If you are trunking links shutting vlan1 will cause many problems.
This link is for 6500s but it has a lot of good info just in general to opitmal trunk link configuration as well as many other things. Look under the native VLAN section.
it is not possible to shutdown VLAN1. You can hower shutdown the SVI of VLAN1.
Best practices are never to use VLAN1. Also, create a dummy VLAN (for example VLAN999) and use it as your native vlan on your trunks.
Then, create a third VLAN that you use a management VLAN for your switches.
with svi or switch virtual interface is the 'virtual'lan layer 3 interface meant (interface vlan1)
Shutdown of the svi interface vlan1 has no impact on the Layer2 operation of eventually access ports in vlan1 or native vlan1. (Except when it's a multilayer switch and acting as default-gateway for the access-ports in the corresponding vlan)
As Dario says: evite the use of vlan1 as much as possible. Vlan1 should normally only be used by protocols like CDP,VTP,DTP (=default and cannot be changed, that's why vlan1 is always allowed over a trunk)
By using an unused VLAN as the Native VLAN, we can address a security threat in LAN environment.
Please note that if no native VLAN is configured, then VLAN-1 is taken as the default native VLAN.
Hmm; I believe that I may times have cleared VLAN1 from trunks:
switchport trunk native vlan xxx
switchport trunk allowed vlan 100,200
switchport mode trunk
As far as I'm aware no problems from VLAN1 missing on trunks.
yes, it's cleared.
VLAN1 is disabled for user data.
It's remaining available for Control Plane traffic, though, see
You might get into some STP troubles in some cases with VLAN1 disabled, as explained in the nice article mentioned.
IMHO, the safest (paranoid) approach is to disable VLAN1 on all trunks, create another VLAN (no ports assigned to it) as Native VLAN on trunks and third VLAN for switch management (again, no user port assigned).
what I said is not true.
sh int trunk
Port Mode Encapsulation Status Native vlan
Gi0/3 on 802.1q trunking 1
Port Vlans allowed on trunk
Port Vlans allowed and active in management domain
sh int G0/3 switch
Trunking VLANs Enabled: 108-110,521
also if no ports are configured in vlan1, svi 1 doesn't come up. Even if the trunk is up.
Anyway, vlan1 is still used by protocols like CDP,DTP,...
My excuses for the misleading information
indeed I just tested it.
You can safely remove Vlan 1 from the trunk interfaces, this is called as Vlan 1 minimization and has been supported since a long time on all the cisco switches. Typically all the control traffic like VTP, DTP, Pagp and CDP always travel on Vlan 1 being the default native vlan on cisco switches. If you remove the Vlan 1 on the trunk interfaces you have to create another vlan as native vlan so all the control traffic could pass through safely to various neighbouring switches. We always send CDP packets on vlan 1 so if you remove vlan 1 over the trunks you might see some CDP info problem.
you are not 100% correct.
"CDP, VTP, and PAgP updates are always forwarded on trunks with a VLAN 1 tag. This is the case even if VLAN 1 has been cleared from the trunks and is not the native VLAN. If you clear VLAN 1 for user data, the action has no impact on control plane traffic that is still sent with the use of VLAN 1."
"On an 802.1Q trunk, DTP packets are sent on the native VLAN. This is the case even if the native VLAN has been cleared from the trunk."
1) If you remove the Vlan 1 on the trunk interfaces you DON'T have to create another vlan as native vlan.
2) If you remove vlan 1 over the trunks there should be NO problem with CDP.
3) The only problem could happen in some cases with STP, as described also in the article.
My bad...:-). Yes I remember it now. We always send all control traffic using Vlan 1 even if it is removed on the trunk links.
See if you are not regular on these forums, this is what gonna happen to you. Sorry guys for the wrong info posted above.