The native VLAN (assuming 802.1Q) is a VLAN that is sent untagged by default. The default for Cisco switches is that all ports are in VLAN 1 and if trunking is used VLAN 1 will be sent untagged. VLAN 1 is also used for other things like DTP, VTP and CDP frames and also BPDU’s. Using VLAN 1 as a management VLAN is a bad idea – unless all access ports are removed from it of course.

A better idea is to create a vlan which is used as a dummy native VLAN. Set this vlan to native with swithport trunk native vlan x where x is the number you chose for the dummy native VLAN. Choose a different VLAN to use for your management traffic. The advantage of doing this is:

  • All VLANs will be tagged
  • No risk of leaking traffic from access ports to trunk ports unless configured to do so
  • Dedicated VLAN for management, separated from clients who will not be able to access it
  • Requires more thought which will lead to a better design than trusting defaults
Native VLAN – why you should change it
Tagged on:             

One thought on “Native VLAN – why you should change it

Leave a Reply

Your email address will not be published. Required fields are marked *

%d bloggers like this: