Hello Julio,

Thank you very much for the information. But i am still not clear on the topic. Firstly, we can all agree that VLAN 1 is also a vlan, right? So, i am little confused what an untagged frame is because by default, every port on a switch must be a member of at least 1 VLAN. Also, as per my instructor, the frames coming from default vlan is always untagged. Is it correct?, because those two are opposite to each other.

Secondly, i have consulted many videos on youtube and other material. They say that when a switch receives an untagged frame, it tags that frame with its native vlan and forwards it to those vlan ports.But you have said that those frames will be discarded after they are tagged with native vlan. So, are you trying to say, any frame tagged with native vlan is discarded on trunk link?

I have hereby attached a video for you reference (time after7 mins).

Thank You for help

Hi,

As we know the VLAN has significant locally only, when a frame travels from a switch to other passing through over a trunk interface, the frame is examined and a tag is added to indicate the destination VLAN, now if we receive an untagged frame it will be sent to the native vlan and the native vlan will drop this frame. We can see this as an security process, now the best practice says, create a new vlan fro that specific role and replace the vlan 1 as native vlan on the trunks, because an attacker could deploy a vlan hoping attack. 

The tagging procedure is made on the trunk interface only, rarely we will see untagged frame, blogs or websites mention that untagged frames could be associated to like voice packets. 

https://supportforums.cisco.com/t5/lan-switching-and-routing/native-vlan-tagging/td-p/2267039

:-)

Hello Julio,

So, can we conclude any untagged frame going through trunk link will be discarded by switch? So, what will be the case in a single switch scenario? There won't be any native vlan as there won't be any trunk link.

Also, i didn't get what an untagged frame is. As each port a switch is a member of at least default vlan, so there is nothing like untagged frame, right?

Thank you 

Hello,

Vlan 1 is the default vlan on cisco switches and therefore a native vlan on any trunk interface configured on the cisco switch. Vlan 1 is used for all management traffic behind the scenes like STP and CDP and therefore vlan 1 can't be suspended or shutdown. As Julio mentioned, you can change the native vlan from vlan 1 to any other vlan for security purposes as traffic associated with native vlan would be untagged. In my opinion, you shouldn't be using vlan 1 and any unused ports shouldn't be assigned to vlan 1 or native vlan ( if you have changed default native vlan 1 to any other vlan).

Note even if you change the native vlan from 1 to some other vlan that doesn't stop vlan 1 from traversing on that trunk port, because vlan 1 is continued to be used by the cisco iOS for management purposes in the background.

Also, as per my instructor, the frames coming from default vlan is always untagged. Is it correct?

 In my opinion, if the native vlan has been changed to a vlan other than vlan 1 on a trunk port then a data frame that belongs to vlan 1 must be tagged or it will be dropped by the receiving switch.