Tuesday, February 23, 2010

How to remove Vlan1 in exsisting production network?

We have a Vlan 1 is up on some of the switches in our production network. How do you remove vlan1 without impact in production?

You can't actually stop vlan 1 sending CDP/PaGP/VTP etc. across trunk links but what you can do is -
  1. create a vlan eg. vlan 999 to put all ports that are unused into. There is no need to create a L3 SVI for vlan 999 because it is only for unused ports
  2. change the native vlan from vlan 1 to another vlan. Again this vlan does not need a L3 SVI because the native vlan does not need to be routed
  3. If you are using vlan 1 to manage your switches you need to create a new vlan for that and shutdown vlan 1 interface on each switch and add a L3 SVI for the new vlan. You will need to be at the console for this otherwise you could lose connectivity.
If you have any user ports in vlan 1 then you will need to reallocate these into different vlans.

Once you have done all that vlan 1 will only be used for Cisco L2 managements protocols - CDP/PaGP/VTP etc.

