Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

The old native vlan question....

Topic came up during troubleshooting a 3524XL sw.

I think my understanding of the native vlan concept is wrong.

I thought on a trunk port (Cisco device) that any packet transversing a trunk link (dot1q trunk that is) has a vlan tag applied on the egress port.  As an untagged packet arrives on the port (prior to being sent out over the trunk), its is tagged with the native vlan (if its not assocated with any other vlan), then sent out the (egress) the trunked port. 

But lately I have been reading that

"A native vlan is the untagged vlan on an 802.1q trunked switchport. The native vlan and management vlan could be the same, but it is better security practice that they aren't. Basically if a switch receives untagged frames on a trunkport, they are assumed to be part of the vlan that are designated on the switchport as the native vlan. Frames egressing a switchport on the native vlan are not tagged. This is the definition however more recent switch software often will allow you to tag all of the frames, even those in the native vlan. This gives some added security and allows the CoS bits to be carried between switches even on the native vlan. Let me know if you need further clarification."

From : https://learningnetwork.cisco.com/thread/8721

So this tells me that you can have a packet transversing a dot1q link w/o a vlan tag...then when it arrives on the other end its put in the vlan that is on that native vlan question.  Is this correct?

If so, and a packet can transverse a trunk link w/o a VLAN tag applied, how does a sw detect (ingress) a native vlan mismatch?

Thanks!

Everyone's tags (5)
1 ACCEPTED SOLUTION

Accepted Solutions
Purple

The old native vlan question....

Hi,

It's correct, the native vlan is not tagged by default on the trunk link but some platform can make you tag all traffic though even the native vlan.

The native vlan mismatch is detected through cdp.

Regards.

Alain.

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.
3 REPLIES
Purple

The old native vlan question....

Hi,

It's correct, the native vlan is not tagged by default on the trunk link but some platform can make you tag all traffic though even the native vlan.

The native vlan mismatch is detected through cdp.

Regards.

Alain.

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.

The old native vlan question....

Thank you.

Co-worker 1 Jimmy 0

lol

The old native vlan question....

It is not question of platforms.... it is question of IOS...

!to tag even the native vlan:

vlan do1q tag native

!

Alessio

768
Views
0
Helpful
3
Replies