cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
8062
Views
0
Helpful
5
Replies

Disabling vlan1 across trunks

fsebera
Level 4
Level 4

Looking for the Pro's & Con's of disabling VLAN1 on Catalyst switches.Can someone provide a clear explanation as to what REALLY happens and what does not happen when vlan1 is disabled?

NOTE: Cisco documentation URL www.cisco.com/warp/public/473/21.html does not give enough information in this area. Page 23 has one paragraph that mentions this idea but fails to give any real details.

Any help would be greatly appreciated.

5 Replies 5

milan.kulik
Level 10
Level 10

If you disable VLAN1 it's disabled just for user data. But there is still some traffic remaining - there are some Cisco proprietary protocols which always use VLAN1 (BPDUs for "common Spanning Tree", VTP, CMP, etc.). You are not able to completly diasable VLAN1, I'm afraid.

I don't know one material containing this info in clear form; it's mentioned just "between lines" in different manuals (try to look at Cat 4000 configuration manual, STP section, e.g.).

HTH,

Milan

Be careful, I disabled by mistake VLAN 1 on both 1GB trunks from a 6509 to a 3548 which both were running udld.

10 sec. after I removed VLAN1, I saw the following on almost all ports on the 6509.

2002 Feb 11 10:48:26 %UDLD-3-DISABLE:Unidirectional link detected on port 2/2. Port disabled.

I was lucky to be able to telnet to the 6509 and shutdown the trunks to the 3548 and make set port X/X enable on the 6509 ports.

Conclusion, don't touch VLAN1.

Ole

It does depend what your native vlan on your trunk links. If you move the management vlan from vlan 1 to another vlan then you should be able to prune vlan 1 (at least from 6500,4000 switches) You can't with the 3500 series switches, they always keep vlan 1 on the allowed vlans on a trunk.

rfroom
Cisco Employee
Cisco Employee

This feature is not supported on all platforms and software. Actually, disabling of VLAN 1 only prevents Data Traffic on VLAN 1 from crossing a trunk, management traffic still passes. It is a useful feature as it limits the diameter of VLAN1.

Move your SC0 interface to another VLAN other than VLAN 1. Your objective should be to move all "user-data" off VLAN 1. There is no harm to leave VLAN 1 enabled - just don't use it. The switches need VLAN 1 for the VLAN 1 tagged management traffic that is generated. This is very important "switch-data".

Even if you disable or prune VLAN 1, VLAN 1 tagged "switch-data" will still traverse the switches using CMP (Cisco Management Protocol).

Ricky Boyd

CCIE 2901

Callisma

Review Cisco Networking for a $25 gift card