Management, I can untag VLAN 11 (PVID) on all ports but the Gigabit port connecting to the Cisco 6506.  That port always tags VLAN 11 & 221 and untag (PVID) VLAN 1. 
  I have tried making changes to the switch while connected to the switch and when I make the setting, the switch loses connection to the 6506.  If I make the appropriate changes to GI(1) while connected to GI(2), that change takes effect, however, when I move the patch cable to GI(1), the port configuration changes and VLAN 11 becomes tagged and VLAN1 becomes untagged. 
  What is needed to stop this from happening? 

  Hi, I do not support the UC500 model so I can only give information to the switch. The older ESW, SX300 and SX500 series were designed to plug and play to the UC300/500 series for basically zero configuration.
  To my knowledge (which I can be very wrong!!!!!) The UC500 uses vlan 1 data, vlan 100 by default and it usually doesn't deviate this.
  You may disable the smart port and auto voice vlan features, yes. However, this means you need to manually configure your ports or use the telephony OUI features.
  I can outline how to disable the smart port and avoid using auto voice vlan, however, it would be most prudent for you to call the UC500 support to 100% ensure there is not a better way to manage via way of the UC platform.
  If you could please call the SBSC and verify there is nothing better to be done then I would be happy to further assist
  http://www.cisco.com/en/US/support/tsd_cisco_small_business_support_center_contacts.html
  -Tom

• Flapping MAC in default VLAN 1 (mngt vlan)

  Hi there,
  I got 8x 4506 in 10G ring. And about 100 switches 2960, 3750, etc.
  2 of 4506 are running in HSRP.
  STP is RSTP per VLAN.
  I have flapping MAC addresses in VLAN 1 (default, mngt vlan for switches).
  Log seems like:
  Apr  4 16:51:24: %C4K_EBM-4-HOSTFLAPPING: Host 00:23:AB:2A:7E:C0 in vlan 1 is moving from port Gi2/11 to port Te1/1
  Apr  4 16:51:24: %C4K_EBM-4-HOSTFLAPPING: Host 00:23:AB:2A:7E:C0 in vlan 1 is moving from port Te1/1 to port Gi2/11
  Apr  4 16:52:28: %C4K_EBM-4-HOSTFLAPPING: Host 00:26:52:53:3C:C0 in vlan 1 is moving from port Gi2/6 to port Te1/1
  Apr  4 16:52:28: %C4K_EBM-4-HOSTFLAPPING: Host 00:26:52:53:3C:C0 in vlan 1 is moving from port Te1/1 to port Gi2/6
  Apr  4 16:56:06: %C4K_EBM-4-HOSTFLAPPING: Host 00:23:AC:24:A1:40 in vlan 1 is moving from port Gi6/34 to port Te1/1
  Apr  4 16:56:06: %C4K_EBM-4-HOSTFLAPPING: Host 00:23:AC:24:A1:40 in vlan 1 is moving from port Te1/1 to port Gi6/34
  Apr  4 16:57:02: %C4K_EBM-4-HOSTFLAPPING: Host 00:1E:BD:60:5D:40 in vlan 1 is moving from port Gi2/18 to port Te1/1
  Apr  4 16:57:02: %C4K_EBM-4-HOSTFLAPPING: Host 00:1E:BD:60:5D:40 in vlan 1 is moving from port Te1/1 to port Gi2/18
  If you can see, flap is start end end in the same time and MAC addresses corespondent to interface vlan 1 of each of switches
  Is possible, that is loop in VLAN 1, but I did not find any.
  Can some mngt software, like Cisco Prime Infrastracture or Assurance find out if there is loop or if is in STP or HSRP or something other?
  Thank for any reply.
  Best Regards,
  Steve

  Hi,
  If this is the case create a different vlan (vlan2) and move some users to it and watch for the same error message.  That will tell you if the issue is really vlan1 MAC address.
  HTH

• Command to put management Vlan of IDSM-2 in non-default Vlan

  Folks,
  Does anyone know the procedure to put managerment interface of a IDSM-2 in a VLAN other then Vlan1 which is the default, i would like to create a different vlan for IDSM-2 management and place the management interface if IDSM-2 in it.
  Thanks

  Refer to this section in the User's Guide:
  http://www.cisco.com/univercd/cc/td/doc/product/iaabu/csids/csids11/cliguide/cliidsm2.htm#wp1030694
  It shows steps for both Cat OS and Native IOS.
  The doc is a 5.0 doc, but the switch commands are the same for 4.1.

• SFE2000: default VLAN problem

  Hi, i have a problem with SFE2000.
  I have 2 VLAN -> 1 (default) and 77
  on port 1 i have VLAN 1 untagged
  on LAG1 (G3+G4) i have VLAN 77T and 1U
  on LAG1 i have attached a vmware esxi 4.1 that has management interface on 192.168.1.254 (VLAN 1) and virtual machine traffic data on VLAN 77 (tagged)
  now ... from pc connected to port 1 ... i see 192.168.1.254 only for some seconds ... then i loose it (usualy i don't ...)
  that's really strange ... seems something about defalut vlan 1
  i could change all management port on new vlan 100 ... but ... is there any way to manage switch on a vlan different from default one (1)?
  tks

  Hi Stefano.
  I guess you have the latest version of code on the SFE2000.
  Version 1 code was not as flexible as current code versions  and only wanted to use the predefined vlans.  Version 3 code made the switch so much much more flexible.
  So if your switch isn't on version 3 code, go the link below and download the code via 'download software' option.
  http://www.cisco.com/en/US/products/ps9980/index.html
  I could check the manual, but I believe this layer 3 switch, you can select the management vlan when you are at version 3 of the code..
  So if your SFE2000 is at version 3 code and under phone  warranty and still having issues, why not see if a SBSC technician can look at the switch to determine operator or switch error?  To get to a SBSC technician check the link directly below.
  http://www.cisco.com/en/US/support/tsd_cisco_small_business_support_center_contacts.html
  Hope this provides a direction for you to move forward.
  regards Dave

• Change default VLAN on a catalyst express 500 series.

  Hi. On one of our networks we have a CE 500 series 24 port switch (the one with just 4POE ports). As it hasnt got a proper console interface, is there a way of changing the default data vlan from 1 to 2 without having ro reset it?
  I've logged into the web page on it but I cant change my default data vlan ID because its greyed out.. Does the default data VLAN ID need to be specified on installation?
  Thanks

  You may porbably get help from the below link:
  http://www.cisco.com/en/US/products/ps6545/products_configuration_example09186a00806da6c9.shtml#vlans

• Cisco ACE default vlan

  Hello everybody,
  I am installing a ACE 4700 in a customer but when i started to work and saw their topology, then i realized that i had a problem. The problem is that i cannot create the interface vlan 1 and assign an ip address to it. I saw some documments is cisco.com site that the ACE hide this vlan.
  Follows my topology:
  Servers vlan are the vlan 1
  Clients vlans are 5
  Management vlan is 8
  As i undertood, the ACE has to have at least one interface in the servers vlan, but i cant create the VLAN 1. So my problem is, how do i unhide the vlan 1 in the ACE so i can configure an ip address on it.
  Leandro

  If you can't have the customer migrate the servers into a different VLAN, you need to trick a bit, as VLAN1 is not usable on the ACE.
  Pick a VLAN number that you will use inside the ACE for the outer VLAN1. Say, VLAN101.
  If you have an access port connecting to the server segment, just set it to 101:
       switchport access vlan 101
  If you connect via a trunk, set your native VLAN to 101:
       switchport trunk native vlan 101

• Migrate Default VLAN to another vlan

  Hi
  We are replacing our core stack of 3750 with a new core setup as a VSS. As part of this migration I want to connect the new core to the old core via trunk links as I migrate the configs over and connections. 
  My management vlan is currently vlan 1 but want to move this to vlan 5 as part of the change. I want to keep the same management subnet tho. How can I co-exist management IPs on both switches as part of the same subnet but different vlan. Is this possible or is there an easier way.
  I know I can configure the new switch without connecting to the exisiting but the plan is that during the migration, I want to migrate the L2 links first and test and then migrate the L3 links which is why I want to connect the new core to the existing core
  Thanks

  Hi,
  Since you need to trunk the new vss to the old 3750 stack, you need to have the same vlan tags on both side of the link.  So, on the old core the mgmt vlan is 1 (tagged) and if you change it to vlan 5  (tagged) on the link between vss and 3750 stack than even though both vlans are in the same subnet they will not be able to communicate with each other because the tags are different. Also, if you have specified vlan 1 as native on your current trunks and when you connect the new core to the old core and if your native vlan is 5, you will see mismatch native vlan.  So, what you can do it use vlan 1 on the trunk connecting vss to the old core with unused IPs (if you have any available) than once you migrate to the new core you can have a maintenance window and change vlan 1 to 5.
  HTH

• Default Vlan (Vlan 1) is down

  I create Vlan 1, but see Vlan 1 is down.
  #sh int vlan 1
  Vlan1 is down, line protocol is down.
  can someone explain the reason.
  Thanks.

  In order for your VLAN1 to show up/up one of the following two conditions should hold:
  1) There should be one active (physically up) access port in VLAN 1.
  2) VLAN1 should be carried in an active trunk on the switch (normally it is).
  This is because of a feature called autostate which brings up the logical interface (vlan interface) up only when there is a physical device on that VLAN.