08-16-2010 09:23 AM - edited 03-06-2019 12:30 PM
Hi,
I know that it is not possible to delete VLAN 1 on Cisco switch since it is used to carry protocol like VTP & CDP. My question is I would like to know if there is a way to restrict VLAN 1 to only carry the control traffic on this vlan. Can we prevent the switch from carrying traffic originated from a switchport within VLAN 1.
Thanks for your help
Stephane
08-16-2010 09:30 AM
Not sure is this what your want.
Change the native vlan to something else (in this example VLAN2) instead of VLAN1:
interface x/x
switchport access vlan 2
switchport mode access
Change the trunk native vlan something else (in this example VLAN22) instead of VLAN1. Also remove VLAN1 off the trunk:
interface y/y
switchport trunk encap dot1q
switchport mode trunk
switchport trunk native vlan 22
switchport trunk allow vlan 2-2094
HTH,
jerry
08-16-2010 11:06 AM
Hi Stephane,
I'm also not sure but my view of this topic is to use another VLAN for User traffic and to remove vlan 1 from all Access Ports, by putting them into the other vlan. If you want/need you can change the nativ vlan's like jerry told too!
For your information you can change the cdp and vtp source interface.
Maybe you can try to use ACL's to prevent the traffic, but Im not sure if that will work on VLAN1. Here you can use VACL, mac ACL'S or else if you want just permit the Switch MAC's but this is just an idea and a quick thought ..
regards,
Sebastian
08-17-2010 07:14 AM
Hi,
Thanks a lot for your good suggestions, make a lot of sense to just remove VLAN 1 from the switch and assigned unused port to another VLAN.
I am just curious here, do you have any detail or a link that can explain how we can chang the cdp and vtp source interface.
Thanks for all your help
Stephane
08-16-2010 02:09 PM
Steph1963 wrote:
Hi,
I know that it is not possible to delete VLAN 1 on Cisco switch since it is used to carry protocol like VTP & CDP. My question is I would like to know if there is a way to restrict VLAN 1 to only carry the control traffic on this vlan. Can we prevent the switch from carrying traffic originated from a switchport within VLAN 1.
Thanks for your help
Stephane
Stephane
1) all ports are by default in vlan 1 so for any ports on the switch that are not in use create a new vlan eg. vlan 998. This vlan does not need a L3 SVI. Then allocate all ports that are unused into vlan 998.
2) you can shutdown the SVI for vlan 1 and this will not affect VTP, CDP etc.
3) As Jerry says, you should change the native vlan from vlan 1.
4) Use a separate vlan for actually managing the switches - this vlan would need a L3 SVI.
5) Don't use vlan 1 for any user devices.
By doing all the above you are ensuring that nothing that you can configure on the switch will use vlan 1.
Jon
08-17-2010 09:54 AM
VTP:
Router(config)#vtp interface ...
CDP
Router(config)# cdp source-interface
But mabye this will not work on all IOS oder Switch /Router versions.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide