Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1074
Views
15
Helpful
3
Replies

why should to define native vlan?

Go to solution
Student6001186
Level 1
Level 1

‎04-23-2020 08:29 AM

Hello everyone. I'm student. 

today I got some question from teacher.

he asked me that why should to define native vlan?

I try to search many web but I still don't understand.

Could someone to tell me, please? T^T

Labels:
0 Helpful
3 Accepted Solutions

Accepted Solutions

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎04-23-2020 09:42 AM

Purpose of Native VLAN. Concept of native is to sent frames untagged on that particular vlan. All the other frames on other vlans will be tagged with particular vlan tag, once it transverses between switch to switch or switch to router.

 

Good example  to understand here :

 

https://networklessons.com/switching/802-1q-native-vlan-cisco-ios-switch

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

View solution in original post

Go to solution
ngkin2010
Level 7
Level 7

‎04-23-2020 09:59 AM

Hi,

I think your teacher was asking why should we define a dedicated native VLAN for Native VLAN.

For example, prevent using VLAN1 (& other user's VLANs) as native VLAN on a switch's trunk link.

This is a best practice suggested by Cisco to prevent VLAN Hopping attack.

In short, if attack is on the VLAN that same as the native VLAN, then attacker could have access to all other VLAN by tagging 802.1Q header twice in its frame.

Try to search the term 'VLAN hopping' to learn more about, many blogs illustration it with pictures/animation might help you to understand it more easily.

Therefore, it's better to separate native VLAN and user VLAN in term of security.

But in the real world, I don't see many organization adopt this best practice.

View solution in original post

Go to solution
Martin L
VIP
VIP

‎04-23-2020 04:04 PM

 

Native vlan is vlan1 by default on every L2 switch by Cisco.  those switches also use vlan 1 by default meaning all ports belong to vlan 1 by default.  it is sort of plug and play. you turn on switch, plug in some devices and those devices will not be stopped by switch.  you can see Security risks here.

 

Regards, ML
**Please Rate All Helpful Responses ** 

 

View solution in original post

3 Replies 3

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎04-23-2020 09:42 AM

Purpose of Native VLAN. Concept of native is to sent frames untagged on that particular vlan. All the other frames on other vlans will be tagged with particular vlan tag, once it transverses between switch to switch or switch to router.

 

Good example  to understand here :

 

https://networklessons.com/switching/802-1q-native-vlan-cisco-ios-switch

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Go to solution
ngkin2010
Level 7
Level 7

‎04-23-2020 09:59 AM

Hi,

I think your teacher was asking why should we define a dedicated native VLAN for Native VLAN.

For example, prevent using VLAN1 (& other user's VLANs) as native VLAN on a switch's trunk link.

This is a best practice suggested by Cisco to prevent VLAN Hopping attack.

In short, if attack is on the VLAN that same as the native VLAN, then attacker could have access to all other VLAN by tagging 802.1Q header twice in its frame.

Try to search the term 'VLAN hopping' to learn more about, many blogs illustration it with pictures/animation might help you to understand it more easily.

Therefore, it's better to separate native VLAN and user VLAN in term of security.

But in the real world, I don't see many organization adopt this best practice.

Go to solution
Martin L
VIP
VIP

‎04-23-2020 04:04 PM

 

Native vlan is vlan1 by default on every L2 switch by Cisco.  those switches also use vlan 1 by default meaning all ports belong to vlan 1 by default.  it is sort of plug and play. you turn on switch, plug in some devices and those devices will not be stopped by switch.  you can see Security risks here.

 

Regards, ML
**Please Rate All Helpful Responses ** 

 

Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card