Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

VLAN best practice

Why its best practice to have Vlan 1 separate without combining with any other Vlans like Server Vlan. Since, Server Vlan will be fairly having minimal number of servers. I have searched the web and even discussed with my friends and I am not satisfied with the answers.

Can any of you give me an idea why its best practice to have the Vlan 1 separate.

Also need to know, while creating vlans initially how to assign the Vlan 1 like

vlan 1 name valn1


vlan 1 name managementvlan


To leave vlan 1 without touching it and start assigning from vlan 2 and above….

If any have any documentation links or if you have a sample configs for good practice plz let me know.

Thanks in advance…..



Re: VLAN best practice


On most switch platforms, Vlan 1 is used as the native VLAN i.e frames sent on ports configured for the native VLAN are sent as raw, untagged Ethernet frames. Therefore, if you wanted your traffic on these ports to be tagged, you would not use the native VLAN (VLAN 1, by default).

The name you give to the vlan is entirely up to you - you could leave it as the default name. It does not affect switch operation in any way.

Also, the management VLAN is usually VLAN 1 so it would be a good idea to separate your user traffic from management traffic. With this separation, any broadcast/packet storm that occurs in the user or server VLAN does not affect the management of switches.

Hope that helps - pls rate the post if it does.


New Member

Re: VLAN best practice

Thanks Paresh..

Do you have any documents from Cisco for the best Vlan Practices???




Re: VLAN best practice

Try the following:

Hope that helps - pls do rate the posts.


New Member

Re: VLAN best practice

It's a general best practice to avoid using Vlan1 for a few reasons.

First, as someone mentioned, in an 802.1q trunk, it's the default native vlan. Native vlans are unique in that they're untagged, so there's no 802.1q header. Without the header, there's no 802.1p tag, so there's no CoS value. If you utilize a L2 CoS based trust for QoS, you'll find all of your Vlan1 traffic to be classified as DSCP 0.

The second reason, is that some platforms (mostly depending on code version) can not prune Vlan1 from the trunk. You want to avoid vlans spanning a large number of switches to improve your L2 stability, by leaving Vlan1 shutdown, you reduce the number of potential problems in having a huge L2 STP domain.