Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Native Vlan

what does native vlan means.....i eman that by default vlan 1 is native vlan an dit means that the packets go untag......i am confuse why we need packets to be untag and in which scenario we will configure normal vlans as native vlans.....cheers

4 REPLIES
Bronze

Re: Native Vlan

Hi,

Please check the attachment.

HTH,

Thanks

Raj

Re: Native Vlan

Hello,

the native VLAN, which - as you correctly said - does not tag frames, is necessary for devices on an Ethernet segment to communicate, even if they do not speak 802.1Q.

Normally, you would leave VLAN 1 as the default native VLAN for untagged frames, and move user traffic to other VLANs. I have only heard of making a different than VLAN 1 the native VLAN when you want to prevent so-called VLAN hopping, which implies an attacker trying to get 802.1q frames to hop from one VLAN to another if the frames are injected into a switch port belonging to the native VLAN of the trunk port.

Have a look at this more formal explanation as well:

With 802.1Q, a trunk link can tag frames between devices that understand the protocol. This allows for multiple VLANs to exist on a single topology. Because 802.1Q is defined as a type of Ethernet frame, it does not require that every device on a link speaks the 802.1Q protocol. Because Ethernet is a shared media and more than two device could be connected on this media, all devices on the link must still be capable of communicating even if they do not speak the 802.1Q protocol. For this reason, 802.1Q also defines a Native VLAN. A trunk port on a switch is defined to be in a Native VLAN, and the 802.1Q trunk will not tag frames that are going out the port that came in on any port that belongs to the same VLAN that is the Native VLAN on the switch. Any Ethernet device would be capable of reading frames for the Native VLANs. The Native VLAN is important on an 802.1Q trunk link. If both sides of the link do not agree on the Native VLAN, the trunk will not operate properly.

Regards,

GNT

New Member

Re: Native Vlan

do you have to configure the vlan to be native or is there a default ?

Re: Native Vlan

Hello,

the (802.1Q) default native VLAN is VLAN 1. In order to configure a different VLAN as the native VLAN, use the interface command:

switchport trunk encapsulation dot1q native vlan X

HTH,

GNT

619
Views
10
Helpful
4
Replies
CreatePlease login to create content