Categories
Welcome Center
Education & Development
Discussions
Certification Preparation
Recent Posts
Groups
Free Resources
Ebooks
Free Workshops
Trending Certifications Infographic
Infosec Training
IT & Security Training
Live Boot Camps
Security Awareness Training
About Infosec Institute
Home
Certification Preparation
Cisco
CCNP (Professional)
Switch Security Question
gojericho0
If all access-ports are off VLAN1, would that eliminate any security issue of having VLAN1 as the native vlan on a trunk link?
Find more posts tagged with
Save $250 on 2025 certification boot camps from Infosec!
Book now with code EOY2025
Button
Comments
joshgibson82
If all ports are on vlan 1, why do you need a trunk?
gojericho0
i'm sorry type-o all access ports are
off
vlan 1
kryolla
what security issue are you trying to avoid?
gojericho0
mainly vlan hopping, but i wasn't sure if leaving the native vlan as the default would cause any other vulnerabilities.
kryolla
check out Cisco SAFE
You can change all the access ports from the default vlan or just prune vlan1 from all your trunk links and you can use switchport host for all your access ports and turn off DTP. There are 2 ways of mitigating vlan hopping, make sure your access ports dont form a trunk and the data vlan is not the native vlan for trunk links or tagged links.
SAFE - Cisco Systems
gojericho0
cools thanks,
neverheard of the switchport host to turn of DTP, but does switchport mode access do the same thing?
kryolla
it puts the port in access mode, portfast, and disables channel group.
Quick Links
All Categories
Recent Posts
Activity
Unanswered
Groups
Best Of
INFOSEC Boot Camps
$250
OFF
Use code
EOY2025
to receive $250 off your 2025 certification boot camp!
BROWSE BOOT CAMPS
