CCIE
Enterprise Infrastructure v1.1
Network Infrastructure
Switched Campus
VLAN Technologies
Native VLAN

Native VLAN

Personally I think this one gets the most confusing for whatever reason. In simple terms the native vlan is the VLAN without any 802.1q encapsulation/header. Meaning within the frame there is no 802.1Q header. Its a normal ethernet frame.

Configure the Native VLAN

So what the native vlan does is it designates what “VLAN” you want to use for any frames that don’t have an 802.1Q header. All switches at least when it comes to Cisco use VLAN 1 as the native VLAN. It’s “best practice” to change that on all switches that are trunking between each other to some other unused VLAN.

If not you will see messages in your logs about native vlan mismatch and might have additional issues with spanning-tree and CDP/LLDP warnings. So we still need the native vlan to communication between switches and underlying services like CDP, LLDP, DTP, and VTP.

You can set and configure the native vlan in a couple of ways:

  • Ensure that both ends of the trunk link under the interface have the native vlan configured, and they are the same VLAN.
    Switch(config-if)#switchport trunk native vlan ?
  <1-4094>  VLAN ID of the native VLAN when this port is in trunking mode
  • You can explicitly tag the native VLAN, which will prevent untagged frames from entering your switch. You would still need to set a native VLAN but its more of an opinion now since by default VLAN 1 would now be tagging.
    Switch(config)#vlan dot1q tag native

If all traffic is identified by VLAN tags that helps us in the security department. I would personally lean to tagging the native vlan by default. Remember if you did run vlan dot1q tag native then running the switchport trunk native vlan command within the interface, would then tag the native vlan, instead of it being untagged.

Last updated on
Manual VLAN PruningNormal Range And Extended Range VLANs