Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Community Member

How to turn Cisco 2960S into unmanaged switch


The company I am working for has outsourced the network maintenace to a telecom company.  We are not supposed to plug switches not owned by the telecom company to the network.  In one occasion we plugged a Cisco switch into the network and it was detected (and of course, we were "warned" not to do so).  In another occasion, we plugged a 3Com and a Linksys unmanaged switch into the network.  They were not detected. 

We have several Cisco 2960S on hand and would like to turn it into "unmanaged" switch.  May I ask what configurations will be required?  I can think of the below:

- Disable CDP

- Disable Spanning-tree

- Disable VTP (or config it into transparent mode?)

- Do not assign IP address to interface Vlan1 (or simply shut it down)

Another question is that, supposed the "unmanaged" 2960 switch will be connected to port 1 (in vlan 20) of an uplink switch, if I do not specify the vlan for the ports of the 2960 switch (leave them to the default vlan1), will those ports belong to vlan 20?

Thanks a lot.


Everyone's tags (1)

How to turn Cisco 2960S into unmanaged switch

Hi ,

If i understand your requirement correctly then you dont want  someone to connect/manage your switch remotely .

For this , just dont assign any ip address to the switch and dont configure enable, vty , console login passwords.

For your second question, Still you will receive unknow unicast traffic from the vlan 20 .this is called Layer 2 vlan leakage.




How to turn Cisco 2960S into unmanaged switch

Personally I would not be plugging in a switch if I had been told not to do so as it can cause all sorts of issues for the existing network topology.

If the company who manage the existing switches had competent Network staff, they would have enabled features such as BPDUGuard, Port security and also prevented any access ports forming trunks so you may find plugging in a Cisco switch will not work anyway,

Even if you prevented your Cisco switch from sending BPDU's (which I would not recommend) then they would have enabled port security and set the maximum MAC addresses to 1 which would render your swich useless. As a Network engineer, I would not be comfortable advising you how to circumvent rules put in place by the company managing your network and I hope others won't either,

CreatePlease to create content