Like @David Ruess and @Peter Paluch, I too would normally say a Cisco access port's assigned VLAN much behaves like a Cisco native VLAN port on a Cisco trunk, i.e. frames for that VLAN will be sent untagged, and if an untagged frame is received, it will be "within" the VLAN assigned to the access port.

However, I believe (?) a Cisco trunk port will also accept received frames tagged for the native VLAN.  I.e. incoming packets can be without a VLAN tag or with a VLAN tag for the native VLAN.  Both would be forwarded into the native VLAN.  I don't believe (?) a Cisco access port will accept a VLAN tagged frame (except when a voice VLAN has also been assigned to that port, and then, the VLAN tag must match the voice VLAN).

I recall (?) other vendor's "trunk" ports, behave more in conformance with RFCs, than Cisco's (Cisco implementations often predate RFCs, and they aren't always revised to fully conform so as to maintain backward Cisco capability pre-RFC).  Perhaps something similar with access ports.(?)

BTW, it's not uncommon to find other vendors' network equipment work a bit differently from Cisco (or also possibly other vendors too).  Sometimes getting different vendor equipment to "play nice together" can be "interesting" (as in the [possible] Chinese curse).

Hi Joseph,

To my best recollections,

• On trunks, Catalyst switches will accept tagged frames on/in the native VLAN. After all, this is inevitable if the traffic in the native VLAN needs to be marked with an explicit Class-of-Service (CoS) value because the CoS field is an integral part of the VLAN tag. The only way, then, is to tag even the native VLAN traffic.
• On access ports, the behavior varied between platforms:
  • Old Catalyst switches (Cat 2950, 3550) accepted tagged traffic on access ports if the VLAN ID was 0 or matched the access VLAN ID. The port did not need to be configured with a voice VLAN, but if it was, it would also accept tagged traffic on the voice VLAN, of course.
  • Newer Catalysts (starting from Cat 2960) accept tagged traffic on access ports if the voice VLAN is configured, and then the accepted tagged traffic would be for VLAN IDs 0, access VLAN, and voice VLAN.

Admittedly, tagged traffic on an access port is an unusual occurrence and different platforms will very likely vary in their behavior so I wouldn't claim that the behavior described above would apply across all Catalyst portfolio.

Best regards,
Peter

Thanks Peter, VLAN 0 tags, for CoS purposes, slipped my mind.

Not really surprising the different Cisco generation switch behaviors you mention.  I.e. you don't always need to mix vendors for "interesting" "let's all play nice together", laugh.

Hey Joe : )

Regarding the surprisingness - or not - this behavior is specific to the ASIC on which the switch is built. 2950/3550 used one generation of the ASIC, 2960/3560/3750 used another one, 3650/3850 yet another one, and I'm not even going to talk about the plethora of ASICs used on the different linecard types of 4500, 6500, now 9500... Some ASICs form a continuing evolution line, but often, a new ASIC is an entirely new implementation, a new take on the thing. And especially with rare and corner cases like these, the behavior may vary wildly.

Best regards,
Peter

Peter, sort of ditto for QoS on switches and their line cards too.

I believe that there are 2 ways of approaching the questions asked in the original post. Several of the posts (especially Peter's excellent explanation) focus on what commands are you able to enter without encountering a syntax error. From that perspective yes it is possible to configure a native vlan on an access port. The other way of looking at the question is the perspective of what are the behaviors of the interface. If you configure an access port with native vlan does the behavior change. From this question asked in the original post "What would be a scenario that would require a native vlan for a access port ?" I believe the original poster is more interested in the behaviors then in what syntax is allowed. 

Hi Peter,

If access port is configured with native vlan how does the traffic flow through L2 domain? Does this mean that the traffic received on such access port is forwarded in native vlan on trunk? So basically if I have device connected on native vlan 10, in order to reach default gateway, I have to put default gateway in the native vlan, as well? I am confused because I understand I can have one port configured with access vlan 10 and other with switchport trunk native vlan 10. How can this work?

There are several things in your question that I do not understand. Let me offer this explanation and if it does not satisfy you then please provide clarification. If a switch port is configured as an access port in vlan 10 it can also have configuration that the native vlan is vlan 10. If a frame is received that is untagged it is treated as belonging in vlan 10 and can be forwarded to other ports in vlan 10 (including to a port configured as a trunk that includes vlan 10, vlan 10 is not necessarily the native vlan). If a frame is received that is tagged as being in vlan 10 it is treated as belonging in vlan 10 and can be forwarded to other ports in vlan 10 (including to a port configured as a trunk that includes vlan 10, vlan 10 is not necessarily the native vlan). If a frame is received that is tagged as being in some other vlan (which would indicate some error in the configuration of the peer device) it will not be forwarded to any port.

The gateway for vlan 10 must be an interface (or subinterface) that belongs in vlan 10.