Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1187
Views
0
Helpful
8
Replies

Native Vlan Tagging

Go to solution
shailendra harinkhede
Level 1
Level 1

‎09-19-2017 01:12 PM - edited ‎03-08-2019 12:05 PM

I have blow switch configuration :

Created by: D-Default, S-Static, G-GVRP, R-Radius Assigned VLAN

Vlan   Name   Ports  Created by
---- ----------------- --------------------------- ----------------
1      1 gi1-4,gi7-10,gi14-28,Po1-8 D
12     12 gi11-13 S
103    103 gi5-6 S
122     122 gi25 S

 

 

Can I add/pass new vlan 7 on gi11-13, these interface native vlan is1.

 

My doubt I if make the  gi11-13 inorder to pass the vlan 7 (by using command switchport trunk allowed vlan)  does it pass vlan 1 traffi as well?

How can we restrict traffic on gi11-13 for vlan 7 & 12.

)

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Julio E. Moisa
VIP Alumni
VIP Alumni
In response to shailendra harinkhede

‎09-19-2017 02:07 PM - edited ‎09-19-2017 02:13 PM

Hi

Yes, I recommend create a new native vlan but consider in a future change the network under the VLAN 1 to other VLAN. 

If you are going  to keep the VLAN 1 for users (not recommended, as Jon mentioned previously it is used for CDP, VTP, etc) you should allow the VLAN 1 over the Trunk and configure a new Native VLAN under the trunk, for example:

 

conf t

vlan 999

name NATIVE-VLAN

 

interface gi11-13

switchport trunk encapsulation dot1q (if it is not already explicitily)

switchport trunk native vlan 999

switchport trunk allow vlan 1,7,22

switchport mode trunk

no shutdown

 

*Remember if you are going to add a new VLAN over the trunk you need to use: add, otherwise it will be overwritten.

 

:-)




>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<

View solution in original post

0 Helpful
8 Replies 8

Go to solution
Julio E. Moisa
VIP Alumni
VIP Alumni

‎09-19-2017 01:14 PM - edited ‎09-19-2017 01:15 PM

Hi

The native VLAN is not required to pass over a trunk interface, You can filter the vlan 7 only and it will not generate any impact. 

switchport trunk allow vlan 7,12 

 

But is recommended to have the same native vlan on both ends. 

 

:-)

 




>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<
0 Helpful

Go to solution
shailendra harinkhede
Level 1
Level 1
In response to Julio E. Moisa

‎09-19-2017 01:17 PM

When I will add the bleow command on gi11-13, doesnt it pass the vlan 1 traffic ? and That can cause issue. 

 

 switchport trunk allowed vlan add 122

0 Helpful

Go to solution
Julio E. Moisa
VIP Alumni
VIP Alumni
In response to shailendra harinkhede

‎09-19-2017 01:20 PM - edited ‎09-19-2017 01:21 PM

Hi

Nop it will not generate any issue, the native vlan can be omitted over a trunk. 

 




>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<
0 Helpful

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame
In response to shailendra harinkhede

‎09-19-2017 01:31 PM - edited ‎09-19-2017 01:32 PM

The trunk will pass vlan 1 control plane traffic such as CDP, VTP etc. even if you do not allow it on the trunk but it will not pass any data traffic in that vlan. 

 

So as Julio says no need to allow it on the trunk. 

 

Jon

0 Helpful

Go to solution
shailendra harinkhede
Level 1
Level 1
In response to Jon Marshall

‎09-19-2017 01:42 PM

VLAN 1 is data Vlan configured in this switch 

 

WebIntSw1#show running-config interface vlan 1
'interface vlan 1
ip address 172.30.0.23 255.255.255.0
no ip address dhcp
!

 

 

0 Helpful

Go to solution
Julio E. Moisa
VIP Alumni
VIP Alumni
In response to shailendra harinkhede

‎09-19-2017 01:45 PM - edited ‎09-19-2017 01:46 PM

Hi

For security reason the vlan 1 should not be used and it should be shutdown, now you can create a specific native vlan but this vlan should not be used for other role in few words it should be used for any network or end user. 

I suggest create a new vlan and assign the native vlan role. 

If you want to should down the vlan 1 (recommended), you can execute the following commands:

 

configure terminal

interface vlan 1

shutdown 




>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<
0 Helpful

Go to solution
shailendra harinkhede
Level 1
Level 1
In response to Julio E. Moisa

‎09-19-2017 01:54 PM

Thanks for help 

In my case VLAN 1 already used, so I should create native VLAN for any new trunk prort.

So it should not pass VLAN 1 traffic 

intreface gi11-13

#switchport trunk native vlan 3 (any non used vlan)

# switchport trunk allowed vlan add 7,12...

 

0 Helpful

Go to solution
Julio E. Moisa
VIP Alumni
VIP Alumni
In response to shailendra harinkhede

‎09-19-2017 02:07 PM - edited ‎09-19-2017 02:13 PM

Hi

Yes, I recommend create a new native vlan but consider in a future change the network under the VLAN 1 to other VLAN. 

If you are going  to keep the VLAN 1 for users (not recommended, as Jon mentioned previously it is used for CDP, VTP, etc) you should allow the VLAN 1 over the Trunk and configure a new Native VLAN under the trunk, for example:

 

conf t

vlan 999

name NATIVE-VLAN

 

interface gi11-13

switchport trunk encapsulation dot1q (if it is not already explicitily)

switchport trunk native vlan 999

switchport trunk allow vlan 1,7,22

switchport mode trunk

no shutdown

 

*Remember if you are going to add a new VLAN over the trunk you need to use: add, otherwise it will be overwritten.

 

:-)




>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<
0 Helpful
Customers Also Viewed These Support Documents