Categories
Welcome Center
Education & Development
Cyber Security
Virtualization
General
Certification Preparation
Project Management
Posts
Groups
Training Resources
Infosec
IT & Security Bootcamps
Practice Exams
Security Awareness Training
About Us
Home
Certification Preparation
Cisco
CCNP
Native Vlan - pruning
grechy
So the last few hours I have been reading about the native VLAN on Cisco Switches and have found allot of contradicting \ misinformed opinions on the internet.
First of all Clause 9 of the 1998 802.1Q standard defines
Frames belonging to the native VLAN do NOT carry VLAN tags when sent over the trunk. Conversely, if an untagged frame is received on a trunk port, the frame is associated with the Native VLAN for this port.
I'm sure that I had read control protocol information was untagged
Best Practices for Catalyst 4500/4000, 5500/5000, and 6500/6000 Series Switches Running CatOS Configuration and Management - Cisco Systems
tells me differently.
So I guess it would make sense to prune both the native vlan and Vlan 1. Since pruning (switchport trunk allowed) won't affect the control protocol information.
PVST+ Explained
also tells me when useing PVST STP the switch sends the BPDU both tagged and un tagged.
This link
https://learningnetwork.cisco.com/thread/7582
also had what seemed good information.
Could you please confirm that I have read is correct?
Also does the native vlan have to exist in the VTP Domain? I think not
I think the biggest mistake I made was assuming all control information was untagged
Or from a different sourse this is what I belive
STP and DTP frames have no relation to VLAN, so are always transmited over Native VLAN unless using pvst+
PVST+ Explained
CDP/VTP/PAgP/UDLD are always transmited over VLAN 1, if Native VLAN is 1 then will be transmited in untagged form, if VLAN 1 is tagged (Native VLAN is other VLAN then 1), protocols will be tagged with 1.
Best Practices for Catalyst 4500/4000, 5500/5000, and 6500/6000 Series Switches Running CatOS Configuration and Management - Cisco Systems
tells us that even if the VLAN is pruned the traffic for these protocols will still flow.
Find more posts tagged with
Comments
wave
I went down a bit of a rabbit hole while researching and thinking about this...
You should read Marko's Blog about VLAN 1:
Old CCIE Myths: VLAN 1
He concludes that:
"
First of all, there is really nothing special about VLAN 1. The whole myth relies on “special and magical” abilities of VLAN 1. There are none. VLAN 1 is simply VLAN just like any other.
However, when using 802.1q, control traffic (VTP, CDP, STP) is sent untagged
. Untagged frames are also called “native”."
To back this up, Keith Barker (CCIE) posted a packet capture here:
https://learningnetwork.cisco.com/thread/29175
showing NO tag on a CDP frame.
I have no explanation for Cisco stating this in the Best Practice Guide you linked "
CDP, VTP, and PAgP updates are always forwarded on trunks with a VLAN 1 tag."
wave
Keith also says:
"
Standard BPDUs are always sent untagged.
PVST+ BPDUs for the native vlan are sent untagged
CDP is sent untagged
PVST+ BPDUs for all other vlans are tagged for the respective non-native VLAN they belong to."
https://learningnetwork.cisco.com/thread/29175
wave
Hmm, then there's the response to Marko's post:
Fragmentation Needed: Revisiting the VLAN 1 Myth - Again!
mattau
I enjoyed all those posts from those guys. It is pretty confusing though
instant000
Good stuff, good stuff.
Quick Links
All Categories
Recent Posts
Activity
Unanswered
Groups
Best Of
