"Any untagged frames that an 802.1Q trunk receives will be forwarded to any ports in the native VLAN, which could be a security issue. This issue can be avoided by assigning an unused VLAN number to the native VLAN so that any untagged frames that an 802.1Q trunk receives wil not be forwarded to any user ports."
Looking at some of our switches I see that we are using the user VLAN as the native VLAN but we are also trunking that VLAN.
What effect does that have? Is the user VLAN tagged or not since it is both the native VLAN and it is trunked?
The native vlan is the vlan that is not tagged when sent down a trunk link. So it doesn't matter if you are sending the user vlan down the trunk link or not, it will not be tagged if it is the native vlan.
As you say it would be better to use a vlan that is not used for either management or user ports in yor environment, Cisco recommend vlan 999.
From practical point of view the premise behind that is the case, where you would create another VLAN. Then you can easily add it to the trunk without disrupting your operations. If you have ACCESS uplink, you will not be able to easily propagate this new VLAN without creating disruptions.
This is actually a pretty cool feature, i didn't even know it existed until I was looking for a solution to advertise a subnet (prefix in BGP talk), only if a certain condition existed. This is exactly what conditional advertisements does
j ai une question j ai achete un routeur cisco 887VA-k9 , je le configuré avec la configuration ci- dessous
si je le lier avec mon pc portable sur l un de ses ports directement ça marche toute est bien ( la connexion internet + m...
Attached policy provides CLI access to the Cisco 4G router over text messaging. Two files are in the attached .tar file:
2. PDF with instructions on how to load and use the .tcl file.