07-24-2008 08:36 AM - edited 03-06-2019 12:26 AM
I've read in some places that it is not advised to use Vlan 1 for security reasons. Is this a real good idea or is it more of pain to implement? If it is something that should be setup and used, what are good tips for making the transition and what all things need to be moved from vlan 1.
Thanks for your help!
07-24-2008 09:13 AM
Please see:
http://www.cisco.com/warp/public/cc/pd/si/casi/ca6000/prodlit/vlnwp_wp.htm#wp39009
on the reasons why is not recommended to use Vlan 1 to carry data traffic.
__
Edison.
07-24-2008 10:09 AM
Those are the exact reasons I've been thinking about this. However on 2960'2 and 3560's how do you change the management vlan to something else? Also isn't STP and CDP info always transmitted over vlan 1. If it's pruned will the not work correctly?
07-24-2008 10:37 AM
However on 2960'2 and 3560's how do you change the management vlan to something else?
Let's use Vlan 10 for instance:
interface vlan 1
no ip address x.x.x.x y.y.y.y
shutdown
interface vlan 10
ip address x.x.x.x y.y.y.y
no shutdown
Also isn't STP and CDP info always transmitted over vlan 1. If it's pruned will the not work correctly?
Those are control traffic, not data traffic. Be concerned only about data traffic.
HTH,
__
Edison.
07-24-2008 10:43 AM
ok that's easy enough. But if you prune vlan 1 from trunks, won't it interrupt the control traffic as well?
07-24-2008 10:46 AM
"CDP, VTP, and PAgP updates are always forwarded on trunks with a VLAN 1 tag. This is the case even if VLAN 1 is cleared from the trunks and is not the native VLAN. If VLAN 1 is cleared for user data, these is no impact on control plane traffic that is still sent using VLAN 1."
__
Edison.
Please rate helpful posts
07-24-2008 11:26 AM
Vlan 1 is not eligible to be pruned.
07-24-2008 12:35 PM
ok that's easy enough. But if you prune vlan 1 from trunks, won't it interrupt the control traffic as well?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide