• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 592
  • Last Modified:

vlan trunking

Hello,
I understand vlans and trunking. What I don't understand is the "access mode vlan" and "trunking native mode vlan" on a trunking port and why the difference and what it means.

I know that all traffic for a certain vlan is only for switchports designated for that vlan. But what is the native vlan and what traffic does it carry?

What does this mean below also:

Negotiation of Trunking: On
Access Mode VLAN: 1 (default)
Trunking Native Mode VLAN: 10 (VLAN0010)

Thanks.
0
tolinrome
Asked:
tolinrome
  • 2
2 Solutions
 
giltjrCommented:
--> Negotiation of Trunking: On

Means that this port is not forced as a trunk.  It will negotiate with the device connected to that port to see if it should run as in trunk or access mode.

--> Access Mode VLAN: 1 (default)

Use VLAN 1 if this port is running in access mode.  So if negotiation as a trunk fails, this port will be in access mode.

--> Trunking Native Mode VLAN: 10 (VLAN0010)

If this port is running in trunk mode, the native VLAN is VLAN 10.
0
 
MiftaulCommented:
But what is the native vlan and what traffic does it carry?

Native VLAN carries control traffic, say the keepalives like dtp, cdp to keep the trunks on.

Negotiation of Trunking: On
It means one end of the link is negotiating dtp packets with the other end to form trunk. if the other end is set to auto or trunk, the trunk forms. For security purposes, we usually disable this feature by using "switchport nonegotiate"

Access Mode VLAN: 1 (default)
If the trunk is not forming, this link will default to access port VLAN1

Trunking Native Mode VLAN: 10 (VLAN0010)
Native VLAN carries control traffic, here the Native VLAN is set to VLAN10
0
 
giltjrCommented:
On a trunk you can have tagged or untagged frames.  Any frame that is untagged is assumed to be on the native VLAN.  So if your native VLAN is VLAN 10, any untagged traffic is assumed to be on VLAN 10.

Some switches have started allowing you to tag the native VLAN traffic.  This is so somebody cant craft frames that are  802.1Q double-tagged which could/would allow them to travers VLAN's.  One reference:

http://www.networkworld.com/community/node/38732
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now