Native Vlan question

Unanswered Question
Sep 8th, 2007

Studying for my BCMSN test and I'm a little fuzzy on Native Vlans...

Lets say I am networking a building that has 3 floors. I want to have one access layer switch per floor and I want each access layer switch to be assigned to its own vlan so the topology isn't "flat". Floor one is vlan 100, floor two is vlan 200, and floor three is vlan 300. So those are three vlans that will need to be trunked back into my distribution layer switch for routing and distribution to the rest of the network. Ok, here is my question. When I setup trunking on the last switchport (i.e. I like using the last port on each switch for trunking so lets say I'm using port 24) for each access layer switch, can I just leave the Native Vlan to 1 (default) for that switch port? What about the distribution layer switches? Can those also be left to native Vlan 1?

As far as I can tell, it only matters that the native Vlans are THE SAME across the ports on EVERY switch that are participating in trunking. If that is true, than does it matter at all what native vlan is used? Could I use native Vlan 100 or 200 even for those trunking ports so long as EVERY switch has it trunking port set to that EXACT native Vlan??? Even though those Vlans are being used already, would it matter so long as the native's match on each trunking port?

Confused...

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (2 ratings)
Loading.
jorgenolla Sat, 09/08/2007 - 11:27

This is a topic that cause quite a bit of confusion, but here it is:

Native Vlan must matched across all your trunk links. The native Vlan was created only for backwards compatibility, It's implicitly used for untagged traffic received on a 802.1q capable port.

VLAN 1 - is used for all your control traffic: CDP, VTP, PAgP, and DTP. This traffic will always propagate through VLAN 1, and it can't be modified.

If you assign the Native Vlan to another Vlan other that Vlan 1, the control traffic will still propagate through Vlan 1, but it will be tagged by dot1q.

Management Vlan - Can be any other Vlan you choose, it doesn't have to be VLAN 1, nor the Native Vlan. The management Vlan has to match for switches you which to manage with in the same block.

Usually is best practice to assign the Native Vlan to a dummy Vlan, meaning it doesn't have to be Vlan 1, but make sure it matches across the block of switches and routers.

Best regards

Greetings rodman,

I agree with the individual who posted below. It is best to use a dummy vlan as the native due to security and scalability reasons.

Since you are studying for your BCMSN I will throw in a small tid-bit of information. The native vlan doesn't always have to be the same on two facing trunk ports. During your BCMSN exam you may see a scenario where one switch has a port configured with the native as vlan 'X' and the end switch as vlan 'Y' as its native.

This is actually a well-known 'trick' or 'work-around' for vlan re-mapping. So if you wanted to say...have vlan 100 as your PC LAN vlan on the 1st floor access switch and you didn't want to have to specify:

switchport access vlan 100

swi mode access

ect...

you could just have the native vlan as 'vlan 100' on your trunk from the distribution switch to your access switch. This would re-map all traffic from vlan 1 (access switch) to vlan 100 (distro switch).

I felt this was appropriate to mention as I had a question in my BCMSN pertaining to this exact topic.

Good Luck!!

jlhainy Sat, 09/08/2007 - 15:23

The only time I have ever used the native vlan in production is when I attached a switchport to a virtual server and wanted the virtual servers to sit in different vlans. Using ESX, I had to specify the native vlan for the vlan that the console IP address for the ESX server sat in. The server would not talk other wise, even if I made the switchport an access port.

glen.grant Sat, 09/08/2007 - 16:00

What we tend to do is whatever the management vlan is for the access switches is we use that as the native then if for some reason the trunk does not work then you might still be able to get to the switch , though trunking is pretty bulletproof these days .

rodman.frowert Mon, 09/10/2007 - 07:08

Wow, good replies.

So I guess the bottom line is this from what I can tell... It is best (easier) to go ahead and assign a "dummy vlan" to the trunks and keep the "dummy vlan" the exact same on each switch trunk. This will avoid any problems or confusion with vlan tagging. Although, like one poster said, trunking is nearly bulletproof...

Thanks guys!

Actions

This Discussion