Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
494
Views
0
Helpful
1
Replies

default and native vlan

Labanelamia
Level 1
Level 1

‎06-27-2015 06:37 AM - edited ‎03-03-2019 07:54 AM

::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Can somebody help me to understand what this means ??
when i change the native vlan 1 to vlan X  the control traffic will be tagged  with vlan ID X ??!!!
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
All control traffic is sent on VLAN 1. Therefore, when the native VLAN is changed to something other than VLAN 1, all control traffic is tagged on IEEE 802.1Q VLAN trunks (tagged with VLAN ID 1). A recommended security practice is to change the native VLAN to a different VLAN than VLAN 1. The native VLAN should also be distinct from all user VLANs. Ensure that the native VLAN for an 802.1Q trunk is the same on both ends of the trunk link

 

Labels:
0 Helpful
1 Reply 1

Eduardo Ramirez
Level 1
Level 1

‎06-27-2015 09:46 AM

By default the native vlan passes all untagged traffic, which includes most control plane traffic.  You can enable (on most switch platforms) the tagging of native vlan traffic, but there are not a whole lot of cases where you would need/want to do this.  It is best practice to change the native vlan to something different than 1 to protect against vlan hopping attacks.  On my network we use vlan 999 as the default vlan on some segments.

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card