"i do not want any of the office user or the guess be able to access the server on the vlan 1
not only access but also the broadcasting will not be seen...eg pinging.."
What is the point of this setup?? What are the point of servers if your not going to access them? Are there also guests on vlan1?
Is this some exercise only?
The points of moving active ports out of vlan 1 is valid - but I think the OP is more just talking 1,2,3 to distinguish that they are different not the actual tag number.
This is common practice to make sure you don't end up with ports in the wrong vlan by accident, etc.
And again if you can put ACLs or NOT route between the vlans your fine from a security issue - unless your worried about some internal hackers gaining access to your servers on vlan 1 that nobody accesses. As stated already, common business practice is vlans are fine from a security standpoint. Is your office the DOD? Or a government building? I doubt it - since it was we wouldn't be having this conversation, since the people setting up the network would not need to ask such questions. You would hope
Keep in mind that some of the attacks against vlans are with trunking, in your 1 switch setup there is no trunking
I would suggest you read this
VLAN Security White Paper