cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2149
Views
10
Helpful
3
Replies

native VLAN 1

russ.givens
Level 1
Level 1

I'm in the process of setting up UCS.  The default native vlan has a vlan ID of 1 in UCS.  Our native vlan is 1000.  So I setup a new vlan with the vlan ID of 1000 and set it as the natvie VLAN.  I cannot delete the VLAN default (1) even though it isn't the native vlan anymore because UCS won't let me.  We use VLAN id 1 for some of our corporate servers so I can't create a vlan with that ID without an overlap.  Since it's not being used as the native vlan anymore can I go ahead and use VLAN default (1) or is there some issue with me using that vlan?

Additionally, one other question in regard to the natvie vlan.  I setup another UCS environment and have a few ESXi servers running on it with some active vm's.  When I setup UCS I added a vlan for our companines native vlan (vlan id 1000), but I forgot to set it as the Native VLAN.  So VLAN default (1) is still listed as the Native VLAN.  What implications would there be if I changed the Native VLAN to the vlan I setup (vlan id 1000) while there are running ESXi servers and virtual machines.  Neither the ESXi servers or vm's are using either on of those vlan's in service profiles and vnic templates.

3 Replies 3

Robert Burns
Cisco Employee
Cisco Employee

Russ,

VLAN 1 can't be pruned from your uplinks it's one of those caveats.  We strongly discourage the use of VLAN 1 anywhere in your network as it presents a security risk.  (Since VLAN 1 exists on every switch by default, its hard to block access to devices using that VLAN).

You can still use VLAN 1 even if it's not set as the native - no problem there.  Just take note that VLAN is not elgible for Disjoint L2 configuration and will always be allowed on all uplinks.  If you don't have any disjoint L2 networks - then its no problem for you.

When you talk about the Native VLAN be careful.  If things are working as they are with VLAN 1 as the native vlan, changing it could impact your hosts if they need to communicate to other northbound devices.  I really try to caution people against using Native VLANs at all.  You're blindly sending untagged packets, and relying on the upstream L2 device to decide which VLAN to put the traffic onto.  Native VLANs can change from hop to hop also so it opens up the door for VLAN mis-matching.   You're far better off to TAG EVERYTHING - so there's no concern of native VLANs getting mixed up anywhere. 

Regards,

Robert

Hi Robert

There are however 2 cases, where the native vlan is mandatory (hopefully in a vlan =/ 1 ): PXE boot and iSCSI boot ?

Walter.

Walter - Yes you're correct - good catch & thanks for keeping me honest!.  I don't so much mind using Native VLANs to hosts within UCS, but going Northbound definately not necessary.

Robert

Review Cisco Networking for a $25 gift card

Review Cisco Networking for a $25 gift card