Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1516
Views
3
Helpful
3
Replies

Incorrect Native VLAN usage.

Go to solution
jimmycher
Level 1
Level 1

‎01-20-2016 12:05 PM - edited ‎03-05-2019 03:09 AM

I have a legacy configuration, where my switch is connected to a firewall, via a trunk.  

The firewall is showing a lot of overruns.

The switch config is:

Int f0/7

  switchport access 52

  switchport trunk native 52

  switchtrunk trunk allow vlan 52

  switchport mode trunk

I understand the "switchport access 52" command is meaningless, since it is manually set to trunking.

And I know that the "switchport trunk native 52" is bad, but I'm not sure why.

Can someone explain the practical effect?

Thanks.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame
In response to jimmycher

‎01-20-2016 12:55 PM

The control plane protocols would go on vlan 1 tagged because you have changed the native vlan except for DTP which always uses the native vlan.

And they would go across the link even if you don't allow the vlan on the trunk which you haven't.

Personally if it does not have to be a trunk ie. it is not a requirement of the firewall then I would simply make it an access port because you are only passing one vlan anway. .

Jon

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame

‎01-20-2016 12:24 PM

It's not particularly bad ie. you can set the native vlan to anything you want and people often change it but the question is why is the port configured as a trunk when you are only allowing vlan 52 ?

Jon

Go to solution
jimmycher
Level 1
Level 1
In response to Jon Marshall

‎01-20-2016 12:27 PM

It's a legacy I inhereted; I'd like a good explanation before I get authorization to remove it.

 

Wouldn't all the untagged data go out this port, like control plane stuff, that would normally be on VLAN 1 ??

0 Helpful

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame
In response to jimmycher

‎01-20-2016 12:55 PM

The control plane protocols would go on vlan 1 tagged because you have changed the native vlan except for DTP which always uses the native vlan.

And they would go across the link even if you don't allow the vlan on the trunk which you haven't.

Personally if it does not have to be a trunk ie. it is not a requirement of the firewall then I would simply make it an access port because you are only passing one vlan anway. .

Jon

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card