Native Vlan Commands
Native Vlan Commands
I have seen the following commands used on Cisco Switches.
example:
At the interface level: Switchport Trunk native vlan 10
At the Global configuration : Vlan dot1q tag native
what is the difference between both commands ?
Thank you
I have seen the following commands used on Cisco Switches.
example:
At the interface level: Switchport Trunk native vlan 10
At the Global configuration : Vlan dot1q tag native
what is the difference between both commands ?
Thank you
ASKER
The first one defines the native VLAN for a specific port.
I thought by default all ports are in Native Vlan
No. The native VLAN only exists on trunk ports. Access ports do not have a native VLAN.
By default, all trunk ports use VLAN 1 as the native VLAN. Best practice is to never use VLAN 1 as the native VLAN. So if you create a trunk port, one of the first tasks you should do is to define a different VLAN as the native VLAN.
By default, all trunk ports use VLAN 1 as the native VLAN. Best practice is to never use VLAN 1 as the native VLAN. So if you create a trunk port, one of the first tasks you should do is to define a different VLAN as the native VLAN.
ASKER
OK..If I understand Trunk port carry Native VLAN traffic ,either the Default VLAN 1 or the Native VLAN that the Administrator configure manually.
what about this:
what about this:
The second one makes the switch tag the native VLAN on all trunk ports.
One of the characteristics of the native VLAN is that it is untagged.
A while back, a provision was added which allowed the native VLAN to be tagged.
A while back, a provision was added which allowed the native VLAN to be tagged.
ASKER
it is explained online this way :
"Typically, you configure 802.1Q trunks with a native VLAN ID, which strips tagging from all packets on that VLAN. To maintain the tagging on the native VLAN and drop untagged traffic, use the vlan dot1q tag native command."
**if you have a Switch1 with Default Native Vlan 1, and some few VLANS; VLAN 10, VLAN 20, VLAN 30. Switch1 is trunked to Switch2.
in this case all VLANs traffic will go through the Trunk to Switch2 including Native VLAN 1.
If we have ports in Switch 1 (example: Ports 11,13) that are not part of Any VLAN, their traffic will still be carried through default VLAN 1 to Switch2
vlan dot1q tag native : will prevent the traffic coming from ports 11,13 to go through the trunk ports to Switch 2 ?
Correct ?
"Typically, you configure 802.1Q trunks with a native VLAN ID, which strips tagging from all packets on that VLAN. To maintain the tagging on the native VLAN and drop untagged traffic, use the vlan dot1q tag native command."
**if you have a Switch1 with Default Native Vlan 1, and some few VLANS; VLAN 10, VLAN 20, VLAN 30. Switch1 is trunked to Switch2.
in this case all VLANs traffic will go through the Trunk to Switch2 including Native VLAN 1.
If we have ports in Switch 1 (example: Ports 11,13) that are not part of Any VLAN, their traffic will still be carried through default VLAN 1 to Switch2
vlan dot1q tag native : will prevent the traffic coming from ports 11,13 to go through the trunk ports to Switch 2 ?
Correct ?
If we have ports in Switch 1 (example: Ports 11,13) that are not part of Any VLAN, their traffic will still be carried through default VLAN 1 to Switch2
No. There is no way to have a switchport which is not a member of a VLAN. If you don't make a switchport a member of a VLAN, it will be a member of the default VLAN (VLAN 1).
The purpose of tagging the native VLAN is not to control what traffic goes over the trunk. It is simply to allow a tag to be applied to a frame which (in the past) had been untagged.
If you want to control which VLAN's are carried over a trunk, then you would remove specific VLAN's from the allowed list for that trunk.
ASKER
No. There is no way to have a switchport which is not a member of a VLAN. If you don't make a switchport a member of a VLAN, it will be a member of the default VLAN (VLAN 1).
I meant if you have not manually assigned Ports 11 and 13 to any specific VLAN, it will be member of VLAN 1 as you stated and carried through the Trunk Link to Switch 2. Unless if you are saying traffic from VLAN 1 does not go through the Trunk link
I am only saying that your statement of:
can't happen. An access switchport is always part of a VLAN.
If we have ports in Switch 1 (example: Ports 11,13) that are not part of Any VLAN
can't happen. An access switchport is always part of a VLAN.
ASKER
can't happen. An access switchport is always part of a VLAN.
If I am not wrong, when you do not assign a port to any VLAN, it will become member of VLAN 1 by default
Well... Kinda.
All switchports are a member of VLAN 1 by default. Right out of the box, every port is a member of VLAN 1 before you even power it up. It doesn't "become" a member of VLAN 1 if you don't assign the port to a VLAN. The port already IS a member of VLAN 1.
Subtle difference, but it's all about the details, right. :-)
All switchports are a member of VLAN 1 by default. Right out of the box, every port is a member of VLAN 1 before you even power it up. It doesn't "become" a member of VLAN 1 if you don't assign the port to a VLAN. The port already IS a member of VLAN 1.
Subtle difference, but it's all about the details, right. :-)
ASKER
if you connect;
Computer1 --> Switch1-->Switch2---Comput
as long as IP addresses of Computer1 and Computer2 are in the same subnet they will be able to ping each other. Because by default all interfaces of the Switches are in VLAN1
Computer1 --> Switch1-->Switch2---Comput
as long as IP addresses of Computer1 and Computer2 are in the same subnet they will be able to ping each other. Because by default all interfaces of the Switches are in VLAN1
That it correct.
ASKER
So what do they mean by :
"Typically, you configure 802.1Q trunks with a native VLAN ID, which strips tagging from all packets on that VLAN. To maintain the tagging on the native VLAN and drop untagged traffic, use the vlan dot1q tag native command."
Confusing ...
I though the Untagged Traffic is the Traffic from Native VLAN.
"Typically, you configure 802.1Q trunks with a native VLAN ID, which strips tagging from all packets on that VLAN. To maintain the tagging on the native VLAN and drop untagged traffic, use the vlan dot1q tag native command."
Confusing ...
I though the Untagged Traffic is the Traffic from Native VLAN.
I though the Untagged Traffic is the Traffic from Native VLAN.
It is.
But an OPTION is to also tag the native VLAN. This capability is relatively recent. And once again, it is optional. By default, native VLAN traffic on a trunk link is untagged.
ASKER
Cannot see in which scenario is this command:vlan dot1q tag native, will be used
Example:
Computer1 --> Switch1-->Switch2---Comput
if I apply the command : vlan dot1q tag native , and the Native vlan is default VLAN1
what will happen ?
Example:
Computer1 --> Switch1-->Switch2---Comput
if I apply the command : vlan dot1q tag native , and the Native vlan is default VLAN1
what will happen ?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks Don.
I will read more about sometime when I get a chance.
I will read more about sometime when I get a chance.
I wouldn't worry about it too much. Like I said, it's a feature but one that isn't used very often.
It's really a "good to know" thing as opposed to a "need to know" thing.
It's really a "good to know" thing as opposed to a "need to know" thing.
The second one makes the switch tag the native VLAN on all trunk ports.