Hondabuff wrote: »
Vlan 1 is more of the default VLAN for switches from the default config. This is how they come out of the box so non-Cisco people can just plug and play them. Step one of securing a switch is to change the native VLAN to something other than 1 since every new switch uses it. Simplest solution is to make a new VLAN such as 2 and assign it to all used "access" switchports and on the trunkport to the router use the "switchport trunk native vlan 2" so the traffic is now sent untagged on VLAN 2 so devices plugged into the switch can talk to the router. Most of the control plane traffic "CDP,VTP,PAgP" is using VLAN 1 and is still needed on the switch for these to function.