[c-nsp] VLAN 1 through routed ports

[Tony]

--- On Fri, 9/1/09, Justin Shore <justin at justinshore.com> wrote:

> 
> On a related side note, can VLAN 1 be disabled?  If the
> state is set to suspended or the vlan is 'shutdown'
> in vlan sub-config mode, would that actually shutdown VLAN
> 1?  If a default config access-mode switchport in VLAN by
> default receives a packet, does it drop it?  I'm looking
> for ways to prevent what happened last night and since I
> can't remove VLAN 1 from the trunk ports in question
> I'd like to figure out how to disable the VLAN.  The
> other option would be to change the VLAN used by default for
> the access VLAN when one isn't configured on a port.  Is
> there a config option for that?
> 

You can configure the default vlan to something else using "switchport trunk native vlan" command:

http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2SX/configuration/guide/layer2.html#wp1034721


You might also consider whether the command "vlan dot1q tag native" is appropriate in the circumstances ? It can be enabled globally and disabled on a per interface basis if required. 

"The vlan dot1q tag native command is a global command that configures the switch to tag native VLAN traffic, and admit only 802.1Q tagged frames on 802.1Q trunks, dropping any untagged traffic, including untagged traffic in the native VLAN."

http://www.ciscosystems.com/en/US/docs/switches/lan/catalyst6500/ios/12.2SXF/native/configuration/guide/dot1qtnl.html#wp1006255

>From the description it appears that it will drop any untagged VLAN ingress  traffic. Whether this helps or not depends whether traffic in VLAN-1 is tagged or untagged. Assuming it's the default VLAN on your new piece of equipment then I "think" it will be untagged.


Again, this is all theoretical from my PoV. If the above doesn't help, perhaps it will at least point you in the right direction.



regards,
Tony.