VLAN 1 and native VLAN?

[IllegalOperation]

Hello,


I am curious to see what everyone's best practices are regarding VLAN 1. Does anyone use it? "Disable" it? Avoid it?

I know there are some features that utilizes VLAN 1 (such as CDP), and I am curious to know if this will effect any of my services. We have a Solarwinds Orion server that will be monitoring our equipment, for example.

My boss told me he didnt want to use VLAN 1 with our switch fabric, as we designated VLAN 99 for management purposes.

I currently have it set up so my native VLAN is VLAN 99, and my trunks are not allowing VLAN 1 to pass. Is that ok? I am basically skeptical about changing my native VLAN, and not using VLAN 1. Your thoughts will be greatly appreciated.

 

[chieftan]

Correct with VLAN1.

When a port on a switch has no configuration assigned to it, VLAN1 is automatically assigned. From a security perspective this is not good.

The .1q trunks have ben set to not allow VLAN 1 , this is also good practice.

VLAN1 should be administrativly shutdown.

 

[vipergg]

you should be fine with what you are doing . Things like cdp will still flow properly . Generally it is good practice not to use vlan 1 .