11-02-2010 11:46 PM - edited 03-06-2019 01:51 PM
Hi
Can someone Explain on Native VLAN with sample example.
On my reading I got these
by default native Vlan is VLAN 1
Native VLAN is generally used on Trunk encap dot1q
no concept of Native VLAN on ISL trunk
I still dont get for what and why its used?
Thanks
Solved! Go to Solution.
11-03-2010 12:14 AM
Anthony,
With the 802.1Q trunking scheme where frames are tagged to explicitly mark the VLAN they belong into, a question arises: what to do with a frame that arrives on a trunk port but that has no 802.1Q tag? This can happen, for example, if you connect a simple end device (PC, notebook, printer, simple access point or a simple unmanageable switch) to a trunk port. Obviously, frames coming into the trunk port from these devices do not have any tag and so the switch cannot infer the VLAN for these frames by looking at their tags because they have none.
There are two possible courses of action here: Either the switch drops these frames (because they are missing some vital information), or the switch will assign all these frames to a single "fallback" VLAN defined just for this purpose, and we call this VLAN the native VLAN. The 802.1Q standard decided to take the second way and define the native VLAN for the trunk operation (although the standard calls it by a different name).
So, a native VLAN is a VLAN that does not use tags on a trunk port, i.e.
To put it simply, a native VLAN allows devices that are not compatible with 802.1Q tagging to communicate over a trunk port by assigning them to a special VLAN that - as the only one on a particular trunk - does not use the 802.1Q tags.
For example, a switch port where both a Cisco IP phone and a PC is connected is a nice example of using native VLAN. The IP phone sends all its frames tagged with 802.1Q tag of the so-called voice VLAN. All voice communication, both signalling and voice data, are sent tagged on this port, and is transported within a VLAN devoted for voice purposes, hence the name voice VLAN. However, the PC connected to the phone does not understand tags and does not use them, so it continues communicating with the network without any tagging, thereby using the native VLAN on the port.
By default, on Catalyst switches, the native VLAN on trunk ports is set to the VLAN 1. This can be reconfigured using the switchport trunk native vlan command on a per-trunk basis.
The native VLAN is arguably a confusing topic and it causes many headaches both to people trying understanding it, and network engineers solving problems when different devices are configured with different native VLANs (each trunk can be configured with a different native VLAN) or when various vendors have slightly different implementation of the native VLAN feature. The native VLAN even allows for security attacks on networks (details are somewhat convoluted so I don't want to talk about them right now). It would be best if the native VLAN was not defined at all but alas, this is the way world goes...
Anyway, the ISL does not have a concept of native VLAN because contrary to 802.1Q that uses tagging, the ISL actually takes the entire original frame and encapsulates it entirely into a new frame with a different format. It is not possible to send original unmodified Ethernet frames over ISL trunks - either they are encapsulated into an ISL container or they are dropped. This is the reason why there is no concept of native VLAN on an ISL trunk.
I hope this helps a bit but please feel welcome to ask further.
Best regards,
Peter
11-03-2010 12:14 AM
Hi Anthony,
You can consider native vlan as a vlan having no tag. Letus dig more....
When you configure any port with 802.1q encapsulaton it expects vlan tag associated with frame received
but yes it is possible to to send frames untagged also.this is where native vlan comes into picture.
example: Say you configure trunk for allowed vlan as 11,21,31 and out of which you defined
vlan:31 as a native vlan then while sending frames for that vlan switch will not add any tag and it is send as a normal ethernet frame.
you can test by connect any PC (which do not understand tag) to trunk port. Assign an IP adress to some
vlan say 31 and then try to ping (unsuccessful) and then define native vlan (by switchport trunk native vlan 31) and you will see you will be able to ping the PC.
Hope this is useful
Regards
Mahesh
11-03-2010 12:14 AM
Anthony,
With the 802.1Q trunking scheme where frames are tagged to explicitly mark the VLAN they belong into, a question arises: what to do with a frame that arrives on a trunk port but that has no 802.1Q tag? This can happen, for example, if you connect a simple end device (PC, notebook, printer, simple access point or a simple unmanageable switch) to a trunk port. Obviously, frames coming into the trunk port from these devices do not have any tag and so the switch cannot infer the VLAN for these frames by looking at their tags because they have none.
There are two possible courses of action here: Either the switch drops these frames (because they are missing some vital information), or the switch will assign all these frames to a single "fallback" VLAN defined just for this purpose, and we call this VLAN the native VLAN. The 802.1Q standard decided to take the second way and define the native VLAN for the trunk operation (although the standard calls it by a different name).
So, a native VLAN is a VLAN that does not use tags on a trunk port, i.e.
To put it simply, a native VLAN allows devices that are not compatible with 802.1Q tagging to communicate over a trunk port by assigning them to a special VLAN that - as the only one on a particular trunk - does not use the 802.1Q tags.
For example, a switch port where both a Cisco IP phone and a PC is connected is a nice example of using native VLAN. The IP phone sends all its frames tagged with 802.1Q tag of the so-called voice VLAN. All voice communication, both signalling and voice data, are sent tagged on this port, and is transported within a VLAN devoted for voice purposes, hence the name voice VLAN. However, the PC connected to the phone does not understand tags and does not use them, so it continues communicating with the network without any tagging, thereby using the native VLAN on the port.
By default, on Catalyst switches, the native VLAN on trunk ports is set to the VLAN 1. This can be reconfigured using the switchport trunk native vlan command on a per-trunk basis.
The native VLAN is arguably a confusing topic and it causes many headaches both to people trying understanding it, and network engineers solving problems when different devices are configured with different native VLANs (each trunk can be configured with a different native VLAN) or when various vendors have slightly different implementation of the native VLAN feature. The native VLAN even allows for security attacks on networks (details are somewhat convoluted so I don't want to talk about them right now). It would be best if the native VLAN was not defined at all but alas, this is the way world goes...
Anyway, the ISL does not have a concept of native VLAN because contrary to 802.1Q that uses tagging, the ISL actually takes the entire original frame and encapsulates it entirely into a new frame with a different format. It is not possible to send original unmodified Ethernet frames over ISL trunks - either they are encapsulated into an ISL container or they are dropped. This is the reason why there is no concept of native VLAN on an ISL trunk.
I hope this helps a bit but please feel welcome to ask further.
Best regards,
Peter
11-03-2010 08:35 AM
Hi,
some more details to make the thing more confusing :-) :
1) In Cisco implementation, the trunk port has to be able to accept frames tagged with the native VLAN tag, too.
I.e., let's say a trunk is configured with native VLAN 1. The switch then sneds out VLAN 1 frames without any tag and assigns any untagged frames received to VLAN 1. But it also accepts incoming frames with VLAN 1 tag.
This feature is sometimes used for VoIP implementation Peter mentioned. The Voice VLAN and native VLAN is the same one then.
2) In the old CatOS days there was another native VLAN definition.
It was the VLAN to which a switch port was assigned in a case trunking failed for some reason (trunk negotiaition failed, e.g.).
IMHO, that's where the "native VLAN" term came from.
With IOS, those two features were separated: "switchport trunk native vlan" and "switchport access vlan" commands are used.
In CatOS, both were configured by one port command "set x/y vlan z".
BR,
Milan
11-03-2010 11:00 AM
Thank you all for replying.
Its confusing topic indeed.
When U got DATA & VOICE VLAN then it makes sense for Native VLAN but just data VLAN on network than Native VLAN topic confuses
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: