I regularly see comments about VLAN 1 being insecure and that you should not use it.
Say I have the following two switch configurations, where ports 1-22 are access ports for users with a voice vlan for their phones, and ports 23 & 24 are trunk ports to a switch and a router and don't have an untagged/native vlan.
#config 1
vlan 1 name Users untagged 1-22 tagged 23-24 vlan 2 name mgmt tagged 23-24 ip address 172.16.2.1 255.255.255.0 vlan 100 name voice tagged 1-24 management-vlan 2
#config 2
vlan 1 no untagged 1-24 vlan 2 name mgmt tagged 23-24 ip address 172.16.2.1 255.255.255.0 vlan 10 name Users untagged 1-22 tagged 23-24 vlan 100 name voice tagged 1-24 management-vlan 2
What makes the first configuration insecure?
edit: formating
No comments:
Post a Comment