If you change your native VLAN to something other than VLAN 1, are there any ramifications in administratively shutting down VLAN 1?
The only thing I'm not 100% sure of is whether or not VLAN1 or the new Native VLAN needs to be inlcuded in the allowed statement.
Just included the Vlans needed on the inter-switch link. I highly recommend adding the Management Vlan in the allowed list. There isn't any need to add Vlan 1 in the allowed list. Control traffic will still continue to function.
CDP/PAgP/VTP will always be sent on vlan 1. If vlan 1 happens to be the native vlan then these control protocols are sent untagged. If the native vlan has been changed to something other than vlan 1 then they will be sent as tagged frames across a trunk.
On ISL trunks DTP is always sent across vlan 1 so as above for these frames. However with 802.1q DTP frames are always sent across the native vlan so DTP frames will always be untagged (unless of course you tag even the native vlan).
UDLD i cannot say for sure what it does.
Jon is quite correct. If you need written confirmation from a cisco article, please take a moment and read this URL
In addition, the pruning controls data traffic, not control traffic so even while pruning Vlan 1 on the trunk, control traffic such as CDP will go thru.
Please rate helpful posts
Yes by default vlan 1 is the management and the native vlan. It also the vlan in which all ports by default are assigned to.
Network traffic and user traffic are not really to do with the native vlan as such. The native vlan is there purely for backwards compatability with 802.1d switches that do not understand vlan tagging.
If you change the native vlan and shutdown vlan 1 CDP/PagP/VTP will still be sent on vlan 1 - this won't change. STP is slightly different as nowadays you tend to run per-vlan STP.
The idea of having a separate management vlan is to ensure that user traffic is not in the same vlan. With a dedicated vlan you can control who can or cannot access that vlan.
The native vlan should be non-routed because it is
a) never going to have an user ports in it
b) never going to be accessed remotely from the switch.
So there is absolutely no reason why you need the native vlan to be a routable vlan and if you don't need it to be routed then it is safer not to make it. Ideally no ports should ever be allocated to the native vlan.
Have i answered your questions ?
There are 2 things here. Firstly vlan 1 is traditionally used as the management vlan ie. the vlan you use to actually access the switches.
The native vlan is the vlan that does not have a tag attached to it when packets for that vlan are sent across a trunk.
So shutting vlan 1 down is often more to do with changing the management vlan rather than changing the native vlan. It is recommended to have a non-routed vlan for your native vlan and different vlan than 1 or the native vlan for managing the switch.