Solved: native vlan

chiragom2341 · ‎07-15-2015

what is native vlan actually ? in which cases we can use it ?

Example : switch 1 has two vlans namely vlan 1 and vlan 2, similarly switch 2 has two vlans namely vlan 1 and vlan 2. Each vlan has one host and both switches are connected with trunk link - dot1Q protocol.

Swith 1 has native vlan 1 and Switch 2 has native vlan 2.

Upon looking the topology we can tell traffic can go through trunk link but it would not deliver to appropriate host. I mean, if host from vlan 1 of switch 1 sent packet to vlan 1 host on switch 2, it would not deliver. why is it ? is that because the switches have different native number....?

what is native vlan, is it required in today's network ?

Thanks for the time !

Chirag

Richard Burts · ‎07-16-2015

I would like to focus on this part of the question "so I can use native vlan technic in place of router". No you can not use the native vlan technique in place of router. The router is capable of forwarding between vlans. This trick is only forwarding within a vlan - and the trick is that the vlan identifier is different on the two switches. But it is still a single broadcast domain and technically it is a single vlan.

HTH

Rick

HTH

Rick

View solution in original post

InayathUlla Sharieff · ‎07-15-2015

Hi,

the IEEE 802.1q TRUNKING encapsulation standard says the NATIVE VLAN represents traffic sent and received on an interface running 802.1q encapsulation that does not have a tag. So altough the NATIVE VLAN exists also on access ports, its role is relevenat only on trunk ports.
here is the thing: you have 2 switches connected via a trunk port; you create VLAN 2 on both switches; on one end of the trunk you modify the NATIVE VLAN to be VLAN2;what will happen, just a short description?; if the first switch (with NATIVE VLAN 1 on the trunk) receives a frame from VLAN1 and decides it needs to send the frame on the trunk port, it will see that the frame was issued from VLAN1 which is the NATIVE VLAN on the trunk port it will send the frame out the trunk port UNTAGGED. Now when switch 2 receives the frame, it sees it is untagged and it will associate the frme with its NATIVE VLAN which is VLAN2.
the NATIVE VLAN can be modified on a per-port basis or it can be "disabled", emaning you can configure some higher-end switches to tag all frames, so there is not NATIVE VLAN.
with the CDP message saying "native VLAN mismatch" the problem is not the error messasge but the thing that you couls have L2 loops in the network or frames hopping between VLANs directly at L2, without a L3 device.

The error message can be seen in multiple situations:

CDP version mismatch; CDP version 2 carries NATIVE VLAN information while CDP version 1 does not
trunk with mismatched NATIVE VLANs-----my example from above
both ends are configured as access but on different VLANs
one end is configured as access on VLAN x and the other end is configured as trunk with a NATIVE VLAN different than VLAN x.

Regards

please rate if it helps.

chiragom2341 · ‎07-15-2015

interesting !

so I can use native vlan technic in place of router because with this trick we can send traffic to different vlans just by changing the native vlan number, am I right ?

can I say because of switch has different native vlan numbers, the frame is not delivered to appropriate vlan. is this right ? suppose, switch 2 has native vlan 1 then the frame would deliver appropriate location - vlan 1 at switch 2

OR

trunk with mismatched native vlans ?

according to your explanation I can guess the native vlan value can only be change at trunk port. Is it possible to change it from access port ?

what you have explained is really help full ! Thank you.

Chirag

InayathUlla Sharieff · ‎07-16-2015

so I can use native vlan technic in place of router because with this trick we can send traffic to different vlans just by changing the native vlan number, am I right ?

Answer:---we suggest not to do so as you will be ending up by vlan leaking.

can I say because of switch has different native vlan numbers, the frame is not delivered to appropriate vlan. is this right ? suppose, switch 2 has native vlan 1 then the frame would deliver appropriate location - vlan 1 at switch 2

Answer:-yes which ever is the native vlan the packet would be redirected. Example if the native vlan is 2 on switch one but native vlan is 1 at other end switch then the packet of vlan 2 will be sent to vlan 1 of other switch this is what called as vlan leaking.

OR

trunk with mismatched native vlans ?

according to your explanation I can guess the native vlan value can only be change at trunk port. Is it possible to change it from access port ?

No native vlan is only to be used when there is fun trunk link with 802.1d.

what you have explained is really help full ! Thank you.

chiragom2341 · ‎07-18-2015

Thank you every one for replying. It really helped me to understand better and correctly.

Thanks once again !

Chirag

Joseph W. Doherty · ‎07-16-2015

Disclaimer

The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.

Liability Disclaimer

In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.

Posting

Regarding the "trick" of using native VLANs to move traffic between different VLANs on between different switches, across trunks, yes, you can do similar with access ports. For those, all you need to do is have one switch use VLAN X and the other use VLAN Y and traffic will flow between them. As InayathUlla has already described for trunks, CDP may flag the VLAN mismatch across the access ports too.

Richard Burts · ‎07-16-2015

I would like to focus on this part of the question "so I can use native vlan technic in place of router". No you can not use the native vlan technique in place of router. The router is capable of forwarding between vlans. This trick is only forwarding within a vlan - and the trick is that the vlan identifier is different on the two switches. But it is still a single broadcast domain and technically it is a single vlan.

HTH

Rick

HTH

Rick

Joseph W. Doherty · ‎07-16-2015

Disclaimer

The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.

Liability Disclaimer

In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.

Posting

Rick raises a good point, and if my answer implied this "trick" can take the place of a router (always), that was unintended. Actually I was only addressing doing something similar using access ports. That said, on the router question, I differ from Rick in believing this "trick" could be used in place of a router.

What the "trick" does, whether on a trunk or access ports, it joins the VLANs at L2. I.e where you had VLAN separation, you no longer do.

Basically, the "trick" is about the same as assigning all hosts into the same VLAN from the start, but assigning them into different logical networks.

Assuming your hosts were addressed such that those hosts on the different VLANs are in different networks (e.g. VLAN X 192.168.1.0/24 and VLAN Y 192.168.2.0/24), they may not have direct logical access between logical networks just because all hosts are now in one physical network (e.g. VLAN X+Y or VLAN Z, with half the hosts in 192.168.1.0/24 and half the hosts in 192.168.2.0/24).

Whether hosts, on different logical networks but on same physical network, can directly intercommunicate, without a router, depends on whether the hosts are configured to have a gateway or not. If they are configured to not use a gateway, they will ARP for any destination, and hosts on the same physical network, but even in a different logical network, should respond to the ARP.

If hosts are configured to use a gateway, they will direct their off local logical network traffic to it. The gateway will forward the traffic if it can.

In cases where you intentionally have multiple logical networks on the same physical network, hosts are usually configured to still use a gateway, but the gateway router, might have multiple addresses on the port that connects to the physical network. So, even though hosts in different logical networks are on the same physical network, traffic between those networks is routed (via gateway). (NB: the foregoing might be used for host re-IPing.)