Trunks, VLANs and member ports

Unanswered Question
Jul 29th, 2007

When creating a trunk link, I have a few questions:

VLAN1 always has to be a member of a trunk link, is this correct?

If so, why?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
mohammedmahmoud Sun, 07/29/2007 - 10:11


Control plane traffic such as VTP, CDP, and PAgP protocols (and DTP in case of ISL - while DTP in case of 802.1q uses the native vlan) are tagged with VLAN 1 information.


Mohammed Mahmoud.

balajitvk Sun, 07/29/2007 - 10:32

Hi Wilson,

The reason VLAN 1 became a special VLAN is that L2 devices needed to have a default VLAN to assign to their ports, including their management port(s). In addition to that, many L2 protocols such as CDP, PAgP, and VTP needed to be sent on a specific VLAN on trunk links. For all these purposes VLAN 1 was chosen.

As a consequence, VLAN 1 may sometimes end up unwisely spanning the entire network if not appropriately pruned and, if its diameter is large enough, the risk of instability can increase significantly.

So as a generic security rule the network administrator should prune VLAN 1 from all the trunks and from all the access ports that don't require it (including not connected and shutdown ports). i.e. always need not be member of trunk link.

Rate if it does,


mohammedmahmoud Sun, 07/29/2007 - 12:53


Do you mean that the interface vlan of the native vlan is admin down, then yes you can use the native vlan this has nothing to do with the vlan operation, but you won't be able to telnet to the switch for remote access using that interface, and if the switch was layer 3 you won't be able to do inter-VLAN routing for this VLAN.


Mohammed Mahmoud.

Amit Singh Sun, 07/29/2007 - 20:10


In addition to Mohammed's post, a native vlan can be any dummy vlan on the switch. Just create a L2 vlan on the switch and do not create any SVI fot this.

-amit singh


This Discussion