[c-nsp] VLAN 1 troubles?

[Bryan Holloway]

On 8/26/18 1:36 PM, Mark Tinka wrote:
> 
> 
> On 26/Aug/18 18:47, John Osmon wrote:
> 
>> I've got a 3560 switch in a lab situation that I'm looking for insight.
>>
>> I have a virtualization host hung off of a trunking port.  VMs on this
>> platform are able to communicate over any VLAN if I'm running a 12.2
>> image.
>>
>> As soon as I change to a 15.0 image, packets for VLAN1 no longer pass
>> the switch port -- but all other VLANs do.  This is true whether the
>> packets are explicitly tagged as VLAN 1, or if I leave them "native."
>>
>> I have means to work around the issue, but it's bugging me...
>>
>> Is there some esoteric change between IOS 12 and IOS 15?
>> Is there something I've been doing wrong for years with IOS switches?
>> Am I hitting a bug?
>> Do I just need to get rid of this test switch and get something more
>> modern for a lab switch?
>>
>>
>> Switch details:
>>   model:         WS-C3560G-24TS
>>   working image: c3560-advipservicesk9-mz.122-25.SEE2.bin
>>   failing image: c3560-ipservicesk9-mz.150-2.SE10.bin
>>   port config:
>>     interface GigabitEthernet0/15
>>      switchport trunk encapsulation dot1q
>>      switchport mode trunk
> 
> Due to the way Cisco has always treated VLAN 1, general advice over the
> years has been to avoid using it for production traffic.
> 
> We don't even use it for switch management.
> 
> Mark.

We use a lot of those switches running both 12.x and 15.x, and, while I 
can't say I've seen that particular behavior before, I 100% agree with 
Mark. Never use VLAN 1 for anything, regardless of vendor. Too many 
potential gotchas/caveats.