Native Vlan - pruning

grechy

So the last few hours I have been reading about the native VLAN on Cisco Switches and have found allot of contradicting \ misinformed opinions on the internet.

First of all Clause 9 of the 1998 802.1Q standard defines

Frames belonging to the native VLAN do NOT carry VLAN tags when sent over the trunk. Conversely, if an untagged frame is received on a trunk port, the frame is associated with the Native VLAN for this port.

I'm sure that I had read control protocol information was untaggedBest Practices for Catalyst 4500/4000, 5500/5000, and 6500/6000 Series Switches Running CatOS Configuration and Management - Cisco Systems tells me differently.
So I guess it would make sense to prune both the native vlan and Vlan 1. Since pruning (switchport trunk allowed) won't affect the control protocol information.
PVST+ Explained also tells me when useing PVST STP the switch sends the BPDU both tagged and un tagged.
This link https://learningnetwork.cisco.com/thread/7582 also had what seemed good information.
Could you please confirm that I have read is correct?Also does the native vlan have to exist in the VTP Domain? I think not
I think the biggest mistake I made was assuming all control information was untagged

Or from a different sourse this is what I belive
STP and DTP frames have no relation to VLAN, so are always transmited over Native VLAN unless using pvst+ PVST+ Explained CDP/VTP/PAgP/UDLD are always transmited over VLAN 1, if Native VLAN is 1 then will be transmited in untagged form, if VLAN 1 is tagged (Native VLAN is other VLAN then 1), protocols will be tagged with 1. Best Practices for Catalyst 4500/4000, 5500/5000, and 6500/6000 Series Switches Running CatOS Configuration and Management - Cisco Systems tells us that even if the VLAN is pruned the traffic for these protocols will still flow.

wave

I went down a bit of a rabbit hole while researching and thinking about this...

You should read Marko's Blog about VLAN 1: Old CCIE Myths: VLAN 1

He concludes that:

"

First of all, there is really nothing special about VLAN 1. The whole myth relies on “special and magical” abilities of VLAN 1. There are none. VLAN 1 is simply VLAN just like any other. However, when using 802.1q, control traffic (VTP, CDP, STP) is sent untagged. Untagged frames are also called “native”."

To back this up, Keith Barker (CCIE) posted a packet capture here: https://learningnetwork.cisco.com/thread/29175 showing NO tag on a CDP frame.

I have no explanation for Cisco stating this in the Best Practice Guide you linked "CDP, VTP, and PAgP updates are always forwarded on trunks with a VLAN 1 tag."

wave

Keith also says:
"

Standard BPDUs are always sent untagged.PVST+ BPDUs for the native vlan are sent untaggedCDP is sent untagged PVST+ BPDUs for all other vlans are tagged for the respective non-native VLAN they belong to."

https://learningnetwork.cisco.com/thread/29175

wave

Hmm, then there's the response to Marko's post: Fragmentation Needed: Revisiting the VLAN 1 Myth - Again!

mattau

I enjoyed all those posts from those guys. It is pretty confusing though

instant000

Good stuff, good stuff.