Solved

NATIVE VLAN QUERY

Posted on 2011-02-27
10
406 Views
Last Modified: 2012-05-11
Dependant on whether a company can afford specific hardware or software for IT equipment im wondering the following:

ISL - Has no concept of Native vlan - why?

802.1q - Does use Native vlan, therefore traffic is 'Untagged', although Im assuming this is NOT has robust as ISL?

Assuming ISL is more robust and carries out CRC OR FRC Im assuming this is why it does NOT need to use 'Native vlan'?
0
Comment
Question by:mikey250
  • 3
  • 2
  • 2
  • +1
10 Comments
 
LVL 17

Accepted Solution

by:
MAG03 earned 250 total points
Comment Utility
ISL is a cisco proprietary protocol that encapsulates all frames going through the trunk which is why there is no concept of native vlan. ISL does not understand what a native vlan is. Since ISL encapsulates all frames there is much greater overhead, 802.1q only adds a header to the frame.

802.1q is IEEE industry standard. The only frames that are "untagged" in 802.1q are the frames that originate from within the native vlan (vlan 1 by default on cisco) all other vlan frames are tagged to identify which vlan they originate from and helps the other switch identify which vlan to send the traffic to.
0
 
LVL 17

Assisted Solution

by:Kvistofta
Kvistofta earned 125 total points
Comment Utility
I totally agree to what MAG03 saids. I just want to add that today ISL is ancient history. There should be no reason with modern hardware to consider using ISL. Stick to 802.1q, it is the de facto standard of today and compatible with all available vendors in contradiction to ISL.

/Kvistofta
0
 
LVL 50

Assisted Solution

by:Don Johnston
Don Johnston earned 125 total points
Comment Utility
One of the reasons for the native VLAN is that was where the BPDU's were carried. 802.1q only supported CST (Common Spanning Tree).

One of the "improvements" that came with ISL was the ability to do Per-VLAN Spanning Tree (PVST). In this situation, a separate instance of Spanning-Tree is created for each VLAN.

Of course when 802.1q came out, Cisco turned around and implemented it with PVST+ which allowed them to do Per VLAN Spanning-Tree with 802.1q.

But in the end, ISL is a dying protocol. Cisco doesn't support it on a number of their own platforms anymore.
0
 

Author Comment

by:mikey250
Comment Utility
1.  Although the below is mentioned, the native vlan 1 can be changed to '99' for example to stop vlan hopping so, presumably this is one way around the 'untagged' frame im assuming although still not 'tagged' offers protection?

"802.1q is IEEE industry standard. The only frames that are "untagged" in 802.1q are the frames that originate from within the native vlan (vlan 1 by default on cisco) all other vlan frames are tagged to identify which vlan they originate from and helps the other switch identify which vlan to send the traffic to."


2.  If ISL is more robust ie encapsulates the whole frame then why is 802.1q more popular, what was the deciding factor as I would have thought ISL was the winning protocol, or is it down to the 'overhead', however this may affect services?
0
Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

 
LVL 17

Assisted Solution

by:MAG03
MAG03 earned 250 total points
Comment Utility
Changing the native vlan to an unused vlan, ie. vlan 99, will help prevent vlan hopping. For more information on vlan security have a look at the following link: http://www.cisco.com/en/US/products/hw/switches/ps708/products_white_paper09186a008013159f.shtml

two reasons that 802.1q is preferred are that it is industry standard so if you can use other vendor devices together. The other reason is the overhead, and depending on how much traffic there is flowing over the network this can negatively affect the network.

0
 
LVL 50

Expert Comment

by:Don Johnston
Comment Utility
1) Some vendors allow tagging all VLANs (including the native VLAN). If not, the typical approach is the specify an unused VLAN as the native VLAN.

2) The only people that would say ISL is more robust would have been Cisco sales people. :-)  802.1q is more popular because (A) it's a standard and (B) it does everything that is required in a trunking protocol.
0
 

Author Comment

by:mikey250
Comment Utility
ok understood and will read the url!
0
 
LVL 17

Expert Comment

by:Kvistofta
Comment Utility
There is no tech-details to add, all is said above. I recommend a split between us participating experts.

/Kvistofta
0
 

Author Comment

by:mikey250
Comment Utility
apologies for not closing this thread as Ive had issues with my internet connection and was not able to log on.  Im ok now so will close this thread.
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Auditors face some challenges when reviewing router and firewall configurations.  I'm going to discuss a few of them in this article.  My assumption is that there is a device hardening standard in place, which points out the key elements of configur…
Hello to you all, I hear of many people congratulate AWS (Amazon Web Services) on how easy it is to spin up and create new EC2 (Elastic Compute Cloud) instances, but then fail and struggle to connect to them using simple tools such as SSH (Secure…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now