Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Community Member

VLAN Management


I have almost 50 cisco switches, they are accessable through there public IPs, some ports of the switches are used for the local IPs, but some ports of the switchs are used for the Public IP clients, local IP clients are working through VLAN, but public IP clints are not working any VLAN, they are working under VLAN 1, and all switches are also managed through VLAN 1..

* Is it a good method, Or i configure a different VLAN for a Public IP Clients.

Thank You


Re: VLAN Management

What I suggest is to use separated VLANs for public, private and management traffic. It can prevent the attack from public to your equipment and limited the broadcast domain. However, VLAN routing and ACL is required for the security issue.

Community Member

Re: VLAN Management

The special thing about VLAN1 is that it's the native VLAN (as long as you don't change that by configuring a different one as nativ).

The switches exchange a lot of managent-data on the native VLAN, e.g. VTP, STP, CDP etc.

An other thing is that the native VLAN is transmited untagged on trunks which can be a security risk. And port that are not assigned to a VLAN, operate in VLAN1 by default.

That's why some people don't use VLAN1 at all.

A good link regarding switch security:

CreatePlease to create content