Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

VLAN1 and Management VLAN

I am using VLAN2 for management and VLAN3 and above for data. Do I still need to assign an IP address to VLAN1?

Many thanks for you help

Mark

2 REPLIES
Hall of Fame Super Blue

Re: VLAN1 and Management VLAN

Mark

If there are no devices that are in vlan 1 then no you do not need to assign an IP address for vlan 1 interface and you should shutdown vlan 1 interface.

Jon

Hall of Fame Super Silver

Re: VLAN1 and Management VLAN

Hello Mark,

for security reasons the best thing is to:

- shut SVI vlan1 if exists

- never use vlan 1 even for unused ports.

A suggestion is to use a dedicated parking Vlan for unused ports that:

has no Layer 3 services on it

it is never used as Native Vlan on an 802.1Q trunk in your campus.

the reason for not using Vlan1 for unused ports is that in any case a switch tells more to a PC if the port is in Vlan1.

if you don't use Vlan1 neither for management neither for data you are on the right path from a security point of view.

Hope to help

Giuseppe

152
Views
0
Helpful
2
Replies