Jump to content


What is Native VlAN ?


  • Please log in to reply
18 replies to this topic

#1 Ayan Brahmachary

Ayan Brahmachary

    Newbie

  • Members
  • Pip
  • 6 posts

Posted 21 May 2009 - 02:08 AM

Can Any one tell me About Native VAN and How its useful in Real life Networking ? . Cisco Study materials do not illustrates this...

Edited by Ayan Brahmachary, 21 May 2009 - 02:10 AM.

  • 0

#2 InTraining

InTraining

    Member

  • Members
  • PipPip
  • 61 posts

Posted 21 May 2009 - 02:42 AM

The native VLAN is VLAN 1 when using 802.1Q. It is there by default and can not be removed or pruned. It is reccommended that all management traffic ie STP etc be used and nothing else. Cisco has alot of documentation regarding the native VLAN on dot1q.
  • 0

#3 ComputerDude

ComputerDude

    Advanced Member

  • Members
  • PipPipPip
  • 423 posts
  • Gender:Male
  • Location:USA
  • Interests:Networking

Posted 21 May 2009 - 03:33 AM

A native VLAN is what untagged packets traverse. It doesn't necessarily have to be VLAN 1, though by default it is. To change it you would issue the command: switchport trunk native vlan #

Remember to set it the same on both ends of a trunk otherwise you will get constant CDP error messages and the port will go into an inconsistent state
  • 0

#4 NW-kamikaze

NW-kamikaze

    Member

  • Members
  • PipPip
  • 80 posts

Posted 21 May 2009 - 08:46 AM

Ayan Brahmachary



Look at it this way.

Frame = chick
Tag = pants
Frame without tag = chick without pants



Now you can call Native Vlan as

NAKED VLAN laugh.gif


  • 0

#5 pappyaar

pappyaar

    Cisco Routing/EEM/TCL

  • Technical Experts
  • PipPipPipPip
  • 959 posts
  • Gender:Male

Posted 21 May 2009 - 06:29 PM

QUOTE (NW-kamikaze @ May 21 2009, 09:46 AM) <{POST_SNAPBACK}>
Ayan Brahmachary



Look at it this way.

Frame = chick
Tag = pants
Frame without tag = chick without pants



Now you can call Native Vlan as

NAKED VLAN laugh.gif


Dear NW, i usually dont comment on other posts but kindly explain in a more decent way, as we may have DECENT ppl around here (i am quite sure females are also part of this group and these sort of things doesnt look so good) This seems very awkward. Anyway its a request so dont be offensive about it :-)

Now regarding native vlan. I will try to explain it with an example that may seem a bit complex in start, but try to understand it. its a long post again ;-)

Suppose i have 1841 cisco router with NM-4ESW installed. It contains 4 switchports (layer2). Its just like adding a small 4 switch into a router and trust me it works that way ;-). Just plug two PCs in 2 of these 4 ports and make sure the ports are no shut, and you will see that without any configuration on router, PCs are able to talk to each other :-). Now i had to terminate two links on this router. Radio link and Fiber link. So stay with me

1st month Radio connectivity.
What i will simply do is i will plug the Radio ethernet cable (coming from its PoE or whatever) in any of my 4 ports. Assign that port to vlan 1, give interface vlan 1 the proper IP, and my link will be up. Its simple as that.

After two months, we needed a fiber connectivity to one of our sites. The fiber ISP, terminated the link, but since they were using the switched networks to connect clients, they told us they are seperating us using vlans in their environments.

We ask them

"Will you be sending us the tagged packets or untagged ? because if you are sending us the tagged packets then we need to create vlans on our side as well"

Their answer was

"Right now, since you just have a single connectivity, we CAN send you untagged packets. but if you plan to bring more sites on THIS SAME FIBER LINK, then you must create vlans on your side as well to segregate the communication from different sites e.g.
if vlan 218 comes in, that means site A
if vlan 480 comes in, that means site B and so on.

So we told them to tell us the vlan and they told us that your vlan in 216, but right now we will send it as untagged.

Now, see carefully, i will be receiving untagged packets from ISP, so which vlan they belong ? 216 right ? but if they are coming untagged to me why should i bother, i can assign them to any vlan i want, lets say vlan 2 (vlan1 is used for radio link remember) right ? but in any case i have to tell the router which vlan the untagged packets belong right ? if i dont tell the router, it will automatically assume that they belong to vlan 1, which is ALREADY IN USE. So i must change the native vlan to vlan 2, so that now any packet that comes through the fiber is understood to be belonging to vlan 2. Now i will

Make vlan 2
Make interface vlan 2
assign proper ip address at both ends,

And my connectivity will be established.

So bottom line, just remember these facts

TRUNK PORTS SEND AND RECEIVED TAGGED PACKETS ALWAYS. IF AN UNTAGGED PACKET IS RECEIVED THEY SHOULD IDEALLY DISCARD IT, HOWEVER DOT1Q ALLOWS YOU TO SEND UNTAGGED PACKETS ON A TRUNK LINK PROVIDED YOUR END DEVICES (ROUTERS/SWITCHES) KNOW WHICH VLAN THEY BELONG TO. UNTAGGED PACKET CAN BE ASSUMED AS A SPECIAL TAGGED PACKET WITHOUT ANY TAG ;-). THIS IS WHERE THE CONCEPT OF NATIVE VLAN COMES IN.

Where to use it ? you will know when you need it. Just remember the concept and the moment you need it you will know ;-)


  • 0

#6 heartbeat.shubh

heartbeat.shubh

    Member

  • Members
  • PipPip
  • 82 posts

Posted 21 May 2009 - 07:16 PM

Nice Explanation Pappyaar
  • 0

#7 NW-kamikaze

NW-kamikaze

    Member

  • Members
  • PipPip
  • 80 posts

Posted 21 May 2009 - 07:37 PM

Truly sorry, Pappyaar and everyone.

I should be more careful.

  • 0

#8 jkpatel

jkpatel

    Newbie

  • Members
  • Pip
  • 15 posts

Posted 21 May 2009 - 09:24 PM

QUOTE (pappyaar @ May 21 2009, 06:29 PM) <{POST_SNAPBACK}>
Dear NW, i usually dont comment on other posts but kindly explain in a more decent way, as we may have DECENT ppl around here (i am quite sure females are also part of this group and these sort of things doesnt look so good) This seems very awkward. Anyway its a request so dont be offensive about it :-)

Now regarding native vlan. I will try to explain it with an example that may seem a bit complex in start, but try to understand it. its a long post again ;-)

Suppose i have 1841 cisco router with NM-4ESW installed. It contains 4 switchports (layer2). Its just like adding a small 4 switch into a router and trust me it works that way ;-). Just plug two PCs in 2 of these 4 ports and make sure the ports are no shut, and you will see that without any configuration on router, PCs are able to talk to each other :-). Now i had to terminate two links on this router. Radio link and Fiber link. So stay with me

1st month Radio connectivity.
What i will simply do is i will plug the Radio ethernet cable (coming from its PoE or whatever) in any of my 4 ports. Assign that port to vlan 1, give interface vlan 1 the proper IP, and my link will be up. Its simple as that.

After two months, we needed a fiber connectivity to one of our sites. The fiber ISP, terminated the link, but since they were using the switched networks to connect clients, they told us they are seperating us using vlans in their environments.

We ask them

"Will you be sending us the tagged packets or untagged ? because if you are sending us the tagged packets then we need to create vlans on our side as well"

Their answer was

"Right now, since you just have a single connectivity, we CAN send you untagged packets. but if you plan to bring more sites on THIS SAME FIBER LINK, then you must create vlans on your side as well to segregate the communication from different sites e.g.
if vlan 218 comes in, that means site A
if vlan 480 comes in, that means site B and so on.

So we told them to tell us the vlan and they told us that your vlan in 216, but right now we will send it as untagged.

Now, see carefully, i will be receiving untagged packets from ISP, so which vlan they belong ? 216 right ? but if they are coming untagged to me why should i bother, i can assign them to any vlan i want, lets say vlan 2 (vlan1 is used for radio link remember) right ? but in any case i have to tell the router which vlan the untagged packets belong right ? if i dont tell the router, it will automatically assume that they belong to vlan 1, which is ALREADY IN USE. So i must change the native vlan to vlan 2, so that now any packet that comes through the fiber is understood to be belonging to vlan 2. Now i will

Make vlan 2
Make interface vlan 2
assign proper ip address at both ends,

And my connectivity will be established.

So bottom line, just remember these facts

TRUNK PORTS SEND AND RECEIVED TAGGED PACKETS ALWAYS. IF AN UNTAGGED PACKET IS RECEIVED THEY SHOULD IDEALLY DISCARD IT, HOWEVER DOT1Q ALLOWS YOU TO SEND UNTAGGED PACKETS ON A TRUNK LINK PROVIDED YOUR END DEVICES (ROUTERS/SWITCHES) KNOW WHICH VLAN THEY BELONG TO. UNTAGGED PACKET CAN BE ASSUMED AS A SPECIAL TAGGED PACKET WITHOUT ANY TAG ;-). THIS IS WHERE THE CONCEPT OF NATIVE VLAN COMES IN.

Where to use it ? you will know when you need it. Just remember the concept and the moment you need it you will know ;-)



very good explanation...
  • 0

#9 Ayan Brahmachary

Ayan Brahmachary

    Newbie

  • Members
  • Pip
  • 6 posts

Posted 22 May 2009 - 01:46 PM

QUOTE (pappyaar @ May 21 2009, 01:59 PM) <{POST_SNAPBACK}>
Dear NW, i usually dont comment on other posts but kindly explain in a more decent way, as we may have DECENT ppl around here (i am quite sure females are also part of this group and these sort of things doesnt look so good) This seems very awkward. Anyway its a request so dont be offensive about it :-)

Now regarding native vlan. I will try to explain it with an example that may seem a bit complex in start, but try to understand it. its a long post again ;-)

Suppose i have 1841 cisco router with NM-4ESW installed. It contains 4 switchports (layer2). Its just like adding a small 4 switch into a router and trust me it works that way ;-). Just plug two PCs in 2 of these 4 ports and make sure the ports are no shut, and you will see that without any configuration on router, PCs are able to talk to each other :-). Now i had to terminate two links on this router. Radio link and Fiber link. So stay with me

1st month Radio connectivity.
What i will simply do is i will plug the Radio ethernet cable (coming from its PoE or whatever) in any of my 4 ports. Assign that port to vlan 1, give interface vlan 1 the proper IP, and my link will be up. Its simple as that.

After two months, we needed a fiber connectivity to one of our sites. The fiber ISP, terminated the link, but since they were using the switched networks to connect clients, they told us they are seperating us using vlans in their environments.

We ask them

"Will you be sending us the tagged packets or untagged ? because if you are sending us the tagged packets then we need to create vlans on our side as well"

Their answer was

"Right now, since you just have a single connectivity, we CAN send you untagged packets. but if you plan to bring more sites on THIS SAME FIBER LINK, then you must create vlans on your side as well to segregate the communication from different sites e.g.
if vlan 218 comes in, that means site A
if vlan 480 comes in, that means site B and so on.

So we told them to tell us the vlan and they told us that your vlan in 216, but right now we will send it as untagged.

Now, see carefully, i will be receiving untagged packets from ISP, so which vlan they belong ? 216 right ? but if they are coming untagged to me why should i bother, i can assign them to any vlan i want, lets say vlan 2 (vlan1 is used for radio link remember) right ? but in any case i have to tell the router which vlan the untagged packets belong right ? if i dont tell the router, it will automatically assume that they belong to vlan 1, which is ALREADY IN USE. So i must change the native vlan to vlan 2, so that now any packet that comes through the fiber is understood to be belonging to vlan 2. Now i will

Make vlan 2
Make interface vlan 2
assign proper ip address at both ends,

And my connectivity will be established.

So bottom line, just remember these facts

TRUNK PORTS SEND AND RECEIVED TAGGED PACKETS ALWAYS. IF AN UNTAGGED PACKET IS RECEIVED THEY SHOULD IDEALLY DISCARD IT, HOWEVER DOT1Q ALLOWS YOU TO SEND UNTAGGED PACKETS ON A TRUNK LINK PROVIDED YOUR END DEVICES (ROUTERS/SWITCHES) KNOW WHICH VLAN THEY BELONG TO. UNTAGGED PACKET CAN BE ASSUMED AS A SPECIAL TAGGED PACKET WITHOUT ANY TAG ;-). THIS IS WHERE THE CONCEPT OF NATIVE VLAN COMES IN.

Where to use it ? you will know when you need it. Just remember the concept and the moment you need it you will know ;-)




Hi Pappyaar,

Thanks for your explanation..
  • 0

#10 jomajo

jomajo

    Newbie

  • Members
  • Pip
  • 18 posts

Posted 22 May 2011 - 04:53 AM

just let me know. ISP that VLAN 216 , marked as Native vlan? And when we created VLAN 2, we marked it as native too?
  • 0

#11 jomajo

jomajo

    Newbie

  • Members
  • Pip
  • 18 posts

Posted 23 May 2011 - 09:28 AM

jesus christ, someone? :rolleyes:
  • 0

#12 jomajo

jomajo

    Newbie

  • Members
  • Pip
  • 18 posts

Posted 25 May 2011 - 03:01 AM

jesus christ, someone? :rolleyes:



Should i call it ... ? :ph34r:
  • 0

#13 Mezilla

Mezilla

    Advanced Member

  • Members
  • PipPipPip
  • 434 posts

Posted 25 May 2011 - 12:16 PM

Just wondering why you are digging up a two year old post ?

A native vlan is the vlan that untagged packets traverse. It doesn't necessarily have to be VLAN 1, though by default it is. To change it you would issue the command: switchport trunk native vlan #
  • 0

#14 jomajo

jomajo

    Newbie

  • Members
  • Pip
  • 18 posts

Posted 25 May 2011 - 09:04 PM

Just wondering why you are digging up a two year old post ?

A native vlan is the vlan that untagged packets traverse. It doesn't necessarily have to be VLAN 1, though by default it is. To change it you would issue the command: switchport trunk native vlan #


I need answer, so I dont care how old are these post's . If there I can find people who know the answer and post it - I really appreciate it.

My question is, it's really matters WHAT NATIVE VLAN NUMBERS is on "one cable end" and on another? If ISP native VLAN Number will be 5, and my home router Native VLAN number is 6? (if my router and ISP router is directly connected).
  • 0

#15 chrcel

chrcel

    Cisco Voice and Apps Expert

  • Global Moderators
  • PipPipPipPipPip
  • 2121 posts
  • Gender:Male

Posted 25 May 2011 - 09:46 PM

My question is, it's really matters WHAT NATIVE VLAN NUMBERS is on "one cable end" and on another? If ISP native VLAN Number will be 5, and my home router Native VLAN number is 6? (if my router and ISP router is directly connected).

as long as the trunk between your switch and sp's switch has both vlans you will bridge them. as your switch will assume that ethernet frame without a tag is in vlan 6 and sp's switch will assume it is in vlan 5. most probably this will not work as the sp's switch will complain about native vlan mismatch.
  • 0

#16 jomajo

jomajo

    Newbie

  • Members
  • Pip
  • 18 posts

Posted 26 May 2011 - 08:18 AM

as long as the trunk between your switch and sp's switch has both vlans you will bridge them. as your switch will assume that ethernet frame without a tag is in vlan 6 and sp's switch will assume it is in vlan 5. most probably this will not work as the sp's switch will complain about native vlan mismatch.


thank you ,very much!
  • 0

#17 Lord Flasheart

Lord Flasheart

    All Rise For The Lord

  • Veterans
  • PipPipPipPipPip
  • 2848 posts
  • Gender:Male
  • Location:England

Posted 31 May 2011 - 05:23 AM

All the native VLAN is what a switch assumes untagged traffic belongs to. For example if my switchport, configured as a trunk, had a native VLAN of 5 then any untagged traffic that switchport received would be assumed to belong to VLAN 5 and be forwarded to any switchport that belonged to VLAN 5. It is highly recommended to change the VLAN ID of the native VLAN to something other than 1 and then not allow that VLAN on any other trunk ports or access ports and to change native VLAN on a trunk-by-trunk basis.

Consider a man-in-the-middle sending untagged frames on your trunk link. Your switch would assume that that traffic belonged to the native VLAN and be forwarded to any ports in that VLAN = potential disaster.

Just this last week I had an unnamed vendor configure their management VLAN as the native VLAN and we jumped all over them ;-)
  • 0

#18 chrcel

chrcel

    Cisco Voice and Apps Expert

  • Global Moderators
  • PipPipPipPipPip
  • 2121 posts
  • Gender:Male

Posted 31 May 2011 - 05:45 AM

LF,
interesting though about the native vlan changing. but it does not really scale. a small lan we are having has 2 aggregation switches and about 20 access switches. even in this setup we'd need 40 vlan just for vlans, and the management pain... I agree with the rest.
  • 0

#19 Lord Flasheart

Lord Flasheart

    All Rise For The Lord

  • Veterans
  • PipPipPipPipPip
  • 2848 posts
  • Gender:Male
  • Location:England

Posted 31 May 2011 - 06:32 PM

LF,
interesting though about the native vlan changing. but it does not really scale. a small lan we are having has 2 aggregation switches and about 20 access switches. even in this setup we'd need 40 vlan just for vlans, and the management pain... I agree with the rest.

Agreed - changing native VLAN on a per-trunk basis doesn't scale and to be honest I never implement it that way. Instead I ensure that the native VLAN is never assigned to an access port.
  • 0





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users