Native Vlan - pruning
So the last few hours I have been reading about the native VLAN on Cisco Switches and have found allot of contradicting \ misinformed opinions on the internet.
I'm sure that I had read control protocol information was untaggedBest Practices for Catalyst 4500/4000, 5500/5000, and 6500/6000 Series Switches Running CatOS Configuration and Management - Cisco Systems tells me differently.
So I guess it would make sense to prune both the native vlan and Vlan 1. Since pruning (switchport trunk allowed) won't affect the control protocol information.
PVST+ Explained also tells me when useing PVST STP the switch sends the BPDU both tagged and un tagged.
This link https://learningnetwork.cisco.com/thread/7582 also had what seemed good information.
Could you please confirm that I have read is correct?Also does the native vlan have to exist in the VTP Domain? I think not
I think the biggest mistake I made was assuming all control information was untagged
Or from a different sourse this is what I belive
STP and DTP frames have no relation to VLAN, so are always transmited over Native VLAN unless using pvst+ PVST+ Explained CDP/VTP/PAgP/UDLD are always transmited over VLAN 1, if Native VLAN is 1 then will be transmited in untagged form, if VLAN 1 is tagged (Native VLAN is other VLAN then 1), protocols will be tagged with 1. Best Practices for Catalyst 4500/4000, 5500/5000, and 6500/6000 Series Switches Running CatOS Configuration and Management - Cisco Systems tells us that even if the VLAN is pruned the traffic for these protocols will still flow.
Comments
-
wave
Member Posts: 342
I went down a bit of a rabbit hole while researching and thinking about this...
You should read Marko's Blog about VLAN 1: Old CCIE Myths: VLAN 1
He concludes that:
"First of all, there is really nothing special about VLAN 1. The whole myth relies on “special and magical” abilities of VLAN 1. There are none. VLAN 1 is simply VLAN just like any other. However, when using 802.1q, control traffic (VTP, CDP, STP) is sent untagged. Untagged frames are also called “native”."
To back this up, Keith Barker (CCIE) posted a packet capture here: https://learningnetwork.cisco.com/thread/29175 showing NO tag on a CDP frame.
I have no explanation for Cisco stating this in the Best Practice Guide you linked "CDP, VTP, and PAgP updates are always forwarded on trunks with a VLAN 1 tag."
ROUTE Passed 1 May 2012
SWITCH Passed 25 September 2012
TSHOOT Passed 23 October 2012
Taking CCNA Security in April 2013 then studying for the CISSP -
wave
Member Posts: 342
Keith also says:
"Standard BPDUs are always sent untagged.PVST+ BPDUs for the native vlan are sent untaggedCDP is sent untagged PVST+ BPDUs for all other vlans are tagged for the respective non-native VLAN they belong to."
https://learningnetwork.cisco.com/thread/29175
ROUTE Passed 1 May 2012
SWITCH Passed 25 September 2012
TSHOOT Passed 23 October 2012
Taking CCNA Security in April 2013 then studying for the CISSP -
wave
Member Posts: 342
Hmm, then there's the response to Marko's post: Fragmentation Needed: Revisiting the VLAN 1 Myth - Again!
ROUTE Passed 1 May 2012
SWITCH Passed 25 September 2012
TSHOOT Passed 23 October 2012
Taking CCNA Security in April 2013 then studying for the CISSP -
mattau
Member Posts: 218
I enjoyed all those posts from those guys. It is pretty confusing though_____________________________________
CCNP ROUTE - passed 20/3/12
CCNP SWITCH - passed 25/10/12
CCNP TSHOOT - passed 11/12/12 -
instant000
Member Posts: 1,745
Good stuff, good stuff.Currently Working: CCIE R&S
LinkedIn: http://www.linkedin.com/in/lewislampkin (Please connect: Just say you're from TechExams.Net!)