Vlan Native Command
Blossom Stemmer
The switchport trunk native vlan command specifies the native (untagged) VLAN for a Layer 2 interface operating in trunk mode on a Cisco IOS device. This command only takes effect for interfaces that are operating in trunk mode.
A Layer 2 interface operating in trunk mode can carry traffic belonging to multiple VLANs. In order to specify the VLAN to which a particular frame belongs to, the ethernet header is modified and tagged with a VLAN ID tag. The format of the tag is specified the 802.1Q specification.
On any trunk interface, one VLAN can be configured to carry untagged traffic. This VLAN is referred to as the native VLAN for the trunk interface. This implies that traffic belonging to the native VLAN does not include an 802.1Q tag specifying the VLAN ID. (Traffic belonging to the native VLAN is sent as untagged ethernet frames across a trunk link.)
Untagged traffic received on a trunk interface can only be mapped to a single VLAN - hence, only one VLAN can be specified as the native VLAN for a trunk interface. By default, the native VLAN for a trunk interface on a Cisco IOS device is the default VLAN on Cisco IOS devices - VLAN 1. The default behaviour can be changed by using the command switchport trunk native vlan.
Let's take a look at an example. If we wanted to configure interface GigabitEthernet 0/1 to operate in trunk mode and set VLAN 100 as the native (untagged) VLAN, we would enter configuration commands as follows:
In the following example the native VLAN for interface gi0/1 is first set to VLAN 100 and then reset back to the default value (VLAN 1). (When set to default, the running-config omits the line switchport trunk native vlan.)
As you remember from the previous lesson, trunk ports send and receive Ethernet frames tagged with IEEE 802.1q VLAN tags. The primary idea behind this is to be able to transport frames from multiple VLANs over a single physical link between switches. This means that both ends of a trunk will always receive tagged frames as shown in Figure 1.
But is it always? What if there is a hub in the way or any other layer 1 device? What will happen if an untagged frame somehow gets into the trunk link? Native VLAN has been introduced to solve this specific scenario.
Native VLAN is configured per trunk port, it is locally significant and it tells the switch - "if you receive an untagged data into this port, forward it like it is part of the native VLAN number". For example, if we configure the native VLAN on a trunk to be 20, if data without IEEE 802.1q header comes in that port, it will be forwarded in VLAN 20. You can see an example of this in Figure 2. PC7 is somehow connected to the trunk and is sending untagged frames. When they are received on both sides of the link, they are forwarded into the VLAN 20 (the Native VLAN).
There is another very important angle to this concept. The switches are not only putting the received untagged data into the native VLAN, but they are also sending the data in the Native VLAN untagged. Look at the example in Figure 3, the frames from VLAN 10 are carried across the trunk with 802.1q headers, but the frames from VLAN20 are carried across untagged because VLAN20 is the Native VLAN of the trunk port. All control plane messages such as CDP, VTP, and DTP are also sent through the Native VLAN i.e untagged.
You can see that by default, VLAN 1 is configured as Native. Let's change it to be another value. This is done using the switchport trunk native vlan command in interface configuration mode. Always have in mind that this configuration is locally significant and has to be manually configured to match on both sides of the trunk link otherwise a faulty sate occurs.
Interface Trunk configuration is locally significant. This means that the Trunk settings on one switchport do not have to exactly match the settings on the other side of the link. Therefore, you can configure native VLAN 10 on one side and VLAN 20 on the other side of a single trunk link. This causes a dangerous faulty state called Native VLAN mismatch. Cisco proprietary protocol CDP can detect this misconfiguration and report with error messages as shown below. Please note that, if CDP is disabled on the link, there is no way for the switch to automatically detect this.
By default on Cisco switches, frames from all VLANs are transported over the trunk link. However, there is a way to specify exactly which VLAN numbers are allowed to be carried across. There are many cases in which you would want to specify only certain VLANs and not send frames from all VLANs. If we take figure 4 as an example, the switch on the left has four VLANs 10,20,30 and 40 but the switch on the right has VLANs 10, 20, 50, and 60. So you would probably want to send only traffic for 10 and 20 over the trunk link. This can be configured using the switchport trunk allowed vlan feature. Let's configure the link in Figure 4 to carry across only frames from vlan 10 and 20.
Using this feature is very common in scenarios where a switch owned by one organization is connected to another external switch. Usually, there is an agreement to exchange data in one VLAN so you would want to filter all other VLANs out.
Hi, What is the need for native VLAN configuration per trunk line? It is more simple to imagine that all legacy devices not supporting VLAN will be on a single native VLAN configured in the switch. Then all trunk lines of the switch will forward packets without VLAN headers to the single native VLAN of the switch.
Trunks are commonly used between switches and other network devices such as a router, another switch, or a server. A network technician must be very familiar with configuring a trunk and ensuring it works properly.
A VLAN trunk is an OSI Layer 2 link between two switches that carries traffic for all VLANs (unless the allowed VLAN list is restricted manually or dynamically). To enable trunk links, configure the ports on either end of the physical link with parallel sets of commands.
To configure a switch port on one end of a trunk link, use the switchport mode trunk command. With this command, the interface changes to permanent trunking mode. The port enters into a Dynamic Trunking Protocol (DTP) negotiation to convert the link into a trunk link even if the interface connecting to it does not agree to the change. DTP is described in the next topic. In this course, the switchport mode trunk command is the only method implemented for trunk configuration.
The Cisco IOS command syntax to specify a native VLAN (other than VLAN 1) is shown in Table 3-6. In the example, VLAN 99 is configured as the native VLAN using the switchport trunk native vlan 99 command.
Look at the configuration of port F0/1 on switch S1 as a trunk port. The native VLAN is changed to VLAN 99 and the allowed VLAN list is restricted to 10, 20, and 30. If the native VLAN is not allowed on the trunk link, the trunk will not allow any data traffic for the native VLAN.
This configuration assumes the use of Cisco Catalyst 2960 switches, which automatically use 802.1Q encapsulation on trunk links. Other switches may require manual configuration of the encapsulation. Always configure both ends of a trunk link with the same native VLAN. If 802.1Q trunk configuration is not the same on both ends, Cisco IOS Software reports errors.
The following output shows the commands used to reset all trunking characteristics of a trunking interface to the default settings. The show interfaces f0/1 switchport command reveals that the trunk has been reconfigured to a default state.
The following sample output shows the commands used to remove the trunk feature from the F0/1 switch port on switch S1. The show interfaces f0/1 switchport command reveals that the F0/1 interface is now in static access mode.
The following output displays the configuration of switch port F0/1 on switch S1. The configuration is verified with the show interfaces interface-ID switchport command.
The top highlighted area shows that port F0/1 has its administrative mode set to trunk. The port is in trunking mode. The next highlighted area verifies that the native VLAN is VLAN 99. Further down in the output, the bottom highlighted area shows that all VLANs are enabled on the trunk.
Go to the online curriculum and select the second graphic to use the Syntax Checker to configure a trunk supporting all VLANs on interface F0/1, with native VLAN 99. Verify the trunk configuration with the show interfaces f0/1 switchport command.
VLAN trunks are required to pass VLAN information between switches. A port on a switch is either an access port or a trunk port. Access ports carry traffic from a specific VLAN assigned to the port. A trunk port by default is a member of all VLANs; therefore, it carries traffic for all VLANs. This activity focuses on creating trunk ports and assigning them to a native VLAN other than the default.
Pearson Education, Inc., 221 River Street, Hoboken, New Jersey 07030, (Pearson) presents this site to provide information about Cisco Press products and services that can be purchased through this site.
This privacy notice provides an overview of our commitment to privacy and describes how we collect, protect, use and share personal information collected through this site. Please note that other Pearson websites and online products and services have their own separate privacy policies.
For inquiries and questions, we collect the inquiry or question, together with name, contact details (email address, phone number and mailing address) and any other additional information voluntarily submitted to us through a Contact Us form or an email. We use this information to address the inquiry and respond to the question.
64591212e2