VLAN1 and Management VLAN

Unanswered Question
Jon Marshall Sun, 01/11/2009 - 04:02


If there are no devices that are in vlan 1 then no you do not need to assign an IP address for vlan 1 interface and you should shutdown vlan 1 interface.


Giuseppe Larosa Sun, 01/11/2009 - 05:01

Hello Mark,

for security reasons the best thing is to:

- shut SVI vlan1 if exists

- never use vlan 1 even for unused ports.

A suggestion is to use a dedicated parking Vlan for unused ports that:

has no Layer 3 services on it

it is never used as Native Vlan on an 802.1Q trunk in your campus.

the reason for not using Vlan1 for unused ports is that in any case a switch tells more to a PC if the port is in Vlan1.

if you don't use Vlan1 neither for management neither for data you are on the right path from a security point of view.

Hope to help



This Discussion