remove VLAN ID 1

nick.loenders

Hi,
apparently it is, for security reasons, not a good idea to have vlan id 1

But how can I remove vlan id 1 then?

It is in use by the management vlan I see. What does that even mean?
I was always in the understanding that everything is by default using vlan id 1.
But the LAN is using vlan id 4091 ?
or is it using vlan id 1 as well?

johnpoz

@nick-loenders It is common security work/enterprise thing to not use the default vlan 1. By this they mean they set vlans vs using the default.

If this is your home - there is zero reason to be concerned with this.

Vlan 1 is just the default vlan that is untagged on a managed switch. You can not really remove it, you can remove it from ports, etc. That is all that is mean by remove or not to use vlan 1.

example: notice on my cisco switch at home, there are no ports using vlan 1

But if your on a home network or smb, this isn't really something to worry about. This is normally a company policy. Its more about preventing accidental access than anything.

nick.loenders

@johnpoz On my pfsense it looks like:

So the default vlan tag is 1.
The VLAN tag for the LAN is then 4091 ?

But if I connect a switch or a pc to the pfsense, they can communicate with eachtother as the default vlan tag is 1 , correct?
So anyone can access the network if they connect to it?

Can I change this to vlan tag 250? Then not every device can just be connected to the network as 1 is not in use anymore??

Bob.Dig

@nick-loenders Who configured it like that in the first place?

nick.loenders

@bob-dig which part?

the VLANs, I added them

The 1 4090 4091 is by default