Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
422
Views
10
Helpful
6
Replies

Trunks, VLANs and member ports

wilson_1234_2
Level 3
Level 3

‎07-29-2007 09:36 AM - edited ‎03-05-2019 05:33 PM

When creating a trunk link, I have a few questions:

VLAN1 always has to be a member of a trunk link, is this correct?

If so, why?

Labels:
0 Helpful
6 Replies 6

mohammedmahmoud
Level 11
Level 11

‎07-29-2007 10:11 AM

Hi,

Control plane traffic such as VTP, CDP, and PAgP protocols (and DTP in case of ISL - while DTP in case of 802.1q uses the native vlan) are tagged with VLAN 1 information.

HTH,

Mohammed Mahmoud.

balajitvk
Level 4
Level 4

‎07-29-2007 10:32 AM

Hi Wilson,

The reason VLAN 1 became a special VLAN is that L2 devices needed to have a default VLAN to assign to their ports, including their management port(s). In addition to that, many L2 protocols such as CDP, PAgP, and VTP needed to be sent on a specific VLAN on trunk links. For all these purposes VLAN 1 was chosen.

As a consequence, VLAN 1 may sometimes end up unwisely spanning the entire network if not appropriately pruned and, if its diameter is large enough, the risk of instability can increase significantly.

So as a generic security rule the network administrator should prune VLAN 1 from all the trunks and from all the access ports that don't require it (including not connected and shutdown ports). i.e. always need not be member of trunk link.

http://www.cisco.com/en/US/products/hw/switches/ps708/products_white_paper09186a008013159f.shtml#wp39009

Rate if it does,

Rgs.

wilson_1234_2
Level 3
Level 3
In response to balajitvk

‎07-29-2007 12:04 PM

Thanks

0 Helpful

meenakshisundaram.sampath
Level 1
Level 1
In response to balajitvk

‎07-29-2007 12:46 PM

Hi,

Can we use native VLAN which is administratively down ?

0 Helpful

mohammedmahmoud
Level 11
Level 11
In response to meenakshisundaram.sampath

‎07-29-2007 12:53 PM

hi,

Do you mean that the interface vlan of the native vlan is admin down, then yes you can use the native vlan this has nothing to do with the vlan operation, but you won't be able to telnet to the switch for remote access using that interface, and if the switch was layer 3 you won't be able to do inter-VLAN routing for this VLAN.

HTH,

Mohammed Mahmoud.

0 Helpful

Amit Singh
Cisco Employee
Cisco Employee
In response to mohammedmahmoud

‎07-29-2007 08:10 PM

Meenakshi,

In addition to Mohammed's post, a native vlan can be any dummy vlan on the switch. Just create a L2 vlan on the switch and do not create any SVI fot this.

-amit singh

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card