- This topic has 4 replies, 4 voices, and was last updated 6 years, 10 months ago by Anonymous.
joeqwertyMemberSep 30, 2013 at 12:01 am #162438
I’m working with a client to redesign his very simple network infrastructure and I have a question about using VLAN1.
My client has a single Dell PowerConnect 5324 switch connected to the Trusted and Optional interfaces on a Watchguard Firebox X1000 firewall. The switch has been configured with three VLAN’s: VLAN1, VLAN2 and VLAN3. The Firebox Trusted interface connects to a port in VLAN1 and the Firebox Optional interface connects to a port in VLAN2. VLAN1 is for backend servers, VLAN 2 is for an NLB TS cluster and VLAN3 is for an Exchange 2010 DAG replication network.
This design allows the client to have three internal subnets, one for the backend, one for the NLB TS cluster and the third for DAG replication. This provides Layer 2 separation of the three subnets and the Firebox handles the routing of traffic to VLAN1 and VLAN2.
The clients ISP is recommending that the client not use VLAN1 and they’ve given somewhat unclear reasons for it. They’ve stated that using VLAN1 could create a VLAN “conflict” with their network. Now I’ve read about VLAN hopping and switch spoofing due to the use of VLAN1 but I’ve never heard of a VLAN “conflict”. I don’t believe that the usual concerns regarding VLAN1 security are valid here as we’re talking about a single switch. Since VLAN’s are a Layer 2 construct and the Firebox External interface connects to the upstream router I don’t believe there’s any such thing as a VLAN “conflict”, and even if there is it’s not applicable here because our switches aren’t connected to the upstream providers switches. Our Firebox WAN interface connects to an Ethernet port on their router.
So my questions are: Is there really an issue with using VLAN1 in this scenario and is there such a thing as a VLAN “conflict”?
You must be logged in to reply to this topic.