vlans and native vlan

Unanswered Question
Nov 15th, 2007
User Badges:

Hi all, can anyone tell me if i assign a port to a vlan say vlan 5, and then the native vlan for the port is 1, is this done by assigning the switchport voicevlan command? also am i right in saying that if a frame comes into the switch untagged it will become a member of vlan 1, if this then goes over a 802.1q trunk port, will frame assigned to vlan 1 by the switch get tagged with vlan 1 when it goes out the trunk port ?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
xcz504d1114 Thu, 11/15/2007 - 13:42
User Badges:
  • Bronze, 100 points or more

Native VLAN's only apply to trunk interfaces, so if you assign an access port to VLAN 5, that port will only be VLAN 5, if an untagged frame comes into VLAN 5's access port it will tag it as VLAN 5.

The switchport voice vlan command is for QoS (quality of service) for voice over IP, it sets the CoS (Class of service) bit in the 802.1q tagged frame to 5 for voice traffic.

If an untagged frame comes across an 802.1q trunk untagged then yes it will be considered VLAN 1 (native VLAN) traffic and will not be tagged. If you are running ISL instead of 802.1q then the native VLAN traffic is encapsulated like all other VLANs. 802.1q will never tag native VLAN traffic, you should not have any "normal user" traffic assigned to teh native VLAN, the Native VLAN is reserved for things such as CDP, DTP, etc.

Hope that helps.

carl_townshend Thu, 11/15/2007 - 14:06
User Badges:

thanks for that, so, if i say have an access port, and i put it as a member of vlan 5, will it tag all traffic as vlan 5 ? if the native vlan on the port is 1 and i connect a pc, will the switch see the packet as untagged and be in vlan 1, does this only come into effect when using voice vlans ? also how does the native vlan work on trunks, if my pc what was connected to that port becomes a member of vlan 1 due to no tag and this then travels across the trunk port, will it be tagged with vlan 1

lastly what would happen if we had different native vlans on the end of 2 trunk ports, would this matter as they tag all traffic anyway ?

xcz504d1114 Thu, 11/15/2007 - 14:51
User Badges:
  • Bronze, 100 points or more

Yes, if you put an access port to VLAN 5 using switchport access VLAN 5, traffic that comes through that interface will be marked as VLAN 5.

No, a PC will always send an untagged frame, it is the switches responsibility to tag the frame, and will either tag it for the VLAN you have set the interface to, or it will be in VLAN 1 by default. By default all switchports reside in VLAN 1. By default the native VLAN is VLAN 1. If you enable a trunk interface for 802.1q and leave all the interfaces in the default VLAN 1, and leave the native VLAN to the default of VLAN 1, no frames will get tagged.

No, this does not only come into affect with voice vlan's, voice VLAN's are completely seperate, the only purpose of voice VLAN's is to seperate voice traffic from normal traffic to ensure a predetermined level of quality for voice traffic. All of the above will always be true whether you have voice traffic or not.

If you connect your PC to a trunk port, chances are you will not have any connectivity. There are very very few situations where you will have connectivity, but that is a little more complicated.

It is a standard and suggested practice to remove all access ports from your native VLAN. Native VLAN is used between cisco devices for management purposes.

If you do have an access port set to your native VLAN, and it goes across a trunk configured with 802.1q, it will not be tagged.

If you are running 802.1q it is required that the native VLAN's match on both ends. Because 802.1q does not tag native VLAN traffic you could potentially have loss of communication and manageability. Generally you will see a "Native VLAN Mismatch" if you have CDP enabled on the ports.

carl_townshend Fri, 11/16/2007 - 02:02
User Badges:


can you tell me if when I change a normal access port to say another vlan, is this classed as an 802.1q port as the switch is tagging the incoming frame ? also I have seen on nortel switches where you can put the port as a certain vlan member but it gives you the option to have a default vlan for the port ? does the native vlan only come into play when going across a trunk port ?

xcz504d1114 Fri, 11/16/2007 - 08:35
User Badges:
  • Bronze, 100 points or more

No, an access port will never be running 802.1q, 802.1q is a VLAN trunking protocol that will only be active on a trunk port. A frame is not tagged as it enters an access port, it will only be tagged if/when it leaves the switch over a trunk port.

The switch uses the VLAN database and mac-address table to keep track of what mac-address belongs to what interface and what interface belongs to what VLAN and will only tag the frame if it leaves teh switch on a trunk port. If it never leaves on a trunk port then it will never be tagged and the switch will manage interface to VLAN associations on it's own.

Yes, native VLAN's are only used for trunk port operations as it is used to communicate management information between switches. All ports are asigned a default VLAN (VLAN 1), you can not assign multiple VLAN's to a single port unless it's a trunk port. There is a Dynamic VLAN process that involves a server to authenticate which VLAN a particular client should be assigned. Also if you use an authentication protocol such as 802.1x any non-authenticated client can be placed in a guest VLAN with limited access.

carl_townshend Mon, 11/19/2007 - 03:04
User Badges:

thanks for that

so if i have a port with a phone and pc plugged in, i gather the phone already tags the traffic, but the pc is untagged, is that is what the pvid is for then, pvid is for untagged traffic only?,the switch puts the pc in vlan 5 if my pvid is 5?, so if this goes out the trunk port is it then tagged with vlan5 ? if my native vlan on the trunk was vlan 5, would this traffic not get tagged ?


This Discussion