CISCO - NATIVE VLAN CONFIGURATION:

This Topic Describes NATIVE VLANS And Their Impact On The Network Design. In Cisco LAN Switch Environments The Native VLAN Is Typically Untagged On 802.1Q Trunk Ports.


The Native VLAN Is Defined As The VLAN A Port Will Return To When Not Trucking, And Is The Untagged VLAN On An 802.1Q Trunk. The First Thing That We Must Remember Is That The Native VLAN Is Not A Global Thing. We Don't Define A Native VLAN On A Switch As A Whole; It Is Defined Only On A Trunk Port.

A Native VLAN Is The Untagged VLAN On An 802.1q Trunked Switchport. The Native VLAN And Management VLAN Could Be The Same, But It Is Better Security Practice That They Aren't. Basically If A Switch Receives Untagged Frames On A Trunkport, They Are Assumed To Be Part Of The VLAN That Are Designated On The Switchport As The Native VLAN. Frames Egressing A Switchport On The Native VLAN Are Not Tagged.

VIRTUAL LAN (VLAN):

Technology, Which Is Defined Under The IEEE 802.1q Specifications, Has Allowed Enterprise To Extend The Reach Of Their Corporate Networks Across The WAN. VLANS Enable A LAN To Be Partitioned Based On Functional Requirements While Maintaining Connectivity Across All Devices On The Network. VLAN Groups Network Devices And Enables Them To Behave As If They Are In One Single Network. One Level Of Data Security Is Ensured By Keeping The Data Exchanged Between Devices Of A Particular VLAN Within The Same Network. Typically, There Are Two Types Of VLANS: PORT-BASED and MAC ADDRESS-BASED.

---

NATIVE VLAN

---

UNDERSTANDING NATIVE VLANS :

An 802.1q Trunk And Its Associated Trunk Ports Have A NATIVE VLAN Value. 802.1Q Does Not TAG FRAMES For The NATIVE VLAN. Therefore, Ordinary Stations Can Read The Native Untagged Frames But Cannot Read Any Other Frame Because The Frames Are Tagged.

By Default, On Cisco Switches, VLAN 1 Is The Native VLAN. It Is Usually Recommended To Change This Default Value For Security Reasons.

NOTE :The Management VLAN And The Native VLAN Are Two Completely Separate Topics. However, The Default Management VLAN And The Default Native VLAN Both Happen To Be VLAN 1 By Default.


Every Port Belongs To At Least One VLAN. If A Switch Receives Untagged Frames On A Trunk port, They Are Assumed To Be Part Of The NATIVE VLAN. By Default, VLAN 1 Is The Default And NATIVE VLAN But This Can Be Changed On A Per Port Basis By Configuration.

The Native VLAN When Trunking With 802.1q Is That Both Ends Of The Trunk Link Need To Agree On The Native VLAN. The Native VLAN Is Nothing Else Than A Default VLAN Given That Any Port In A (CISCO) Switch Has To Assigned To One VLAN. By Default All Ports (Access Links) Belong To VLAN 1 Or Native VLAN.

Cisco Used To Have A Proprietary Protocol Called ISL Or Inter Switch Link That Was Used For Trunking As Opposed To The 802.1q Standard. This Protocol Tagged All Frames As They Went Across Trunk Ports.

Cisco Switches Support Two Different Trunking Protocols, INTER-SWITCH LINK (ISL) And IEEE 802.1q. Cisco Created ISL Before The IEEE Standardized Trunking Protocol.

Because ISL Is Cisco Proprietary, It Can Be Used Only Between Two Cisco Switches -> 802.1q Is Usually Used In Practical.

In 802.1q Encapsulation, There Is A Concept Called Native VLAN That Was Created For Backward Compatibility With Old Devices That Don’t Support VLANS. Native VLAN Works As Follows:

Frame Belonging To The Native VLAN Is Not Tagged When Sent Out On The Trunk Links

Frame Received Untagged On The Trunk Link Is Set To The Native VLAN.

---

NATIVE VLAN ID

---

NATIVE VLAN ID :

What Is Native VLAN ID Which Ports Belong To Which VLANS, This Identification Is Called The Native VLAN ID, Also Known As The PVID (PORT VLAN Identifier).

The Network Administrator Specifies Which Ports Belong To Which VLANS. This Identification Is Called The Native VLAN ID, Also Known As The PVID (PORT VLAN Identifier). Switch Ports Can Also Be Configured To Be Members Of VLANS Other Than What Is Configured As Their Native VLAN

Switch Ports Can Also Be Configured To Be Members Of VLANS Other .Than What Is Configured As Their Native VLAN ID.A Packet Is Only Associated With One VLAN ID. At The Packet Level, VLAN Identification Is Achieved By The Switch Tagging, Or Inserting, The VLAN ID Into The Packet Header.

---

VLAN TAGGING

---

VLAN TAGGING:

IEEE 802.1Q, Or VLAN Tagging, Is A Networking Standard Written By The IEEE 802.1 Workgroup Allowing Multiple Bridged Networks To Transparently Share The Same Physical Network Link Without Leakage Of Information Between Networks. IEEE 802.1Q Along With Its Shortened Form Dot1q Is Commonly Used To Refer To The Encapsulation Protocol Used To Implement This Mechanism Over Ethernet Networks.

IEEE 802.1Q, Or VLAN Tagging, Is A Networking Standard Written By The IEEE 802.1 Workgroup. It Allows Multiple-Bridged Networks To Transparently Share The Same Physical Network Link Without Leakage Of Information Between Networks. IEEE 802.1Q — Along With Its Shortened Form Dot1q — Is Commonly Used To Refer To The Encapsulation Protocol Used To Implement This Mechanism Over Ethernet Networks.

IEEE 802.1Q Defines The Meaning Of A VLAN With Respect To The Specific Conceptual Model Underpinning Bridging At The MAC Layer And To The IEEE 802.1D Spanning Tree Protocol. This Protocol Allows For Individual VLANS To Communicate With One Another.


When You Want Traffic From Multiple VLANS To Be Able To Travelers A Link That Interconnects Two Switches, You Need To Configure A VLAN Tagging Method On The Ports That Supply The Link.

Although There Are A Number Of Tagging Methods In Use For Different Technologies, That Are Known As Inter Switch Link (ISL) And 802.1q.

ISL Is A Cisco Proprietary VLAN Tagging Methods, While 802.1q Is A Open Standard. When Interconnecting Two Cisco Switches, ISL Is Usually The Best Choice, But If You Need To Interconnect Switches Of Different Types, Then You'll Need To Use IETF.

ISL Is Referred To As A VLAN Tagging Method. Essentially, What ISL Does Is Tag A Frame As It Leaves A Switch With Information About The VLAN That The Frame Belongs To.

One VLAN Tagging Is Configured On The Ports Associated With The Link Connecting Switches, The Link Is Known As A "Trunk Link". A Trunk Link Is Capable Of Transferring Frames From Many Different VLANS Through The Use Of Technologies Like ISL Or 802.1q. A Trunk Link Is Illustrated In The Graphic Below.


VLAN Tagging Is Only Necessary, However, When VLANS Span Multiple Switches; Packets Moving Between Switches Are Tagged So That The Next Switch Inline Knows The Destination VLAN Of The Packet. VLAN TAGGING, Also Known As Frame Tagging, Is A Method Developed By Cisco To Help Identify Packets Travelling Through Trunk Links. When An Ethernet Frame Traverses A Trunk Link, A Special VLAN Tag Is Added To The Frame And Sent Across The Trunk Link. As It Arrives At The End Of The Trunk Link The Tag Is Removed And The Frame Is Sent To The Correct Access Link Port According To The Switch's Table, So That The Receiving End Is Unaware Of Any VLAN Information’s.

---

VLAN TAGGED AND UNTAGGED

---

TAGGED VLANS CAN BE CALLED :

• Tagged VLANs
• Voice VLANs
• Auxiliary VLANs (old terminology)

UNTAGGED VLANS CAN BE CALLED :

• Untagged VLANs
• Access VLANs
• Native VLANs

“Native VLAN” And “Access VLAN” Both Refer To “UNTAGGED VLANS”, They Cannot Be Used Interchangeably.

“TAGGED” AND “UNTAGGED” To Describe The Traffic, Rather Than A Port, Allow You To Specify Which VLANS Are Allowed Out That Port, And Whether The Traffic Should Be Forwarded With Or Without Tags For Each VLAN. Normally, If A Port Connects To Another Switch, All Traffic Would Be Tagged And Many VLANS Would Be Permitted On That Link. If The Port Connects To A PC, Traffic For Only A Single VLAN Is Forwarded, And Is Forwarded Untagged.

In The Cisco World, Links To Other Switches Are Known As “TRUNK” Ports And Links To End Devices Like PCs Are Known As “ACCESS” Ports.

On A Port, Which Is An Access Port, The Untagged VLAN Is Called The Access VLAN On A Port, Which Is A Trunk Port; The Untagged VLAN Is Called The Native VLAN.

Traffic Entering A Switch Also Arrives Either “TAGGED” OR “UNTAGGED”. Tagged Traffic Has A VLAN ID Embedded In The Tag, So The Switch Knows Which VLAN The Frame Belongs To.

But Untagged Traffic Arriving On A Switch Port Also Has To Be Associated With A VLAN, And Each Port Has To Have A VLAN ID Associated With It To Act As The Classifier For Untagged Traffic. Cisco Has Chosen Two Different Ways To Define This VLAN Association.

On “Access” Ports, Untagged Traffic Is Associated With The “Access VLAN”.

On “Trunk” Ports, Untagged Traffic Is Associated With The “Native VLAN”.

---

TRUNKING

---

TRUNKING :

The VLAN TRUNKING PROTOCOL (VTP) Is The Protocol That Switches Use To Communicate Among Themselves About VLAN Configuration.

• VLANS Are Local To Each Switch's Database, And VLAN Information Is Not Passed Between Switches.

• Trunk Links Provide VLAN Identification For Frames Traveling Between Switches.

• Cisco Switches Have Two Ethernet Trunking Mechanisms: ISL And IEEE 802.1Q. • Certain Types Of Switches Can Negotiate Trunk Links.

• Trunks Carry Traffic From All VLANS To And From The Switch By Default But Can Be Configured To Carry Only Specified VLAN Traffic.

• Trunk Links Must Be Configured To Allow Trunking On Each End Of The Link.

ENABLING TRUNKING

Trunk Links Are Required To Pass VLAN Information Between Switches. A Port On A Cisco Switch Is Either An Access Port Or A Trunk Port. Access Ports Belong To A Single VLAN And Do Not Provide Any Identifying Marks On The Frames That Are Passed Between Switches. Access Ports Also Carry Traffic That Comes From Only The VLAN Assigned To The Port.

A Trunk Port Is By Default A Member Of All The VLANS That Exist On The Switch And Carry Traffic For All Those VLANS Between The Switches. To Distinguish Between The Traffic Flows, A Trunk Port Must Mark The Frames With Special Tags As They Pass Between The Switches. Trunking Is A Function That Must Be Enabled On Both Sides Of A Link. If Two Switches Are Connected Together,

For Example, Both Switch Ports Must Be Configured For Trunking, And They Must Both Be Configured With The Same Tagging Mechanism (ISL Or 802.1Q).

NOTE: A “Native VLAN Mismatch” Error Will Appear By CDP If There Is A Native VLAN Mismatch On An 802.1Q Link. “VLAN Mismatch” Can Cause Traffic From One VLAN To Leak Into Another VLAN.

Native VLAN Is The VLAN That You Configure On The Catalyst Interface Before You Configure The Trunking On That Interface. By Default, All Interfaces Are In VLAN 1. Therefore, VLAN 1 Is The Native VLAN That You Can Change. On An 802.1Q Trunk, All VLAN Packets Except The Native VLAN Are Tagged. You Must Configure The Native VLAN In The Same Way On Each Side Of The Trunk.

Then, The Router Or Switch Can Recognize To Which VLAN A Frame Belongs When The Router Or Switch Receives A Frame With No Tag.

TRUNKING MODE CAB BE:

They Will Also Send DTP Signals That Attempt To Initiate A Trunk With The Other Side. This Will Form A Trunk With Other Ports In The States On, Auto, Or Desirable That Are Running DTP. A Port That Is In On Mode Always Tags Frames Sent Out The Port.

WHEN CHOOSING A TRUNK LINK IS THE ENCAPSULATION METHOD :

For Layer 2 IOS Switches, Such As The 2900XL Or The 3500XL, The Default Encapsulation Method Is ISL. You Can Change From The Default With The Switchport Trunk Encapsulation Command. For COS Switches Or Integrated IOS Switches, The Default Encapsulation Is Negotiate.

This Method Signals Between The Trunked Ports To Choose An Encapsulation Method. (ISL Is Preferred Over 802.1Q). The Negotiate Option Is Valid For Auto Or Desirable Trunking Modes Only. If You Choose On As The Mode Or If You Want To Force A Particular Method Or If The Other Side Of The Trunk Cannot Negotiate The Trunking Type,

NOTE : Not All Switches Allow You To Negotiate A Trunk Encapsulation Setting. The 2900XL And 3500XL Trunks Default To ISL And You Must Use The Switchport Trunk Encapsulation Command To Change The Encapsulation Type. The 2950 And Some 4000 Switches Support Only 802.1Q Trunking And Provide No Options For Changing The Trunk Type.

For Switches Running 802.1Q As The Trunking Mechanism, The Native VLAN Of Each Port On The Trunk Must Match. By Default All COS Ports Are In VLAN 1; And The Native VLAN On The IOS Devices Is Also Configured For VLAN 1, So The Native VLAN Does Match. If You Choose To Change The Native VLAN, Use The Set VLAN Command For COS Switches Or The Switchport Trunk Native VLAN Command For IOS Switches To Specify The Native VLAN.

Remember That The Native VLAN Must Match On Both Sides Of The Trunk Link For 802.1Q; Otherwise The Link Will Not Work. If There Is A Native VLAN Mismatch, Spanning Tree Protocol (STP) Places The Port In A Port VLAN ID (PVID) Inconsistent State And Will Not Forward On The Link. If Native VLAN Mismatch, You Will See CDP Error Messages On The Console Output.

IEEE 802.1Q Encapsulation Process Involves Follows:

• Enabling The Protocol On The Router
• Enabling The Protocol On The Interface
• Defining The Encapsulation Format As IEEE 802.1Q
• Customizing The Protocol To Meet The Requirements For Your Environment

To Route IP Over IEEE 802.1Q Between VLANS, You Need To Customize The Subinterface To Create The Environment In Which It Will Be Used. Perform These Tasks In The Order In Which They Appear:

• Enabling IP Routing
• Defining The VLAN Encapsulation Format
• Assigning An IP Address To A Network Interface

The IEEE 802.1Q Protocol Is Used To Interconnect Multiple Switches And Routers And To Define VLAN Topologies.

To Define The Encapsulation Format As IEEE 802.1Q, Use The Following Commands In Interface Configuration Mode.

Step 1:

Interface Fastethernet Slot/Port.Subinterface-Number - > Specify The Subinterface On Which IEEE 802.1Q Will Be Used.

Step 2:

Encapsulation Dot1q VLANID - > Define The Encapsulation Format As IEEE 802.1Q And Specifies The VLAN Identifier.

If The Router Supports Only Port Numbers, And Not Slot Numbers, The Format For This Command Is Interface Fastethernet Port.Subinterface-Number.

An Interface Can Have One Primary IP Address. To Assign A Primary IP Address And A Network Mask To A Network Interface, Use The Following Command In Interface Configuration Mode.

Ip Address Ip-Address Mask - > Set A Primary IP Address For An Interface.

This Configuration Example Shows IP Being Routed On VLAN 101:
IP Routing
Interface Fastethernet 0/0.101
Encapsulation Dot1q 101
Ip Addr 10.0.0.11 255.0.0.0

VLAN COMMANDS:

Clear Vlan Statistics - > Removes Virtual LAN Statistics From Any Statically Configured Or System-Configured Entries.

Debug Vlan Packets - > Displays General Information On Virtual LAN (VLAN) Packets That The Router Has Received But That It Is Not Configured To Support.

Encapsulation Dot1q - > Enables IEEE 802.1Q Encapsulation Of Traffic On A Specified Subinterface In Virtual Lans In Subinterface Configuration Mode.

Show Vlans - > Displays VLAN Subinterfaces.

INTERVLAN ROUTING AND 802.1Q TRUNKING :

Trunking Is A Way To Carry Traffic From Several VLANS Over A Point-To-Point Link Between The Two Devices. Ethernet Trunking Can Be Implemented By Using 802.1Q. In Our Example We Will Create A Trunk That Carries Traffic From Two VLANS (VLAN1 And VLAN2) Across A Single Link Between A Catalyst 3500 And A Cisco 2600 Router. We Are Using The Cisco 2600 Router To Do The Inter-VLAN Routing Between VLAN1 And VLAN2.

Layer 2 Switches Are Not Capable Of Routing Or Communicating Between The VLANS.THEREFORE, The 10/100 Fast Ethernet Interface On The Router (Fastethernet 0/0) Will Support A VLAN, But The 10/100 Fast Ethernet Interface On The FESMIC Switch (Fastethernet 0/0) Will Not Support A VLAN.

---

NATIVE VLAN CONFIGURATION

---

NATIVE VLAN CONFIGURATION :

The Native VLAN Cannot Be Configured On A Sub Interface Of The Trunk Interface. Furthermore, The Native VLAN Must Be Configured With The Same Value At Both Ends Of The Link Or Traffic Can Be Lost Or Sent To The Wrong VLAN.

Dot1q Native VLAN - > To Assign The NATIVE VLAN ID Of A Physical Interface Trunking 802.1q VLAN Traffic, Use The Dot1q

NATIVE VLAN Command In Interface Configuration Mode. To Remove The VLAN ID Assignment, Use The No Form Of This Command.

#Dot1q Native Vlan Vlan-Id

#No Dot1q Native Vlan Vlan-Id

#Show VLAN Interface - > To Display Summary Information About VLAN Subinterfaces, Use The Show VLAN Interface Command In Exec Mode.

#Show VLAN Trunks Brief - > Is Sample Output From The Show VLAN Trunks Brief Command, Which Displays A Short Summary Of Information About All VLAN Trunk Interfaces On The Router:

NOTE : The Concept Of A Trunk Port Is That Once A Port Is Designated As A Trunk Port, It Will Forward And Receive Tagged Frames.

Frames Belonging To The Native VLAN Do NOT Carry VLAN TAGS When Sent Over The Trunk. Conversely, If An Untagged Frame Is Received On A Trunk Port, The Frame Is Associated With The Native VLAN For This Port.

---

CONFIGURATION EXAMPLES FOR NATIVE VLAN

---

EXAMPLE – 1:

Switch Ports Have Two Modes:

Access Mode

And Trunk Mode. The Native VLAN Is A Concept Only In Trunk Mode And Only With 802.1q Trunks.There Can Only Be One Native VLAN Per Trunk Port.

In Access Mode, The The Default VLAN IS VLAN 1.

In Trunk Mode, The Default Native VLAN Also Happens To Be VLAN 1.

NOTE: The Default Native VLAN And Default Access VLAN Are Not Connected Other Than They Both Just Happen To Be The First VLAN.

You Can Actually Set A Switchport To Have One Access VLAN And A Different Native VLAN. Both Commands Exist On The Interface In The Configuration.

The Switchport Will Be Either A Trunk Or Access Port From An Operational Standpoint. So One Of The Commands Is Ignored Based On The Mode.

SO HERE ARE A COUPLE OF EXAMPLES :

Router(Config)#Interface Fa0/1
Router(Config-if)#Switchport Access Vlan 15
Router(Config-if)#Switchport Trunk Native Vlan 25

In The Above Configuration, If The Interface Does Not Negotiate Trunk, All Traffic Is Part Of VLAN 15 And Is Untagged.

IN THIS CASE, THE SWITCHPORT WOULD BE IN VLAN 15 AS LONG AS ITS OPERATIONAL MODE IS ACCESS.

If It Negotiates Trunk, All Untagged Traffic Is Associated With VLAN 25.

Router(Config)#Interface Fa0/1
Router(Config-if)#Switchport Access Vlan 15
Router(Config-if)#Switchport Trunk Native Vlan 25
Router(Config-if)#Switchport Mode Trunk

In The Above Configuration, Untagged Traffic Is Associated With VLAN 25. Since This Is A Trunk, This Port Is Sort Of In All VLANS Or Capable Of Carrying All VLANS.

The "Switchport Access VLAN 15" Command Is Ignored By The Switch.

Router(Config)#Interface Fa0/1
Router(Config-if)#Switchport Access Vlan 15
Router(Config-if)#Switchport Trunk Native Vlan 25
Router(Config-if)#Switchport Mode Access

In This Configuration, All Traffic Should Be Associated With VLAN 15 And Should Be Untagged. In This Case, The Port Would Be In VLAN 15 And The Operational Mode Is Hard Coded To Access. The "Switchport Trunk Native VLAN 25" Command Is Ignored.

---

EXAMPLE - 2

---

EXAMPLE – 2:

The Native VLAN Should Be Identical On Both Ends Of The Link Or Else The Trunk Port For The VLANS That Are Used On The Endpoints (The NATIVE VLANS) Of The Trunk Will Go Into Spanning-Tree Blocking State.

In The Following Case Both Switches (SW1 And SW2) Are Configured With VLAN 100 And They Are Both In The Same VTP Domain Called “TST”, These Switches Are Running "C3560-Advipservicesk9-Mz.122-25.SEE2.Bin" With Different Native VLANS:

SW1’S CONFIGURATION :

SW1#Sh run int f0/19 | b interface

interface FastEthernet0/19
switchport trunk encapsulation dot1q
switchport mode trunk

TO VERIFY :

SW1#Show interface trunk

Port Mode Encapsulation Status Native vlan

Fa0/19 on 802.1q trunking 1

Port Vlans allowed on trunk

Fa0/19 1-4094

Port Vlans allowed and active in management domain



Fa0/19 1,100



Port Vlans in spanning tree forwarding state and not pruned

Fa0/19 none

SW2’S CONFIGURATION :

SW2#Sh run int f0/19 | B interface

interface FastEthernet0/19

switchport trunk encapsulation dot1q

switchport trunk native vlan 100

switchport mode trunk

TO VERIFY :

SW2#Show interface trunk

Port Mode Encapsulation Status Native vlan

Fa0/19 on 802.1q trunking 100

Port Vlans allowed on trunk

Fa0/19 1-4094

Port Vlans allowed and active in management domain

Fa0/19 1,100

Port Vlans in spanning tree forwarding state and not pruned

Fa0/19 none

You can see that the Native VLANs do not match, and the trunk seems to be up with no problems, but check the output of the following show commands:

ON SW2:

SW2#Show spanning-tree blockedports

Name Blocked Interfaces List

-------------------- ------------------------------------

VLAN0001 Fa0/19

VLAN0100 Fa0/19

Number of blocked ports (segments) in the system : 2

ON SW1:

SW1#Show spanning-tree blockedports

Name Blocked Interfaces List

-------------------- ------------------------------------

VLAN0001 Fa0/19

VLAN0100 Fa0/19

Number of blocked ports (segments) in the system : 2

---

EXAMPLE - 3

---

EXAMPLE – 3:

CONFIGURE TRUNKING AND THE NATIVE VLAN FOR THE TRUNKING PORTS ON ALL THREE SWITCHES.

Trunks Are Connections Between The Switches That Allow The Switches To Exchange Information For All VLANS. By Default, A Trunk Port Belongs To All VLANS, As Opposed To An Access Port, Which Can Only Belong To A Single VLAN. If The Switch Supports Both ISL And 802.1Q VLAN Encapsulation, The Trunks Must Specify Which Method Is Being Used. Because The 2960 Switch Only Supports 802.1Q Trunking.

A Native VLAN Is Assigned To An 802.1Q Trunk Port. In The Topology, The Native VLAN Is VLAN 18. An 802.1Q Trunk Port Supports Traffic Coming From Many VLANS (Tagged Traffic) As Well As Traffic That Does Not Come From A VLAN (Untagged Traffic).

The 802.1Q Trunk Port Places Untagged Traffic On The Native VLAN. Untagged Traffic Is Generated By A Computer Attached To A Switch Port That Is Configured With The Native VLAN. One Of The IEEE 802.1Q Specifications For NATIVE VLANS Is To Maintain Backward Compatibility With Untagged Traffic Common To Legacy LAN Scenarios. For The Purposes Of This Lab, A Native VLAN Serves As A Common Identifier On Opposing Ends Of A Trunk Link. It Is A Best Practice To Use A VLAN Other Than VLAN 1 As The Native VLAN.

USE THE INTERFACE RANGE COMMANDS IN GLOBAL CONFIGURATION MODE TO SIMPLIFY CONFIGURING TRUNKING. 1st Switch :

Switch1(Config)#Interface Range Fa0/1-5
Switch1(Config-If-Range)#Switchport Mode Trunk
Switch1(Config-If-Range)#Switchport Trunk Native Vlan 18
Switch1(Config-If-Range)#No Shutdown
Switch1(Config-If-Range)#End

2nd Switch :

Switch2(Config)# Interface Range Fa0/1-5
Switch2(Config-If-Range)#Switchport Mode Trunk
Switch2(Config-If-Range)#Switchport Trunk Native Vlan 18
Switch2(Config-If-Range)#No Shutdown
Switch2(Config-If-Range)#End

3rd Switch :

Switch3(Config)# Interface Range Fa0/1-5
Switch3(Config-If-Range)#Switchport Mode Trunk
Switch3(Config-If-Range)#Switchport Trunk Native Vlan 18
Switch3(Config-If-Range)#No Shutdown
Switch3(Config-If-Range)#End

Verify That The Trunks Have Been Configured With The Show Interface Trunk Command.

Switch1#Show Interface Trunk

---

LAB FOR NATIVE VLAN

---

LAB CONFIGURATION:

This Document Provides Sample 802.1Q Trunking Configurations Between A Catalyst 3512-XL Switch And A Cisco 2600 Router.

The VLANS Can Communicate With Each Other Via The Trunking Connection Between The Switch And Using The Router.

For 802.1Q Trunking, One VLAN Is Not Tagged. This VLAN Is Called Native VLAN. The Native VLAN Is Used For Untagged Traffic When The Port Is In 802.1Q Trunking Mode. While Configuring 802.1Q Trunking, Keep In Mind That The Native VLAN Must Be Configured The Same On Each Side Of The Trunk Link. It Is A Common Mistake Not To Match The NATIVE VLANS While Configuring 802.1Q Trunking Between The Router And The Switch.

In This Sample Configuration, The Native VLAN Is VLAN1 By Default On Both The Cisco 2621 Router And The Catalyst 3512XL Switch.

And Also, Make Sure That You Are Using The Cisco IOS Version That Supports ISL/802.1Q VLAN Trunking.

SWITCH CONFIGURATION

---

For More About - > NATIVE VLAN Configure Example - 1

For More About - > NATIVE VLAN Configure Example - 2

---

SUMMARY / DEFINITION

---

IEEE 802.1Q :

IEEE 802.1Q Is The Networking Standard That Supports VIRTUAL LANS (VLANS) On An Ethernet Network. The Standard Defines A System Of VLAN Tagging For Ethernet Frames And The Accompanying Procedures To Be Used By Bridges And Switches In Handling Such Frames. The Standard Also Contains Provisions For A Quality Of Service Prioritization Scheme Commonly Known As IEEE 802.1p And Defines The Generic Attribute Registration Protocol.

Portions Of The Network Which Are VLAN-Aware (I.E., IEEE 802.1Q Conformant) Can Include VLAN Tags. Traffic On A VLAN-Unaware (I.E., IEEE 802.1D Conformant) Portion Of The Network Will Not Contain VLAN Tags. When A Frame Enters The VLAN-Aware Portion Of The Network, A Tag Is Added To Represent The VLAN Membership Of The Frame's Port Or The Port/Protocol Combination, Depending On Whether Port-Based Or Port-And-Protocol-Based VLAN Classification Is Being Used. Each Frame Must Be Distinguishable As Being Within Exactly One VLAN. A Frame In The VLAN-Aware Portion Of The Network That Does Not Contain A VLAN Tag Is Assumed To Be Flowing On The Native (Or Default) VLAN.

The Standard Was Developed By IEEE 802.1, A Working Group Of The IEEE 802 Standards Committee And Continues To Be Actively Revised With Notable Revisions Including IEEE 802.1ak, IEEE 802.1Qat And IEEE 802.1Qay.

WHAT IS VLAN (VIRTUAL LOCAL AREA NETWORK)?

VLAN, Otherwise Known As Virtual LAN, Is A Type Of Local Area Network Innovation That Enables Administrators To Break Up Physical Connectivity From Logical Network Connectivity. In Contrast, Conventional LAN Is Much More Limited When Compared To VLAN Because The Former Is Constrained By Physical Connectivity Alone.

Moreover, VLAN Is Composed Of An Assembly Of Gadgets Linked On One Or More LANS That Are Arranged So That They Could Connect To Each Other As Though They Were Attached To The Same Wire Despite The Fact That They Are Placed On A Number Of Various LAN Sections.

Definition Of Virtual Local Area Network Commonly Known As VLAN Group Of Hosts(Ports) On The Switch With A Common Set Of Requirements Group Of Hosts Communicate As If They Were Attached To The Same Wire

IEEE 802.1Q Defines The Meaning Of A VLAN With Respect To The Specific Conceptual Model Underpinning Bridging At The MAC Layer And To The IEEE 802.1D Spanning Tree Protocol. This Protocol Allows For Individual VLANS To Communicate With One Another Using A Switch With Layer-3 Capabilities, Or Simply A Router.

VLAN CATEGORIES :

ATM VLAN : This LAN Type Utilizes The LAN Emulation (LANE) Protocol For The Sake Of Ethernet Packet Mapping Into ATM Cells. It Also Delivers The Packets To Their Ultimate Destination Via The ATM Address Conversion Of An Ethernet MAC Address.

Protocol-Based VLAN: IP Traffic Is Filtered By This VLAN Category Using A Specific Protocol Such As IPX From Neighboring End-Stations By Configuring A Switch With A Compendium Of Mapping Layer-3 Protocol Types To VLAN Membership.

Protocol Based VLANS Traffic Is Forwarded Through Ports Based On Protocol Traffic From Any Other Protocol Is Not Forwarded On The Port.

MAC-Based VLAN : Individual MAC Addresses Are Mapped Into VLAN Membership Via Configuring A Switch With An Access List That Handles The Whole Procedure.

MAC Address Driven VLANs User Assigned Based On MAC Addresses Offers Flexibility For Example:Since MAC Addresses Form A Part Of The Workstation's Network Interface Card, When A Workstation Is Moved, No Reconfiguration Is Needed To Allow The Workstation To Remain In The Same VLAN Impacts Performance, Scability, And Administration

Port-Based VLAN : This VLAN Type Is Responsible For The Configuration Of Each And Every Physical Switch Port Via An Access List That Identifies Membership In A Collection Of VLANS.

VLAN OPERATIONS:

VLAN Operations VLAN Has A Switched Network That Is Logically Segmented Each Switch Port Can Be Assigned To A VLAN Ports Assigned To The Same VLAN Share Broadcasts. Ports That Do Not Belong To That VLAN Do Not Share These Broadcasts This Improves Network Performance Because Unnecessary Broadcasts Are Reduced

HOW DOES IT WORK?

How Does It Work? Bridge Receives Data From A Workstation, It Tags The Data With A VLAN Identifier (This Is Called Explicit Tagging) In Implicit Tagging The Data Is Not Tagged, VLAN Determine The Port On Which The Data Arrived Tagging Can Be Based On The Port From Which It Came The Source Media Access Control (MAC) Field The Source Network Address Or Some Other Field Or Combination Of Fields

HOW DOES IT WORK?

How Does It Work? (Cont’d) VLANS Are Classified Based On The Method Used The Bridge Would Have To Keep An Updated Database Containing A Mapping Between VLANs’ And Fields Used For Tagging To Understand How VLAN's Work, There Is Need To Look At The Types Of VLAN.

BENEFITS OF VLAN:

Benefits Increased Performance Decreased Costs Virtual Workgroups Security.

WHAT ARE THE POSSIBLE ATTACKS IN A VLAN-BASED NETWORK?

What Are The Possible Attacks In A VLAN-Based Network? MAC Flooding Attack 802.1Q And ISL Tagging Attack Double-Encapsulated 802.1Q / Nested VLAN Attack.

PRIVATE VLAN:

Private VLAN Contains Switch Ports That Are Restricted Each Private VLAN Typically Contains Many Private Ports, And A Single Uplink A Typical Application For A Private VLAN Is A Hotel Or Ethernet To The Home Network Where Each Room Or Apartment Has A Port For Internet Access.

CISCO VLAN TRUNKING PROTOCOL (VTP) :

Cisco VLAN Trunking Protocol (VTP) VTP Maintains VLAN Configuration Consistency Across The Entire Network. VTP Minimizes The Possible Configuration Inconsistencies That Arise When Changes Are Made VTP Provides A Mapping Scheme That Enables Seamless Trunking Within A Network Employing Mixed-Media Technologies.

MESH ESTABLISHMENT:

Mesh Establishment There Are Two Methods For Full Mesh Establishment Using BGP Label Distribution Protocol (LDP).

TRUNKING :

Trunking Is Point To Point Link From A Switch To A Router Or A Switch. A Trunk Link Can Carry Traffic From Multiple VLANS Over A Single Link Allowing Vlans To Span Internetworks.

Cisco Supports IEEE 802.1Q Trunking On 100/1000 Ethernet

WHAT DOES TRUNKING SOLVE?

Without Trunking Switches & Routers Have To Be Interconnected With A Separate Link For Each VLAN. 4 Vlans Require 4 Links Connecting Switches S1 & S2 Leaving Fewer Ports For Devices. If S2 Was Connected To S1 It Would Be More Than 4 Ports.

802.1Q FRAME TAGGING :

Switches Use Ethernet Frames To Forward Packets. The Frame Has No Field For Vlan ID. 802.1q Adds A Tag To The Frame Identifying The VLAN. Before A Switch Sends A Frame Out A Trunk Port It Takes The Frame Apart & Inserts A VLAN Tag & Redoes The FCS.

Ethertype Field = 0×8100(Tag Protocol ID Or TPID Value)
With The Type 8100, The Switch Receiving The Frame Knows Tag Control Info Field.

THE TAG CONTROL INFO FIELD CONTAINS:

3 Bits Of User Priority
1 Bit Of Canonical Format Identifiers
12 Bits Vlan ID

NATIVE VLAN’S & 802.1Q TRUNKING :

Some Trunking Devices Tag Native Vlan Traffic
Control Traffic Sent On The Native Vlan Should Be Untagged
If A Dot1q Trunk Receives A Tagged Frame On The Native VLAN, It Drops It. So Config Non-Compliant Equipment!

When A Cisco Trunk Port Receives Untagged Frames It Forwards Them To The Native Vlan #1 By Default.

The Native VLAN = PORT VLAN ID (PVID E.G. 99)

TRUNKING MODES :

802.1q Trunking Replaced A Cisco Legacy Trunking Protocol
Called ISL Inter Switch Link

A 1.Q Trunk Port Supports Tagged/Untagged Traffic

All Untagged Traffic & Traffic Tagged With A Null VID Are Assumed To Belong To PVID

DYNAMIC TRUNKING PROTOCOL :

A Cisco Protocol Enabled On A Port When Certain Trunking Modes Are Configured DTP Manages Trunk Negotiation If The Port On The Other Switch Is Configured In A Trunk Mode That Supports DTP

Supports Both ISL & 1.Q
Switches Do Not Need DTP To Do Trunking

PROBLEMS WITH TRUNKS :

NATIVE VLAN Mismatches
TRUNK MODE Mismatches
ALLOWED VLANS On Trunks

†

---

CONCLUSION:

The Goal Of This Article Is To Give An Easy Way To Understand The “Cisco Native VLAN Configuration". Hope This Article Will Help Every Beginners Who Are Going To Start Cisco Lab Practice Without Any Doubts.

Some Topics That You Might Want To Pursue On Your Own That We Did Not Cover In This Article Are Listed Here, Thank You And Best Of Luck.

This Article Written Author By: Premakumar Thevathasan. CCNA, CCNP, CCIP, MCSE, MCSA, MCSA - MSG, CIW Security Analyst, CompTIA Certified A+.

DISCLAIMER:

This Document Carries No Explicit Or Implied Warranty. Nor Is There Any Guarantee That The Information Contained In This Document Is Accurate. Every Effort Has Been Made To Make All Articles As Complete And As Accurate As Possible.

It Is Offered In The Hopes Of Helping Others, But You Use It At Your Own Risk. The Author Will Not Be Liable For Any Special, Incidental, Consequential Or Indirect Any Damages Due To Loss Of Data Or Any Other Reason That Occur As A Result Of Using This Document. But No Warranty Or Fitness Is Implied. The Information Provided Is On An "As Is" Basic. All Use Is Completely At Your Own Risk.

For Home Page Of - > SCN InF4 TECH

To Send Email




Window Minimize OR Window Maximize