08-17-2012 02:41 PM - edited 03-07-2019 08:24 AM
Can we have multiple Native VLANs configured on a single switch(if we have to) on multiple trunks ?
---
Posted by WebUser Cisco NetPro from Cisco Support Community App
08-17-2012 06:18 PM
Can we have multiple Native VLANs configured on a single switch(if we have to) on multiple trunks ?
Multiple Native VLANs on a single link? I don't think so.
08-18-2012 01:15 AM
Hi ,
Perhaps they're alluding to the fact that you can configure a switch port's access vlan and trunking native vlan separately? "show interface
The author's use of terminology is confusing, as you've both noted. This is the best explanation that I could come up with. As El Tigre noted only one would be relevant based on the current operating mode of the port. The author may have just been making a point that if you review the port configuration, be aware of the port's operating mode so that you know which vlan to reference.
Not sure if I got this right, when you say native vlan, do you mean your mgmt vlan? ie. the SVI: Interface vlan xxx or do you mean the native vlans you've defined on the dot1q trunks?
The native vlans for dot1q trunks can be configured on a per-link basis, the trunk on the 2950 going to the core can have vlan 999 as the native vlan while the trunk to the backup segment can use vlan 1 by default without config modifications.
Switch(config-if)#switchport trunk native vlan
If you're talking about management vlan, then pruning is your friend or enemy. For the trunk to the core, make sure mgmt vlan isn't pruned, by default, 999 would be prune eligible. As for "not allowing vlan 1" to reach vlan 999, the 2950 can only have one SVI active at a time, so unless there's a router for those two segments, they shouldn't route.
Regards
Please rate if it helps.
10-28-2012 07:20 AM
Each trunk can be configured with a different native VLAN if you want. It is a best practice to tag all VLANs on the trunks. On the interface level "switchport trunk native vlan tag" or globally "vlan dot1q tag native". This prevents a double encapsulation attack which exposes your native VLAN to any user on any other trunked VLAN.
---
Posted by WebUser Charles Hill from Cisco Support Community App
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide