fherlan Fri, 08/14/2009 - 03:03
User Badges:

If you are looking for the "switchport trunk native vlan tag" command, I don't think it is supported on Cat2960.

But to add a little more security to my trunks, I use "switchport trunk native vlan xxx" (on both sides) which changes the native VLAN on the trunk from 1 to xxx.

And, clearly, I don't use VLAN xxx anywhere else.

Peter Paluch Fri, 08/14/2009 - 03:05
User Badges:
  • Cisco Employee,


The "vlan dot1q tag native" command et al. are, to my knowledge, supported only on 3560 and probably higher switches. The 2960 will not be able to tag the native VLAN.

The workaround is quite simple: avoid using the native VLAN as an access VLAN and you are safe. Because the native VLAN is by default set to 1, either change the native VLAN on all trunks to a different and guaranteedly unused VLAN, or avoid using the VLAN1 on your access ports completely. Personally, I prefer the second approach - leaving the native VLAN as 1 but avoiding it completely. The VLAN1 is important for switches as it conveys various service protocols like CDP, VTP or STP. It is best to leave the VLAN1 for switches alone and use other VLANs for access ports.

Best regards,



This Discussion