Problems changing the default VLAN on a managed switch…
-
I keep reading suggestions that you should disable the default management vlan 1 when setting up a managed switch and create a different one. Security reasons I guess. Is this a best practice or rarely done?
On the HP Procurve I have, it's as simple as creating a VLAN and changing the management VLAN setting. It excludes all ports on VLAN 1 and untags them on the new.
Is that all that is required? Does a VLAN have to be created in pfSense? I currently have it running with no VLANs and the Procurve is setup with the default management VLAN.
Also, anyone setup a management only VLAN? A VLAN only for host interface management, like vSphere, HP iLO, etc. If you have one setup, please provide details on it. I've been thinking about it but I'm not sure if its worthwhile.
Thanks!
-
I figured out that no VLAN is necessary in pfSense. You can simply change the management vlan on the managed switch and it does the rest.
Can anyone please shed some light on creating a management interface only VLAN? I'd really like to put the pfSense, switch (if possible), vSphere, and HP iLO interfaces on a management only VLAN. Would like an idea of how to make it possible so I don't break the network. :)
Thank you!
-
If you don't create a management vlan on pfsense then you won't be able to access/route-to the devices on the m. vlan without creating a vlan adapter on the source device found on the regular lan. Though this isn't really an issue with a small number of devices.
As I recently found out, L3 switches will not route onto the m.vlan so all management devices need to be on the m.vlan.
Also, careful with esxi and vsphere. My grand master plan with management, iscsi multipath & data vlans meant a reset to defaults and reconfiguration from scratch! (So you might want to do this over a weekend)