Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
621
Views
1
Helpful
6
Replies

Native VLAN

tsmarcyes
Level 1
Level 1

‎10-31-2007 10:31 AM - edited ‎03-03-2019 05:35 AM

Can someone explain to me in non-book terms what the native vlan is used for. In other words, I know that the native vlan is the vlan that untagged traffic travels over. And even when you ask people, they say the same thing. However, when do you use this untagged vlan and how does that apply in the real world. Why would we ever change it from vlan 1? Why when you are configuring a switchport connected to a WLC or a AP, does it recommend setting the native vlan to the same vlan (subnet) as the management interface or even in some cases the data vlan? If I remember correctly, the native vlan is what also carries information for the link such as STP, VTP. Again, why change it from the default vlan 1.

Labels:
0 Helpful
6 Replies 6

ankbhasi
Cisco Employee
Cisco Employee

‎10-31-2007 10:38 AM

Hi Friend,

See if this link answers your question

http://www.cisco.com/en/US/products/hw/switches/ps708/products_white_paper09186a008013159f.shtml#wp39009

Please come back if you have any doubts.

HTH

Ankur

*Pls rate all helpfull post

0 Helpful

rolf.fischer_2
Level 1
Level 1

‎11-01-2007 01:49 AM

Cisco uses a proprietary implemetation of "standard" Spanning Tree (802.1d) for EVERY vlan.

To be interoperable to Non-Cisco switches, on the native vlan BPDUs (the "packets" of STP) are transmitted in regular 802.1d-Format.

The Non-Cisco switch wouldn't be able to identify the per-vlan-spanning-tree (PVSTP) BPDUs on a trunk - they are different to 802.1d-BPDUs. In order to avoid loops, BPDUs on the native vlan are like those of Non-Cisco switches.

That's the theory - in practice you often have problems with STP between Cisco and Non-Cisco switches and one solution is to change the native vlan to a dummy-ID.

If you like to know more, watch sheets 7 and 8 of this presentation: http://iws.ccccd.edu/sbutler/ccnp3ppt/mod4-Intervlan_Routing.ppt

(very good page for learnig/preparing!!)

There are also security-issues with native vlan. This is what you find in the link of the post above. If vlan 1 is your management-vlan there are many scenarios how to get unauthorized access to the management.

I know, this are not really non-book terms but I can't explain better...

HTH

Rolf

0 Helpful

amolwaghmare
Level 1
Level 1

‎11-01-2007 11:13 AM

1)Native vlan is used because if packets are unable to go through trunk they can be passed in normal way through native vlan.

2)CST BPDU are transferred to other switches without tagging i.e. on native vlan and not on trunk

3)If the trunk fails then the traffic of native vlan will only pass.

Hope this helps if need any other details please ask

**********************************************

Rate the good posts

**********************************************

0 Helpful

tsmarcyes
Level 1
Level 1
In response to amolwaghmare

‎11-01-2007 05:48 PM

The link above recommends pruning the native vlan from any trunk ports as much as possible. My question is if the native vlan is used for traffic such as DTP, STP, etc...then if your prune it from the trunk link, wont this cause problems because now the switch on the edge side of the pruned native vlan cant send DTP, STP, etc. messages across the trunk?

0 Helpful

rolf.fischer_2
Level 1
Level 1
In response to tsmarcyes

‎11-02-2007 12:09 AM

I do not recommend pruning the native vlan from any trunk ports generally.

But sometimes (e.g. connecting Non-Cisco devices) you have to in order to avoid problems.

When connecting a Non-Cisco device you can't use DTP anyway ( switchport nonegotiate).

For the most services you can configure source interface vlan xxx.

Spanning-tree is indeed a problem in configurations like those.

You need to have a loop-free design.

If possible, you should use the newer STP impementations like Rapid SP or Multible STP. Those are normally compatible to other switches.

But, like mentioned before, STP is only one aspect associated with native vlan.

For security reasons, many administrators change the native vlan from 1 to e.g. 99 and disable CDP.

http://www.mirrors.wiretapped.net/security/info/reference/nsa-guides/cisco/cisco-ios-switch-security-configuration-guide.pdf

0 Helpful
Customers Also Viewed These Support Documents