10-31-2007 10:31 AM - edited 03-03-2019 05:35 AM
Can someone explain to me in non-book terms what the native vlan is used for. In other words, I know that the native vlan is the vlan that untagged traffic travels over. And even when you ask people, they say the same thing. However, when do you use this untagged vlan and how does that apply in the real world. Why would we ever change it from vlan 1? Why when you are configuring a switchport connected to a WLC or a AP, does it recommend setting the native vlan to the same vlan (subnet) as the management interface or even in some cases the data vlan? If I remember correctly, the native vlan is what also carries information for the link such as STP, VTP. Again, why change it from the default vlan 1.
10-31-2007 10:38 AM
Hi Friend,
See if this link answers your question
Please come back if you have any doubts.
HTH
Ankur
*Pls rate all helpfull post
11-01-2007 01:49 AM
Cisco uses a proprietary implemetation of "standard" Spanning Tree (802.1d) for EVERY vlan.
To be interoperable to Non-Cisco switches, on the native vlan BPDUs (the "packets" of STP) are transmitted in regular 802.1d-Format.
The Non-Cisco switch wouldn't be able to identify the per-vlan-spanning-tree (PVSTP) BPDUs on a trunk - they are different to 802.1d-BPDUs. In order to avoid loops, BPDUs on the native vlan are like those of Non-Cisco switches.
That's the theory - in practice you often have problems with STP between Cisco and Non-Cisco switches and one solution is to change the native vlan to a dummy-ID.
If you like to know more, watch sheets 7 and 8 of this presentation: http://iws.ccccd.edu/sbutler/ccnp3ppt/mod4-Intervlan_Routing.ppt
(very good page for learnig/preparing!!)
There are also security-issues with native vlan. This is what you find in the link of the post above. If vlan 1 is your management-vlan there are many scenarios how to get unauthorized access to the management.
I know, this are not really non-book terms but I can't explain better...
HTH
Rolf
11-01-2007 11:13 AM
1)Native vlan is used because if packets are unable to go through trunk they can be passed in normal way through native vlan.
2)CST BPDU are transferred to other switches without tagging i.e. on native vlan and not on trunk
3)If the trunk fails then the traffic of native vlan will only pass.
Hope this helps if need any other details please ask
**********************************************
Rate the good posts
**********************************************
11-01-2007 05:48 PM
The link above recommends pruning the native vlan from any trunk ports as much as possible. My question is if the native vlan is used for traffic such as DTP, STP, etc...then if your prune it from the trunk link, wont this cause problems because now the switch on the edge side of the pruned native vlan cant send DTP, STP, etc. messages across the trunk?
11-02-2007 12:09 AM
I do not recommend pruning the native vlan from any trunk ports generally.
But sometimes (e.g. connecting Non-Cisco devices) you have to in order to avoid problems.
When connecting a Non-Cisco device you can't use DTP anyway ( switchport nonegotiate).
For the most services you can configure source interface vlan xxx.
Spanning-tree is indeed a problem in configurations like those.
You need to have a loop-free design.
If possible, you should use the newer STP impementations like Rapid SP or Multible STP. Those are normally compatible to other switches.
But, like mentioned before, STP is only one aspect associated with native vlan.
For security reasons, many administrators change the native vlan from 1 to e.g. 99 and disable CDP.
11-02-2007 05:48 AM
There has been a good amount of information given here.
For more information, check these links below. I'm sure u'll have all queries answered.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide