what are dummy vlans for like this 4094 ?

[FONT=Courier New][SIZE=2][COLOR=#7ca653]s3(config)#int gi0/23
s3(config-if)#switchport trunk encapsulation dot1q
s3(config-if)#switchport trunk allowed vlan all
s3(config-if)#switchport mode trunk
s3(config-if)#switchport trunk native vlan 4094[/COLOR][/SIZE][/FONT]

the previous engineer did this on the trunk line that is connected to the
ASA 5510 which has only 1 connection to and has of course vlans that traverse it.
but what would you used this dummy vlan for?

Find more posts tagged with

Comments

SharkDiver

The CCNA Security material tells you to make the native VLAN the number of an unused VLAN so that all frames are tagged going across the Dot1Q trunk. This is to help avoid VLAN hopping,

So it could be for security reasons.

nel

yeah, ive seen places change it from the default for security in a bank i worked in.

itdaddy

what ccna security material did you read? haha I never read that unless i was sleeping

thanks very much...
interesting but sharkdriver yep that is what the description of it says all vlans are tagged it says.
thanks for the help

http://packetlife.net/blog/2010/feb/22/experimenting-vlan-hopping/

very cool article about the testing of this now I get it wow now I see thanks

Still, an engineer might wish to enable the vlan dot1q tag native feature on platforms which support it. This forces the tagging of all traffic traversing 802.1Q trunk links, including that belonging to the native VLAN. Note that it is important that this feature be enabled on both ends of a trunk.

just like you said sharkDriver you were dead on! wow thanks!

SharkDiver

itdaddy,

I read the Exam Cram book for the CCNA Security exam. They really only mentioned it one time on page 424, but for some reason it stuck with me.

I think either the Boson ExSim-Max or the Transcender practice exams had several questions about what to do to mitigate VLAN hopping, but I don't remember which.

cisco_trooper

Page 536 Implementing Cisco IOS Network Security (IINS): (CCNA Security exam 640-553) (Authorized Self-Study Guide) ISBN 1-58705-815-4