cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
4583
Views
12
Helpful
5
Replies

Is it possible to delete data on VLAN 1

Steph1963
Level 1
Level 1

Hi,

I know that it is not possible to delete VLAN 1 on Cisco switch since it is used to carry protocol like VTP & CDP. My question is I would like to know if there is a way to restrict VLAN 1 to only carry the control traffic on this vlan. Can we prevent the switch from carrying traffic originated from a switchport within VLAN 1.

Thanks for your help
Stephane

5 Replies 5

Jerry Ye
Cisco Employee
Cisco Employee

Not sure is this what your want.

Change the native vlan to something else (in this example VLAN2) instead of VLAN1:

interface x/x

switchport access vlan 2

switchport mode access

Change the trunk native vlan something else (in this example VLAN22) instead of VLAN1. Also remove VLAN1 off the trunk:

interface y/y

switchport trunk encap dot1q

switchport mode trunk

switchport trunk native vlan 22

switchport trunk allow vlan 2-2094

HTH,

jerry

Hi Stephane,

I'm also not sure but my view of this topic is to use another VLAN for User traffic and to remove vlan 1 from all Access Ports, by putting them into the other vlan. If you want/need you can change the nativ vlan's like jerry told too!

For your information you can change the cdp and vtp source interface.

Maybe you can try to use ACL's to prevent the traffic, but Im not sure if that will work on VLAN1. Here you can use VACL, mac ACL'S or else if you want just permit the Switch MAC's but this is just an idea and a quick thought ..

regards,

Sebastian

Hi,

Thanks a lot for your good suggestions, make a lot of sense to just remove VLAN 1 from the switch and assigned unused port to another VLAN.

I am just curious here, do you have any detail or a link that can explain how we can chang  the cdp and vtp source interface.

Thanks for all your help

Stephane

Jon Marshall
Hall of Fame
Hall of Fame

Steph1963 wrote:

Hi,

I know that it is not possible to delete VLAN 1 on Cisco switch since it is used to carry protocol like VTP & CDP. My question is I would like to know if there is a way to restrict VLAN 1 to only carry the control traffic on this vlan. Can we prevent the switch from carrying traffic originated from a switchport within VLAN 1.

Thanks for your help
Stephane

Stephane

1) all ports are by default in vlan 1 so for any ports on the switch that are not in use create a new vlan eg. vlan 998. This vlan does not need a L3 SVI. Then allocate all ports that are unused into vlan 998.

2) you can shutdown the SVI for vlan 1 and this will not affect VTP, CDP etc.

3) As Jerry says, you should change the native vlan from vlan 1.

4) Use a separate vlan for actually managing the switches - this vlan would need a L3 SVI.

5) Don't use vlan 1 for any user devices.

By doing all the above you are ensuring that nothing that you can configure on the switch will use vlan 1.

Jon

VTP:

Router(config)#vtp interface ...

CDP

Router(config)# cdp source-interface

But mabye this will not work on all IOS oder Switch /Router versions.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco