Re: Native VLAN from John Lockie on 2010-05-18 (Ccielab archives 05/2010)

From: John Lockie <john.lockie_at_gmail.com>
Date: Tue, 18 May 2010 15:25:18 -0700

If vlan dot1q tag native is used and the interface goes from trunk to access
it will not break connectivity. I am laughing at myself that I needed to
verify this =P

That said, I would say the straight answer to your question on native VLAN
on a trunk is to never allow it. Use the tag native command, and in the
event the trunk fails to negotiate your access switchports will send
untagged native VLAN across the segment.

Spanning-Tree is an entirely different wrench to throw in here, so assuming
your interface is not blocking you should be fine. I frankly don9t
understand why someone would recommend native VLAN on a trunk without tag
security....and then I am even more confused why someone would recommend
this in order to make sure you have connectivity on native VLAN between
switches....

Care to link to this archive for me?

Cheers,
John

On 5/18/10 2:01 PM, "John Lockie" <john.lockie_at_gmail.com> wrote:

> Muzammil,
>
> My understanding is that we are not to run native VLAN on trunks unless
> absolutely required to. Or to explicitly tag the native VLAN using 3vlan
> dot1q tag native2 from global config as a security precaution against VLAN
> hopping. Check this out:
>
http://www.cisco.com/en/US/products/hw/switches/ps708/products_white_paper091
8
> 6a008013159f.shtml#wp39211
>
> This behavior can be tested in a lab pretty easily. In fact, I will do it
> myself now because you got me wondering about dynamic trunk negotiation and
> how the interface behaves when trunk negotiation fails and 3tag native2 is
> configured....will native network traffic still flow across the segment?
My
> pat answer is 3no2...so VLAN information is completely irrelevant (native
or
> not, the interfaces will be shut or flapping maybe). But I should verify
> before claiming...
>
> John
>
> On 5/18/10 1:44 PM, "Muzammil Malick" <malickmuz_at_gmail.com> wrote:
>
>> Hi guys
>>
>> So I know many people will have asked this already and i have read some
>> posts int he archive.
>> However I am still not clear.
>>
>> My understanding is that the native vlan is used over a trunk link to sent
>> traffic untagged.
>>
>> 1)Can somebody provide a practical example of why you would want to send
>> untagged traffic across the trunk.
>>
>> 2) I have also read in the archives that one of the reasons for using a
>> native vlan is to send management traffic
>> across a trunk, and if the trunk loses its trunk status the traffic will
>> continue to flow because it is untagged.
>> What does this statement mean when it says "the trunk loses its trunk
>> status?"
>>
>> Thanks in advance
>>
>>
>> Blogs and organic groups at http://www.ccie.net
>>
>> _______________________________________________________________________
>> Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html

Blogs and organic groups at http://www.ccie.net
Received on Tue May 18 2010 - 15:25:18 ART

This archive was generated by hypermail 2.2.0 : Tue Jun 01 2010 - 07:09:53 ART