Categories
Welcome Center
Education & Development
Discussions
Certification Preparation
Recent Posts
Groups
Free Resources
Ebooks
Free Workshops
Trending Certifications Infographic
Infosec Training
IT & Security Training
Live Boot Camps
Security Awareness Training
About Infosec Institute
Home
Certification Preparation
Cisco
CCNP (Professional)
Native Vlan - pruning
grechy
So the last few hours I have been reading about the native VLAN on Cisco Switches and have found allot of contradicting \ misinformed opinions on the internet.
First of all Clause 9 of the 1998 802.1Q standard defines
Frames belonging to the native VLAN do NOT carry VLAN tags when sent over the trunk. Conversely, if an untagged frame is received on a trunk port, the frame is associated with the Native VLAN for this port.
I'm sure that I had read control protocol information was untagged
Best Practices for Catalyst 4500/4000, 5500/5000, and 6500/6000 Series Switches Running CatOS Configuration and Management - Cisco Systems
tells me differently.
So I guess it would make sense to prune both the native vlan and Vlan 1. Since pruning (switchport trunk allowed) won't affect the control protocol information.
PVST+ Explained
also tells me when useing PVST STP the switch sends the BPDU both tagged and un tagged.
This link
https://learningnetwork.cisco.com/thread/7582
also had what seemed good information.
Could you please confirm that I have read is correct?
Also does the native vlan have to exist in the VTP Domain? I think not
I think the biggest mistake I made was assuming all control information was untagged
Or from a different sourse this is what I belive
STP and DTP frames have no relation to VLAN, so are always transmited over Native VLAN unless using pvst+
PVST+ Explained
CDP/VTP/PAgP/UDLD are always transmited over VLAN 1, if Native VLAN is 1 then will be transmited in untagged form, if VLAN 1 is tagged (Native VLAN is other VLAN then 1), protocols will be tagged with 1.
Best Practices for Catalyst 4500/4000, 5500/5000, and 6500/6000 Series Switches Running CatOS Configuration and Management - Cisco Systems
tells us that even if the VLAN is pruned the traffic for these protocols will still flow.
Find more posts tagged with
Save $250 on 2025 certification boot camps from Infosec!
Book now with code EOY2025
Button
Comments
wave
I went down a bit of a rabbit hole while researching and thinking about this...
You should read Marko's Blog about VLAN 1:
Old CCIE Myths: VLAN 1
He concludes that:
"
First of all, there is really nothing special about VLAN 1. The whole myth relies on “special and magical” abilities of VLAN 1. There are none. VLAN 1 is simply VLAN just like any other.
However, when using 802.1q, control traffic (VTP, CDP, STP) is sent untagged
. Untagged frames are also called “native”."
To back this up, Keith Barker (CCIE) posted a packet capture here:
https://learningnetwork.cisco.com/thread/29175
showing NO tag on a CDP frame.
I have no explanation for Cisco stating this in the Best Practice Guide you linked "
CDP, VTP, and PAgP updates are always forwarded on trunks with a VLAN 1 tag."
wave
Keith also says:
"
Standard BPDUs are always sent untagged.
PVST+ BPDUs for the native vlan are sent untagged
CDP is sent untagged
PVST+ BPDUs for all other vlans are tagged for the respective non-native VLAN they belong to."
https://learningnetwork.cisco.com/thread/29175
wave
Hmm, then there's the response to Marko's post:
Fragmentation Needed: Revisiting the VLAN 1 Myth - Again!
mattau
I enjoyed all those posts from those guys. It is pretty confusing though
instant000
Good stuff, good stuff.
Quick Links
All Categories
Recent Posts
Activity
Unanswered
Groups
Best Of
INFOSEC Boot Camps
$250
OFF
Use code
EOY2025
to receive $250 off your 2025 certification boot camp!
BROWSE BOOT CAMPS
