common VLAN mistakes
Here are some common VLAN mistakes I’ve seen in real projects (and some that cause hours of troubleshooting):
1. Forgetting to Assign Switchports to the Correct VLAN
-
You create the VLAN in the switch but don’t actually put the interface in that VLAN.
-
Result: The PC won’t communicate with others in the same VLAN.
2. Using VLAN 1 for Everything
-
Many leave VLAN 1 as default for all ports, management, and native VLAN.
-
This is risky because VLAN 1 is a common attack vector and used by control protocols like CDP, STP.
3. Forgetting to Allow VLANs on Trunks
-
You configure VLANs on both switches, but trunk ports only allow VLAN 1 by default.
-
Without
switchport trunk allowed vlan ..., traffic from other VLANs won’t pass.
4. Mismatched VLAN Numbers or Names
-
VLAN 10 on one switch might be named “SALES” and VLAN 20 on another also named “SALES.”
-
The name doesn’t matter for functionality, but the ID must match for end-to-end communication.
5. Not Configuring a Management VLAN
-
Managing a switch via a data VLAN is risky.
-
Always use a dedicated management VLAN with restricted access.
Comments
Post a Comment