I connect a D-Link switch to a port on a Cisco switch which is of 2960 family, i.e. layer II. The Cisco switch is configured as VTP client to receive VLAN configuration from a VTP server.
I expect that the D-Link won't work unless I configure the port/interface on Cisco switch and assign a VLAN to that port/interface in the access or trunk mode.
However, to my surprise, the D-Link switch works fine out of the box, without any interface configuration on Cisco switch. I mean, when I connect computers to D-Link switch, they recognize the network and are able to communicate on the network.
Why is that? Why does D-Link switch work fine by just connecting it to any random port/interface on the Cisco switch? What should I do to prevent that and improve security?
Best Answer
By default, Cisco switch ports are configured as access ports on VLAN 1. If that is working for you, it's because your other devices are also on VLAN 1.
There are several things you can do to prevent someone from just plugging into your switch. The simplest solution is to disable all unused ports.
A side note: It's a generally recognized good practice to NOT use VLAN 1 for user traffic, because it is also used for management traffic and there are limitations on where it can be blocked.