cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
8240
Views
5
Helpful
7
Replies

Should you not use Vlan 1

nmooremvsc
Level 1
Level 1

I've read in some places that it is not advised to use Vlan 1 for security reasons. Is this a real good idea or is it more of pain to implement? If it is something that should be setup and used, what are good tips for making the transition and what all things need to be moved from vlan 1.

Thanks for your help!

7 Replies 7

Edison Ortiz
Hall of Fame
Hall of Fame

Please see:

http://www.cisco.com/warp/public/cc/pd/si/casi/ca6000/prodlit/vlnwp_wp.htm#wp39009

on the reasons why is not recommended to use Vlan 1 to carry data traffic.

__

Edison.

Those are the exact reasons I've been thinking about this. However on 2960'2 and 3560's how do you change the management vlan to something else? Also isn't STP and CDP info always transmitted over vlan 1. If it's pruned will the not work correctly?

However on 2960'2 and 3560's how do you change the management vlan to something else?

Let's use Vlan 10 for instance:

interface vlan 1

no ip address x.x.x.x y.y.y.y

shutdown

interface vlan 10

ip address x.x.x.x y.y.y.y

no shutdown

Also isn't STP and CDP info always transmitted over vlan 1. If it's pruned will the not work correctly?

Those are control traffic, not data traffic. Be concerned only about data traffic.

HTH,

__

Edison.

ok that's easy enough. But if you prune vlan 1 from trunks, won't it interrupt the control traffic as well?

"CDP, VTP, and PAgP updates are always forwarded on trunks with a VLAN 1 tag. This is the case even if VLAN 1 is cleared from the trunks and is not the native VLAN. If VLAN 1 is cleared for user data, these is no impact on control plane traffic that is still sent using VLAN 1."

http://www.cisco.com/en/US/products/hw/switches/ps700/products_white_paper09186a00801b49a4.shtml#pre6

__

Edison.

Please rate helpful posts

Vlan 1 is not eligible to be pruned.

ok that's easy enough. But if you prune vlan 1 from trunks, won't it interrupt the control traffic as well?

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco