Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
35677
Views
33
Helpful
5
Replies

Vlan 1 and Native VLAN!!!

jolo07310
Level 5
Level 5

‎11-20-2006 06:32 AM - edited ‎03-05-2019 12:55 PM

I got confused about Vlan1 and Native VLAN. VLAN1 is native VLAN by default, but they are different, so VLAN1 is not 100% equal native VLAN.

According cisco srnd, vlan 1 should not be used for security purpose. I got a little confuse between Vlan 1 and native VLAN.

a.VLAN 1 is the default native Vlan used by Cisco devices to send BPDUs compliant. So do I have to use vlan 1???

b.native vlan is the vlan that is forwarded untagged. What is the untagged frame??? Do I have to have native VLAN??? If I have to have native VLAN, I can create for instance vlan 999 for native vlan. Use command "switchport trunk native vlan 999" at the trunk port.

Thanks

Ken

Labels:
0 Helpful
5 Replies 5

rdanevich
Level 1
Level 1

‎11-20-2006 06:46 AM

"Native" Vlan only pertains to the dot1q trunking standard. An "untagged" frame coming in on the trunk link will be sent to the "Native Vlan", whereas ISL trunking would drop an "untagged" frame that came in on the trunked port.

If the "trunking" capabilities of that trunk link became broken, then that link would ONLY pass "Native" Vlan traffic. VLAN 1 is the default. You can change the "Native" Vlan to be any number with the "switchport native vlan # " command.

I agree the "Native VLAN" is a very confusing subject and I myself have struggled with it often in the past. I myself prefer the default VLAN 1.

To me it's like this: Manage your switches in it's own VLAN and run your servers and client PCs in another VLAN. Have your Native VLAN be the VLAN you want continue working if the "trunk-link" were to fail. I prefer to have access to my switches remotely if the trunk were to fail rather then have the PCs & Servers still working. If you're efficiently using multiple Vlans/subnets anyways, only one VLAN will work, so part of the network may be down and part of it may be up. Therefore I prefer the Cisco Devices to be in the Native Vlan so I can remote to the device and possibly fix the problem.

jolo07310
Level 5
Level 5
In response to rdanevich

‎11-21-2006 12:15 PM

Hi Robert,

So you are saying that create a NEW subnet for management vlan for all the switches which is the native VLAN, right?? So you can access if the trunk fail.

And keep vlan 1 for the rest of control panel traffic???

And thanks for all people post their idea.. thanks so much... I will rate the post.

Thanks

Ken

0 Helpful

amit-singh
Level 8
Level 8

‎11-20-2006 09:29 AM

Hi Ken,

Vlan 1 is not equal to the native vlan though it is default to native vlan on cisco's implementaion.

IEEE 802.1Q doesnot force the use of native vlan as manadtory.Its only the Cisco's implemention where we bydefault use Vlan1 as native vlan.

A native vlan is the one whose frames will not tagged with a vlan tag when sent over the trunk link.

Here are your answers :

A. Vlan 1 is the deafult vlan which is used to send control traffic like VTP,STP,DTP,CDP over the links.It has nothing to do with the native vlan.In earlier IOS versions removing vlan 1 over the trunk wasnot allowed as the control traffic was only bound to vlan1. In the new IOS you can remove the vlan1, which is called as Vlan minimization and the control traffic will be sent over the management vlan when the vlan 1 is removed from the trunk.

B.A untagged frame is the one which doesnot carry a vlan tag inside its frame. In the newer IOS that are comming you can tag all the vlans which are being carried over the trunk so it is not required to have a native vlan. If you want a native vlan, yes you can make any dummy vlan as a native vlan on the trunk port.

HTH, Please rate if it does.

-amit singh

andrew.butterworth
Level 7
Level 7
In response to amit-singh

‎11-21-2006 01:55 AM

Amit I have got to correct you there regarding the last comment of your 1st answer.

If VLAN 1 is removed from a Trunk control-plane traffic is still sent using a VLAN Tag of 1. There is currently no way of changing this. If VLAN 1 is removed from the trunk then no user traffic from VLAN 1 is sent.

Quote from a Catalyst Best Practises document on CCO:

In summary, it is worth noting that on trunks, Cisco Discovery Protocol, VTP, and PAgP updates are always forwarded on trunks with a VLAN 1 tag. This is the case even if VLAN 1 has been cleared from the trunks and is not the native VLAN. Clearing VLAN 1 for user data has no impact on control plane traffic that is still sent using VLAN 1.

http://www.cisco.com/en/US/products/hw/switches/ps700/products_white_paper09186a00801b49a4.shtml#pre6

HTH

Andy

amit-singh
Level 8
Level 8
In response to andrew.butterworth

‎11-21-2006 03:41 AM

Hi Andy,

Thanks for correcting me in there :-), Oops I forgot that.

I really appreciate that.

-amit singh

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card