Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
15295
Views
26
Helpful
12
Replies

Untagged traffic on native vlan

Go to solution
darwinsanchez6774
Level 1
Level 1

‎02-28-2017 03:02 AM - edited ‎03-08-2019 09:31 AM

Hello, it's my first time posting here and I will very much appreciate your kind response guys. I was just wondering how does a switch handle untagged traffic? If an untagged tragfic from a vlan passed through a trunk going to another switch, will the receiving switch forward the untagged traffic to all the ports no matter what vlan they belong to since the traffic has no vlan mark on it? Why or why not? Thanks in advanced. :-)

-dar

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Julio E. Moisa
VIP
VIP

‎02-28-2017 03:52 AM

Hi

If you are using a trunk between 2 switches, the native vlan is the one considered as untagged traffic, the rest of the frames belongs to specific vlans so these frames are tagged to include the vlan information and in this way they are forwarded to their destinations.

By default the vlan 1 is used for native vlan, but for security reasons it should be turned off and you could create a specific vlan for that role, note the native vlan should not be used for other role than native vlan.

Hope it is useful.

:-)




>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<

View solution in original post

12 Replies 12

Go to solution
Julio E. Moisa
VIP
VIP

‎02-28-2017 03:52 AM

Hi

If you are using a trunk between 2 switches, the native vlan is the one considered as untagged traffic, the rest of the frames belongs to specific vlans so these frames are tagged to include the vlan information and in this way they are forwarded to their destinations.

By default the vlan 1 is used for native vlan, but for security reasons it should be turned off and you could create a specific vlan for that role, note the native vlan should not be used for other role than native vlan.

Hope it is useful.

:-)




>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<

Go to solution
darwinsanchez6774
Level 1
Level 1
In response to Julio E. Moisa

‎03-01-2017 02:47 AM

Hello sir Julio, firstly thank u for your response. I just have a question, if that is the case,assume that I have vlan 10 20 and 30 on both  end of switches and i turned off vlan 1,  to completely separate untagged traffic for those 3 vlans, you are saying that I need to create 3 different native vlan and each is assign to 3 different trunk links(since 1 nv is only allowed per trunk link)? Please elaborate....thankyou

0 Helpful

Go to solution
Julio E. Moisa
VIP
VIP
In response to darwinsanchez6774

‎03-01-2017 02:55 AM

Hi Darwin,

You're welcome :-) and thank you.

Nop, you should should create one native vlan for your entire layer 2 network, for example you could create:

config
vlan 999
name NATIVE-VLAN

So each switch on your network should have it created in order to configure: switchport trunk native vlan 999 under each the trunk interface. 

:-)




>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<
0 Helpful

Go to solution
darwinsanchez6774
Level 1
Level 1
In response to Julio E. Moisa

‎03-01-2017 09:56 AM

If i only have vlan 999 on my network as native vlan and I also have like 5 different vlan on my network...how does the switch associate untagged traffic to specific vlan?

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame
In response to darwinsanchez6774

‎03-01-2017 12:12 PM

The switch only sends untagged traffic on the native vlan.

sw1 -> trunk -> sw2

you have 5 vlans as you say eg. vlans 2 - 6 on both switches. Any traffic sent over the trunk link for any of those vlans will be tagged with the relevant vlan ID. There will never be untagged traffic for any of those vlans on the trunk link because none of those vlans is the native vlan.

Only the native vlan is untagged which is why sw1 and sw2 must agree on what the native vlan is because there is no vlan ID tag to identify the vlan.

Does this make sense ?

Jon

Go to solution
darwinsanchez6774
Level 1
Level 1
In response to Jon Marshall

‎03-02-2017 12:15 AM

Hi sir Jon :-), thank you very much but I still have questions. How about the control protocols such as cdp, vtp, dtp, stp and the like? Aren't they transmitted by vlans? So they are vlan specific right? If they sent untagged over a trunk link that uses a single native vlan, how does a switch distinguish which vlan does specific control protocol s belong to? :-)

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame
In response to darwinsanchez6774

‎03-02-2017 07:10 AM

Good question.

The majority of control protocols are sent on vlan 1. If vlan 1 is the native vlan then they are untagged, if you have chosen a different native vlan then the control traffic is tagged.

DTP is an exception in that it always uses the native vlan so it's traffic is always untagged (I believe there is another protocol as well but can't remember it at the moment).

The only control protocol that would send on multiple vlans would be STP when using PVST and then the same rules as I covered in my last post apply ie. for all tagged vlans the STP traffic will also be tagged and only untagged on the native vlan.

Jon

Go to solution
hassankareem9111
Level 1
Level 1

‎02-28-2017 04:04 AM

Hi,

As I believe that native Vlan (untagged vlan), so the switch will remove the tagged vlan 1 from the frames that forwarded it to another switch through the trunk.

In this way the another switch will receive that untagged frames and forwarded to it's end devices that belong to native vlan in this switch regardless of it's ID.

So untagged frames goes to native valn in the far end.

0 Helpful

Go to solution
darwinsanchez6774
Level 1
Level 1
In response to hassankareem9111

‎03-01-2017 10:13 AM

Thank you for your answer hassankareem9111, what if I make a different native vlan (e.g. vlan 999). I also have like 3 different vlans on my network(e.g. vlans 10, 20, and 30) is it possible for the 3 vlans to use just 1 native vlan in 1 trunk link? If so, how does a switch distinguish which untagged traffic is destined to which vlan since there are no vlan mark on the frames when it is transported.

0 Helpful

Go to solution
freeny.hp@gmail.com
Level 1
Level 1
In response to hassankareem9111

‎03-09-2019 01:17 AM

What if in case of the native vlan itself is tagged and untagged traffic is received ?>

0 Helpful

Go to solution
veevekraj
Level 1
Level 1

‎02-28-2017 04:34 AM

Receiving switch will look for native vlan in it's vlan database. Native vlan can be vlan 1 or vlan 2 or any vlan based on configuration. if native vlan is configured and any port falls in that vlan then switch forward the received frame to that port.

 If native vlan is not configured then by default native vlan used by switches is vlan 1. in this case switch forward frame to the ports in vlan 1.

0 Helpful

Go to solution
darwinsanchez6774
Level 1
Level 1
In response to veevekraj

‎03-01-2017 10:03 AM

"if native vlan is configured and any port falls in that vlan then switch forward the received frame to that port"

Thank you for your response veevekraj1. If that is the case, and we can only have 1 native vlan trunk. what if I have several vlans(e.g.vlan 10, 20, and 30) on my network utilizing that same trunk, you mean I'm gonna assign the ports of all those vlan altogether on the native vlan?

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card