I'd like to present a rebuttal :-)
The origins of the myth seem to me to be threefold:
- On old platforms, you really couldn't remove VLAN 1 from tagging interfaces
- Cisco documentation indicates that control traffic always uses VLAN 1
- There's an unrelated VLAN traversal attack involving VLAN 1, which is just one more reason to avoid using it.
Marko clearly demonstrated that transit traffic on VLAN 1 can be pruned from a trunk, and concluded:
I can only mostly agree with Marko here. Consider the following topology:
What should the CDP frames look like? Cisco Press (swiped from a comment on Marko's post) says:
So, even though VLAN 1 is disallowed from the trunk, frames tagged with VLAN 1 should still appear there. Wireshark agrees. Cisco Press is vindicated:
While you can definitely remove VLAN 1 transit traffic from a trunk, control frames really do belong to VLAN 1, and you can't remove these frames from the trunk. VLAN 1 is magic afterall.
Myth somewhat un-busted.