Many people get confused about native vlans, which is a very simple concept. Today we'll talk about native VLAN, what it is, why we use it, and what it does.
A native VLAN is a VLAN whose traffic traverses an 802.1q trunk without a VLAN tag. Native VLANs and management VLANs could be the same, but it's a good security practice to keep them separate.
It is by default that VLAN 1 is the native VLAN, but it can be changed to VLAN 2, 20, 99, or whatever you like. On the trunk port, it can be configured. According to the example (see the attached diagram in the post), PCs 2 and 6 are not assigned to any VLAN, so they belong to VLAN 1. PC2 can transmit a frame to PC6 without a VLAN tag over the trunk. Native VLANs are configured per trunk and per switch.
Changing the native VLAN from VLAN 1 to another VLAN is a best security practice. Use a special number, such as 99, 666, 777, or because the default native VLAN (VLAN 1) on Cisco switches is vulnerable to VLAN hopping attacks
The native VLAN should be the same on both ends of the trunk otherwise the trunk will not work properly.
Why native VLAN, what is the purpose of this VLAN?
1. Native VLANs are defined in 802.1q as a backward compatibility feature for old devices that do not support VLAN .
2. Ethernet networks must still be able to communicate even if all devices don't support 802.1q.
3. Native VLANs are used by switches to carry specific control and management protocols like Cisco discovery protocol (CDP), VTP, STP, or other network management protocols. To cross over the trunk, this type of control traffic does not require a VLAN tag.
Native VLANs ensure that some network traffic flows over the whole switched network even if trunking or trunking fails.
4. Native VLANs are also useful when dealing with voice-over IP (VoIP).ith voice-over IP (VoIP).
コメント