cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
989
Views
10
Helpful
4
Replies

Native Vlan

The_guroo_2
Level 2
Level 2

what does native vlan means.....i eman that by default vlan 1 is native vlan an dit means that the packets go untag......i am confuse why we need packets to be untag and in which scenario we will configure normal vlans as native vlans.....cheers

4 Replies 4

rajinikanth
Level 3
Level 3

Hi,

Please check the attachment.

HTH,

Thanks

Raj

globalnettech
Level 5
Level 5

Hello,

the native VLAN, which - as you correctly said - does not tag frames, is necessary for devices on an Ethernet segment to communicate, even if they do not speak 802.1Q.

Normally, you would leave VLAN 1 as the default native VLAN for untagged frames, and move user traffic to other VLANs. I have only heard of making a different than VLAN 1 the native VLAN when you want to prevent so-called VLAN hopping, which implies an attacker trying to get 802.1q frames to hop from one VLAN to another if the frames are injected into a switch port belonging to the native VLAN of the trunk port.

Have a look at this more formal explanation as well:

With 802.1Q, a trunk link can tag frames between devices that understand the protocol. This allows for multiple VLANs to exist on a single topology. Because 802.1Q is defined as a type of Ethernet frame, it does not require that every device on a link speaks the 802.1Q protocol. Because Ethernet is a shared media and more than two device could be connected on this media, all devices on the link must still be capable of communicating even if they do not speak the 802.1Q protocol. For this reason, 802.1Q also defines a Native VLAN. A trunk port on a switch is defined to be in a Native VLAN, and the 802.1Q trunk will not tag frames that are going out the port that came in on any port that belongs to the same VLAN that is the Native VLAN on the switch. Any Ethernet device would be capable of reading frames for the Native VLANs. The Native VLAN is important on an 802.1Q trunk link. If both sides of the link do not agree on the Native VLAN, the trunk will not operate properly.

Regards,

GNT

do you have to configure the vlan to be native or is there a default ?

Hello,

the (802.1Q) default native VLAN is VLAN 1. In order to configure a different VLAN as the native VLAN, use the interface command:

switchport trunk encapsulation dot1q native vlan X

HTH,

GNT

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: