is there any real practical use for the native vlan on an 802.1q trunk port? i have read that the native vlan is also referred to as a managmement vlan. does this imply my management vlan and native vlan should be the same, and if so, why?
When you use an IEEE 802.1Q trunk port, all frames are tagged except those on the VLAN configured as the "native VLAN" for the port. Frames on the native VLAN are always transmitted untagged and are normally received untagged. This VLAN is implicitly used for all the untagged traffic received on an 802.1Q capable port. This is when you connect to other switches rather than cisco switches.
NO, native vlan's do not always neccesarily be management vlans. Management vlans can be different from the native vlans. And there is so no problem in having them as same too.
As explained by the previous poster the native vlan is an IEEE decision that enabled dot1q to have backwards compatibility with other switches that did not carry or understand vlan tagged traffic.
I would argue strongly however that you should not have the native vlan as your management vlan. Just as Cisco recommend not to use vlan 1 as your management vlan they also recommend you should make your native vlan one that is unused for any type of traffic - management or user traffic.
Attached is a link to a security paper on vlans. Have a read on the 802.1Q tagging attacks section, this will explain why you should always have a separate dedicated vlan as the native vlan.
I strongly agree with the previous poster, Your native VLAN should be all by itself. You should have no user or management traffic on it. This way if you ever attach to any rogue switch via a trunk or have an unsecured environment then your native vlan (UNtagged) will not leak any important info into it... It is just another form of security that you should make a best practice for switches.....Good Luck....
Question We run asr9001 with XR 6.1.3, and we have a very long delay to
login w/ SSH 1 or 2 to the device compare to IOS device. After
investigation, the there is 1s delay between the client KEXDH_INIT and
the server (XR) KEXDH_REPLY. After debug ssh serv...
Introduction The purpose of this document is to demonstrate the Open
Shortest Path First (OSPF) behavior when the V-bit (Virtual-link bit) is
present in a non-backbone area. The V-bit is signaled in Type-1 LSA only
if the router is the endpoint of one or ...
Hi, I am seeing quite a few issues with patch install and wanted to
share my experience and workaround to this. Login to admin via CLI, then
access root with the “shell” command Issue “df –h” and you’ll probably
see the following directory full or nearly ...