Thanks Rene,
I figured out that I have a misunderstanding between the native VLAN and the default VLAN.
so it is better to ask, what is the difference between them?
The default VLAN is always enabled on switches and itâs used for some management protocols like spanning-tree. By default, this is VLAN 1.
The native VLAN is the VLAN that it sent untagged on trunk interfaces. By default this is also VLAN 1 but you change it to another VLAN if you want.
1 Like
Many thanks Rene
Iâm so sorry, but I followed to here from links: CCIE R&S->Unit2 Swithing->How to CHANGE native vlan
So I can see some stuff â802.1Q Native VLAN on Cisco IOS Switchâ, about native vlans in the general worlds.
Of course, itâs good materials for Item "Switching for dummy " but CCIE R&S⌠Why ???
Hi Aladdin,
For the CCIE R&S section thereâs two things I could do:
- Include everything that is on the CCIE blueprint, from the most simple topics to the most advanced stuff
- Include only the âdifficultâ topics.
I decided to go for option 1, even if itâs simple then it will take only a few minutes to review (or skip) it.
Rene
1 Like
Rene
Iâve lucked into some 3750 series switches and using them as set of learning tools. . Some of the above commands donât appear to be available in these 3750âs switches. Would should I be concerned about this info?
John M
Hi John,
What IOS version are you using? Itâs probably an older version that is lacking some of the commands. Try one of the latest IP services images like this one:
c3750-ipservicesk9-mz.122-55.SE10.bin
Rene
Hi Rene,
I have two questions:
- management protocols like cdp/vtp/dtp are sending on the trunk by native vlan.if the native will be tagged after implementing the "vlan dot1q tag native" i will see then the cdp frame tagged on wireshark?
- Port VLAN ID (PVID) inconsistency" can be made result of native VLAN mismatch?
Hi Sahar,
CDP is a strange protocol when it comes to VLANs. When you configure the native VLAN to be tagged then CDP will show up as being tagged. When you change the native VLAN to another VLAN number, CDP will remain in VLAN 1.
The port VLAN inconsistency error can occur because of a native VLAN mismatch yes. Basically what it means is that your switch has received a PVST BPDU on the wrong VLAN. Make sure your trunk settings are 100% the same on both switches.
Rene
1 Like
Ty very much!
Another questionâŚ
According to your answerâŚif i block vlan 1 on the trunk both sides.i wont see cdp neighbors?
Hi Sahar,
Normally that would make sense yes but CDP is a strange animal. Even if you remove VLAN 1 from your trunk, CDP will be sent between your switches. It doesnât really follow the normal rules 
Rene
1 Like
Hi Rene,
I keep hearing and reading about Native vlan for over many years so far but till now and honestly speaking Im not able to understand one thing. What is the benefit or the reason for being Native Vlan in the first place ? I read your lesson about Vlan Hopping which is really good with no doubt but still I need to know what is Native Vlan used for in the first place. In plain English , what is the job of Native Vlan ? thx
Ahmad,
A Native VLAN is the vlan that is used should a trunk port receive an frame with no explicit VLAN tag. I will give you an example of how I used Native VLANs in the real world:
For many of my locations, users have a single network connection to their desk. They use both a VOIP phone (not Cisco 
), and a PC. Both of these devices use the single network connection. The connection goes to the VOIP phone, and the computer plugs into another port on the phone. The VOIP traffic is on a separate VLAN than the PC data traffic.
To get this to work, we have to configure each port as a Trunk and allow both the VOIP VLAN and the PC Data vlan on the switch port. We configure the switch so that the native VLAN is the PC Data and the tagged VLAN is the VOIP. The reason for this is because the VOIP phone can read and understand 802.1Q tags, while a PC has no idea what that isâin fact the extra information in the 802.1Q tag makes the PC believe the frame is mal-formed and it will discard it! By configuring the Native vlan as the PC Data vlan, this means the PC gets an untagged frame, so it knows what to do with it. At the same time, the PC is on the correct VLAN.
Does that make sense?
11 Likes
Dear Rene,
Thanks for your very nice article.I think,I have find the right one and thats you . One small questions , By default, Default & Native Vlan 1 on a SW. Switch do use Native Vlan for some mangement Protocol Frame like CDP/VTP/DTP/PAgP/UDLD .So, Is there any use of Default vlan like Native ??? Many Thanks
br//
zaman
I wish I have such great answer 10 years ago ! Thank you for the hard work.
1 Like
Mohammad,
I think you are asking whether Cisco has any management dependencies on VLAN 1? In other words, is it okay to disable, or filter out VLAN 1? The answer to this is it is okay to do this. In fact, for security purposes, most people avoid using VLAN 1 entirely. By pruning VLAN 1 from trunks, you will not break any needed Cisco protocols.
2 Likes
Hi Rene,
How can you capture the frames passing through the trunk by using Wireshark?
As far as I know, the capturing tool Wireshark is supposed to be installed in a server.
Could you show me the topology diagram for the capturing?
Thanks,
Whijoon Yim,
19 posts were merged into an existing topic: 802.1Q Native VLAN on Cisco IOS Switch
Whijoon,
Yes you can. One thing to remember is that you donât necessarily need wireshark in order to capture the data. You need wireshark to interpret it (although it can capture it as well). Cisco has the ability to capture the data for you, then all you have to do is export the data and read it with Wireshark on any computer you want.
I recommend you check out the Embedded Packet Capture lesson for more details âŚ