I got confused about Vlan1 and Native VLAN. VLAN1 is native VLAN by default, but they are different, so VLAN1 is not 100% equal native VLAN.
According cisco srnd, vlan 1 should not be used for security purpose. I got a little confuse between Vlan 1 and native VLAN.
a.VLAN 1 is the default native Vlan used by Cisco devices to send BPDUs compliant. So do I have to use vlan 1???
b.native vlan is the vlan that is forwarded untagged. What is the untagged frame??? Do I have to have native VLAN??? If I have to have native VLAN, I can create for instance vlan 999 for native vlan. Use command "switchport trunk native vlan 999" at the trunk port.
"Native" Vlan only pertains to the dot1q trunking standard. An "untagged" frame coming in on the trunk link will be sent to the "Native Vlan", whereas ISL trunking would drop an "untagged" frame that came in on the trunked port.
If the "trunking" capabilities of that trunk link became broken, then that link would ONLY pass "Native" Vlan traffic. VLAN 1 is the default. You can change the "Native" Vlan to be any number with the "switchport native vlan # " command.
I agree the "Native VLAN" is a very confusing subject and I myself have struggled with it often in the past. I myself prefer the default VLAN 1.
To me it's like this: Manage your switches in it's own VLAN and run your servers and client PCs in another VLAN. Have your Native VLAN be the VLAN you want continue working if the "trunk-link" were to fail. I prefer to have access to my switches remotely if the trunk were to fail rather then have the PCs & Servers still working. If you're efficiently using multiple Vlans/subnets anyways, only one VLAN will work, so part of the network may be down and part of it may be up. Therefore I prefer the Cisco Devices to be in the Native Vlan so I can remote to the device and possibly fix the problem.
Vlan 1 is not equal to the native vlan though it is default to native vlan on cisco's implementaion.
IEEE 802.1Q doesnot force the use of native vlan as manadtory.Its only the Cisco's implemention where we bydefault use Vlan1 as native vlan.
A native vlan is the one whose frames will not tagged with a vlan tag when sent over the trunk link.
Here are your answers :
A. Vlan 1 is the deafult vlan which is used to send control traffic like VTP,STP,DTP,CDP over the links.It has nothing to do with the native vlan.In earlier IOS versions removing vlan 1 over the trunk wasnot allowed as the control traffic was only bound to vlan1. In the new IOS you can remove the vlan1, which is called as Vlan minimization and the control traffic will be sent over the management vlan when the vlan 1 is removed from the trunk.
B.A untagged frame is the one which doesnot carry a vlan tag inside its frame. In the newer IOS that are comming you can tag all the vlans which are being carried over the trunk so it is not required to have a native vlan. If you want a native vlan, yes you can make any dummy vlan as a native vlan on the trunk port.
Amit I have got to correct you there regarding the last comment of your 1st answer.
If VLAN 1 is removed from a Trunk control-plane traffic is still sent using a VLAN Tag of 1. There is currently no way of changing this. If VLAN 1 is removed from the trunk then no user traffic from VLAN 1 is sent.
Quote from a Catalyst Best Practises document on CCO:
In summary, it is worth noting that on trunks, Cisco Discovery Protocol, VTP, and PAgP updates are always forwarded on trunks with a VLAN 1 tag. This is the case even if VLAN 1 has been cleared from the trunks and is not the native VLAN. Clearing VLAN 1 for user data has no impact on control plane traffic that is still sent using VLAN 1.
We are pleased to announce availability of Beta software for 16.6.3. 16.6.3 will be the second rebuild on the 16.6 release train targeted towards Catalyst 9500/9400/9300/3850/3650 switching platforms. We are looking for early feedback from custome...