Switching prob..

Unanswered Question
Nov 20th, 2007

Hi,I am facing confusion on switching topic while preparing for ccna.

The native vlan is 1.this is for management purposes and can be changed.Vlan 1 has ip address.right ?Now when we start trunking, is it necessary that it must be a native port, or can be any...and if yes, why ? Thanks gurs for reply....

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)

Hi There

The Native VLAN is by default VLAN1 on all Cisco Switches.

The Native VLAN is normally used for remote management purposes and so would require an IP address.

The native VLAN CAN be changed if required.

A trunk link will carry traffic for all VLANs and the interface you trunk will be configured with the "Switchport mode trunk" command so it is technically not assigned to any specific VLAN.

Only access ports are assigned to specific VLANs.

Best Regards,


compsolv Wed, 11/21/2007 - 11:26

VLAN 1 is the default native VLAN and you can change it.

This VLAN will not have an IP address until you configure one using the interface vlan 1 command.

When you trunk - the default native VLAN for the trunk is automatically set to 1. Cisco recommends for security reasons that you change the native VLAN assignment to another VLAN you create.

Please post any further questions about this.

Anthony J. Sequeira


Recert? No Problem!


tahir1234 Fri, 11/23/2007 - 19:43

HI Sequeira, Thanks for the guidence. I still could not get it. Why we trunk on Vlan1, why not on , say, Vlan 8. What security Vlan1 does have ? Please exp. me further...thanks for the help.

compsolv Fri, 11/23/2007 - 20:03

The 802.1Q native VLAN is special because it is the only VLAN on your trunk links that does not get a tag that identifies the VLAN the packets belong to. Just remember, the native VLAN is an “unmarked” VLAN.

The default native VLAN on Cisco routers is VLAN 1. You can change this on each of your trunk links. Just make sure you change it consistently. Two links will not form a trunk if they do not agree on the native VLAN.

There are several security attacks that leverage this native VLAN. So that you cannot be a victim to these attacks, Cisco currently recommends that you change the native VLAN from VLAN 1 to a VLAN that you do not use for anything else in your topology.

Anthony J. Sequeira


Pass Your CCIE Written!



This Discussion