native vlan and security..

Unanswered Question
Apr 4th, 2007
User Badges:

hello there...i need your help.. i heard that we should change native vlan number.. why? and what the consequences to change that native vlan1. ex:cdp,vtp,etc... tx anyway :)

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
alessandroye Mon, 04/09/2007 - 07:56
User Badges:

the native vlan is vlan 1 by default.

But if you are configuring the trunk interface, you could change this problem by the command.

switch(config-if)#switchport trunk native vlan [vlan-id]

the untagged data traffic will be forwarding to the new native vlan.

Jon Marshall Mon, 04/09/2007 - 09:39
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Hi


Attached is a link to a vlan security doc from cisco which explains the use of the native vlan and why it should be changed from vlan 1 which is the default.


http://www.cisco.com/en/US/products/hw/switches/ps708/products_white_paper09186a008013159f.shtml#wp39211


We use a non-routable vlan as our native vlan on all our switches. This vlan also never has any switch ports in it.


Vlan 1 will still be used to send cdp, vtp pagp between switches.


HTH


Jon

Actions

This Discussion