Cisco Support Community
Community Member

Black hole VLAN with DHCP

I'd like to create a blackhole VLAN (maybe not a good name for it) for two reason.s 1 assign it to unused ports and turn them off. 2 so when a tech goes to install a device and the port is enabled they would pull an unrouted DHCP ip address.


My questions what is the best way to create the unrouted DHCP scope for this blackhole VLAN. From my testing I have to create an SVI on the blackhole VLAN to assign it a DHCP scope. I don't want the devices that pull an address to be able to talk to anything. Is there a better way to do this? Would I have to put a ACL on the VLAN to stop all network traffic on this VLAN?


      Just create a layer 2

      Just create a layer 2 vlan  and "do not"  create an SVI.  It cannot be routed anywhere because there is no SVI associated with the L2 vlan.   All the devices will do is eventually get a default microsoft address of 169.x.x.x .   You should not even need to define any scope for the created vlan .

CreatePlease to create content