The native VLAN (assuming 802.1Q) is a VLAN that is sent untagged by default. The default for Cisco switches is that all ports are in VLAN 1 and if trunking is used VLAN 1 will be sent untagged. VLAN 1 is also used for other things like DTP, VTP and CDP frames and also BPDU’s. Using VLAN 1 as a management VLAN is a bad idea – unless all access ports are removed from it of course.
A better idea is to create a vlan which is used as a dummy native VLAN. Set this vlan to native with swithport trunk native vlan x where x is the number you chose for the dummy native VLAN. Choose a different VLAN to use for your management traffic. The advantage of doing this is:
- All VLANs will be tagged
- No risk of leaking traffic from access ports to trunk ports unless configured to do so
- Dedicated VLAN for management, separated from clients who will not be able to access it
- Requires more thought which will lead to a better design than trusting defaults
Native VLAN – why you should change it
very logical (y)
Perfect explanation without drowning in 10 pages of vendor background!