The Native VLAN is a trunk concept. The main purpose is not to discard unmarked frames. The receiving switch forwards all received unlabeled packets to the Native VLAN instead of discarding them. The default is VLAN1.
There can be multiple VLANs in the trunk of 801.Q. Each VLAN is prefixed with a header that describes the VLAN number, but a VLAN, without a header, is not encapsulated. is the native VLAN. The switch uses VLAN tags to mark the data when it is sent to which vlan,802.1q allows a unmarked VLAN, where no marking on this segement, the switch to the end of the reading data is not read 802.1Q mark is considered to be native Vlan
Simply put, the native Vlan is 802. 1Q protocol encapsulation of a special VLAN, from the VLAN traffic in the trunk interface through the tag, the default VLAN1 for the native Vlan.
and VLAN1 for the switch default VLAN, generally does not carry the user data also does not carry the management traffic, only carries the control information: like CDP,DTP,BPDU,VTP,PAGP and so on. The Native VLAN is for the relay interface object, not the trunk interface, not the Native VLAN. Generally in the trunk interface is a tagged packet, then if there is no tagged data, this is used to the native VLAN, these do not label the data hit the native VLAN tag into the switch, Cisco Management VLAN and native VLAN default is VLAN 1. For a trunk port to receive a data frame without VLAN tags, 802.1Q will be native VLAN tag forward to native vlan[default to VLAN1 can be modified, if the modification to ensure that all switches in the network are consistent, and ISL discarded.
802.1QTRUNK the VLAN1 forward data frames will not be hit with VLAN tags will be forwarded directly. If the two communication switches are configured with an inconsistent native VLAN, they will report a mismatch error, a VLAN-enabled switch, and interconnect a VLAN-less switch. The data is exchanged through the native LAN. The trunk link on both ends of the native VLAN does not match, and the port at one end is blocked and no traffic is forwarded. In the IP telephony system, the telephone can be directly labeled on the data, but the general PC is not, many cases, telephones and PCs are using the same network cable, this time, this interface is set to trunk mode, the telephone with a tagged data transmission, PC can not play, The switch transmits the native VLAN tag to the data by the implied switchport trunk native VLAN 1 when it receives the data that is not tagged. VLAN is also a security risk, hackers use VLAN hopping through the VLAN. Eliminate this kind of security hidden danger method: 1. Kill the native VLAN, do not let this VLAN data on the trunk link run
2. Do not assign native VLAN to ordinary users
3. Force native VLAN to play tag when passing trunk. Command VLAN dot1q Tag native
To put it simply,----a VLAN that is equivalent to a tag label
1. If the packet entering the port does not take the VLAN, it is passed directly; if the packet with native VLAN enters the port, the native VLAN is stripped and allowed to pass;
2. If the packet out of the port does not carry the VLAN, it is passed directly; if the packet with native VLAN is out of the port, the native VLAN is stripped and allowed to pass
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.