Ok, not sure why anybody would use vlan 1 tagged for WAN traffic...  but is there an easy way to change this?

There are a number of 802.1q switches out there from different vendors that don't support vlan 1 tagging at all, because the switch uses vlan 1 for management.  

Any chance we can get this moved into the management console so it can be changed?  or will we be required to change it manually?

Does anybody have a howto on changing the default vlans?

No easy way at this time (check the source and bloodhound tickets on this one)

All reasonable switches should let you change the managment vlan or change port to trunked (remember managment vlan is not related to port tagging ). Back when I went through CISCO training it was considered best practice to move your managment vlan away from vlan 1 for "security"

VLAN 1 is many switches "LAN" network so if you just tag the port as a trunk port it should work and our node on vlan1 would be on your LAN for the WAN port so it can go through your router. You would need to change the PVID (untagged traffic id) of the port to 10 to pull the Node Lan into it's own network.

I understand that Cisco and 3com gear supports this... but there is a lot of other network gear floating around that doesn't... vlan 1 and 4095 on some switches are treated special and can not be trunked or tagged...That behavior conforms to the 802.1q standard... and Cisco gear using hybrid mode can mimic this behavior for operating with switches that can not tag vlan 1.

Certain Dell, HP, and certain other vendors can't handle vlan 1 tagging, which is annoying, but there is a lot of that gear out there in production, and a lot of it on the second hand market for very little money.

The bigger problem is plugging this into a production network, where the IT Security is never going to allow these devices connected to existing networks, because they can't assign vlan's for them, and nobody allows the use of vlan 1 for anything because as you said it violates best practice guidelines.

The reason I'm asking is because we're in the process of dropping a production link into the dispatch room at a university hospital and I know the IT security guys there and they'll laugh me out of the room if I suggest we use vlan 1 for anything :)

It's not a problem, I'm pretty sure I figured out how to change it... Once I confirmed that it worked, I'll post instructions.

You may consider picking up BBHN->ticket:61 (rebase all scripts to dynamically determine interface names) as it relates to what you will need to edit anyways and would be able to be merged into mainline code making it easier in the future for those who need to change interfaces.