Switches, Hubs, and Modems
Showing results for 
Search instead for 
Did you mean: 

Vlan/switch setup best practice

Go to solution
Joseph L. Casale
Regular Advisor

Vlan/switch setup best practice

What is the argument for using a vlan other then the default ID-1 for production use and untagging all client ports into?

We are making a significant amount of changes and could undo this current config with the only additional overhead of reconfiguring some firewall setup.

Is it worth it?


Re: Vlan/switch setup best practice


One argument is the security concern with regards to using default vlan as a production VLAN.

Whenever a port reverts back to default setting, for example because you delete a test-vlan with one port in, it will be placed into the default VLAN.
Now if this port is easily accessible to outsiders, they will now have access directly into the production vlan - and that is not something one want. =)

Mohieddin Kharnoub
Honored Contributor

Re: Vlan/switch setup best practice


Yes, its worth it, changing default Vlan from Vlan1 is considered always as a best Practice.

In fact, Vlan1 should be an unused Vlan without IP address, and all Unused ports should stay in That Vlan as untagged, so its better for Security Concerns.

Good Luck !!!
Science for Everyone
Joseph L. Casale
Regular Advisor

Re: Vlan/switch setup best practice

Answers made good sense.
Occasional Visitor

Re: Vlan/switch setup best practice

i have one question ..
we r deciding our new ip address scheme...
can u suggest shd we use the same vlan for all switches or diff vlan for each one?
which one is better and why?