Friday, September 14, 2018

Why is VLAN 1 insecure?

I regularly see comments about VLAN 1 being insecure and that you should not use it.

Say I have the following two switch configurations, where ports 1-22 are access ports for users with a voice vlan for their phones, and ports 23 & 24 are trunk ports to a switch and a router and don't have an untagged/native vlan.

#config 1

vlan 1 name Users untagged 1-22 tagged 23-24 vlan 2 name mgmt tagged 23-24 ip address 172.16.2.1 255.255.255.0 vlan 100 name voice tagged 1-24 management-vlan 2 

#config 2

vlan 1 no untagged 1-24 vlan 2 name mgmt tagged 23-24 ip address 172.16.2.1 255.255.255.0 vlan 10 name Users untagged 1-22 tagged 23-24 vlan 100 name voice tagged 1-24 management-vlan 2 

What makes the first configuration insecure?

edit: formating



No comments:

Post a Comment