VLAN 1 on a Cisco Switch
In the many years I have been teaching Cisco courses I have come across a number of thoughts on VLAN 1. Some say not to use it, some say use it for management only. Have you ever wondered what the deal with VLAN 1 is? Well here is the scoop according to the VLAN Security White Paper via Cisco.com.
- The Document recommends that you not use VLAN 1 for inband management traffic. Instead you should pick a different that you will dedicate to keeping management traffic separate from user data and protocol traffic.
- Prune VLAN 1 from all the trunks and from all the access ports that don’t require it (including not connected and shutdown ports).
As far as the special VLAN for management purposes the document recommends the following:
- Don’t configure the management VLAN on any trunk or access port that doesn’t require it (including not connected and shutdown ports).
- When feasible, prefer out-of-band management to inband management.
There is certainly more that is discussed in the document and I think its a pretty good read. Have a look for yourself!
When you said : (including not connected and shutdown ports). By default each one port, comes with vlan 1 and not shutdown. If you type show vlan, you will see what I´m saying. Is not easy to control in a Data Center disable each one port.