Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

native vlan

is there any real practical use for the native vlan on an 802.1q trunk port? i have read that the native vlan is also referred to as a managmement vlan. does this imply my management vlan and native vlan should be the same, and if so, why?


Re: native vlan

When you use an IEEE 802.1Q trunk port, all frames are tagged except those on the VLAN configured as the "native VLAN" for the port. Frames on the native VLAN are always transmitted untagged and are normally received untagged. This VLAN is implicitly used for all the untagged traffic received on an 802.1Q capable port. This is when you connect to other switches rather than cisco switches.

NO, native vlan's do not always neccesarily be management vlans. Management vlans can be different from the native vlans. And there is so no problem in having them as same too.



Do rate if I have helped :)

Hall of Fame Super Blue

Re: native vlan


As explained by the previous poster the native vlan is an IEEE decision that enabled dot1q to have backwards compatibility with other switches that did not carry or understand vlan tagged traffic.

I would argue strongly however that you should not have the native vlan as your management vlan. Just as Cisco recommend not to use vlan 1 as your management vlan they also recommend you should make your native vlan one that is unused for any type of traffic - management or user traffic.

Attached is a link to a security paper on vlans. Have a read on the 802.1Q tagging attacks section, this will explain why you should always have a separate dedicated vlan as the native vlan.




Re: native vlan

I strongly agree with the previous poster, Your native VLAN should be all by itself. You should have no user or management traffic on it. This way if you ever attach to any rogue switch via a trunk or have an unsecured environment then your native vlan (UNtagged) will not leak any important info into it... It is just another form of security that you should make a best practice for switches.....Good Luck....

CreatePlease login to create content