cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
238
Views
0
Helpful
1
Replies
Highlighted
Beginner

default and native vlan

::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Can somebody help me to understand what this means ??
when i change the native vlan 1 to vlan X  the control traffic will be tagged  with vlan ID X ??!!!
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
All control traffic is sent on VLAN 1. Therefore, when the native VLAN is changed to something other than VLAN 1, all control traffic is tagged on IEEE 802.1Q VLAN trunks (tagged with VLAN ID 1). A recommended security practice is to change the native VLAN to a different VLAN than VLAN 1. The native VLAN should also be distinct from all user VLANs. Ensure that the native VLAN for an 802.1Q trunk is the same on both ends of the trunk link

 

1 REPLY 1
Highlighted

By default the native vlan passes all untagged traffic, which includes most control plane traffic.  You can enable (on most switch platforms) the tagging of native vlan traffic, but there are not a whole lot of cases where you would need/want to do this.  It is best practice to change the native vlan to something different than 1 to protect against vlan hopping attacks.  On my network we use vlan 999 as the default vlan on some segments.