native vlan on 3560x

Posted on 2012-08-24
Last Modified: 2012-09-08
My setup: Router<--trunk-->3560X<-->Avaya phone<-->PC
vlan 20 (data)
vlan 30 (voice)
vlan 1 (native vlan)

I'd like to stay away from vlan 1 and make vlan 200 my management vlan. But I am not sure if it is working correctly as far as best practice is concerned.

When I changed the management interface vlan id to 200 (see attached), vlan 200 becomes management and native. Two statements switchport access vlan 200 &  switchport trunk native vlan 200 were added to all of my interfaces. I then removed them all because my ports are reserved for vlan 20 and vlan 30.

So traffic like cdp, vtp, and PAgP will then be placed in vlan 200. Correct?

Cisco recommends to remove vlan 200 from the trunk. How will this work in my scenario?

Can I have vlan 1 as native and vlan 200 as the management vlan? If yes then 3560X won't allow me to do that.

Question by:biggynet
    LVL 50

    Accepted Solution

    If you're going from the switch to the a phone, you will only have to VLANs. The native VLAN (which will be the data VLAN) and the voice VLAN.

    VTP, CDP, etc are always carried on VLAN 1.
    LVL 4

    Assisted Solution

    The only security concern is to secure the physical port. IF you really want to secure the management of the switch you should connect to the switch port seen physically the switch (one vlan for just that port), ask the switch to encrypt the management connection, or let the firewall be a proxy to manage the switch (the firewall and the switch must be in the same room, and the room must be locked, vlan for just that port connection).

    Featured Post

    How your wiki can always stay up-to-date

    Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
    - Increase transparency
    - Onboard new hires faster
    - Access from mobile/offline

    Join & Write a Comment

    Data center, now-a-days, is referred as the home of all the advanced technologies. In-fact, most of the businesses are now establishing their entire organizational structure around the IT capabilities.
    PRTG Network Monitor lets you monitor your bandwidth usage, so you know who is using up your bandwidth, and what they're using it for.
    Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
    Here's a very brief overview of the methods PRTG Network Monitor ( offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

    746 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    14 Experts available now in Live!

    Get 1:1 Help Now