Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
794
Views
0
Helpful
3
Replies

802.1Q trunking of the native VLAN

derek_tracey
Level 1
Level 1

‎08-14-2007 07:25 AM - edited ‎03-03-2019 06:19 PM

I ran across this while studying for the BCMSN:

"Any untagged frames that an 802.1Q trunk receives will be forwarded to any ports in the native VLAN, which could be a security issue. This issue can be avoided by assigning an unused VLAN number to the native VLAN so that any untagged frames that an 802.1Q trunk receives wil not be forwarded to any user ports."

Looking at some of our switches I see that we are using the user VLAN as the native VLAN but we are also trunking that VLAN.

What effect does that have? Is the user VLAN tagged or not since it is both the native VLAN and it is trunked?

Labels:
0 Helpful
3 Replies 3

Jon Marshall
Hall of Fame
Hall of Fame

‎08-14-2007 07:41 AM

Hi Derek

The native vlan is the vlan that is not tagged when sent down a trunk link. So it doesn't matter if you are sending the user vlan down the trunk link or not, it will not be tagged if it is the native vlan.

As you say it would be better to use a vlan that is not used for either management or user ports in yor environment, Cisco recommend vlan 999.

HTH

Jon

0 Helpful

derek_tracey
Level 1
Level 1
In response to Jon Marshall

‎08-14-2007 08:47 AM

Thanks Jon.

Another thing I was curious about; is there any reason to trunk on a link when you only have one VLAN? That is the pratice we follow too and I am just wondering what is the premise behind that.

0 Helpful

Pavel Bykov
Level 5
Level 5
In response to derek_tracey

‎08-14-2007 08:54 AM

From practical point of view the premise behind that is the case, where you would create another VLAN. Then you can easily add it to the trunk without disrupting your operations. If you have ACCESS uplink, you will not be able to easily propagate this new VLAN without creating disruptions.

Also the mentioned security issue can arise.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card