Updated July 28, 2023
Introduction to Native VLAN
The VLAN services developed with backward compatibility to support old devices that does not support VLANs is called native VLAN. Native VLAN does not carry a tag in the network so older devices easily understand when trunk links are sent. The switches can be configured using dot IQ concept that is 802.1Q tunneling frame. In order to configure native VLAN, switch port trunk native VLAN command is used. Native VLANs are recognized if they are not tagged to any trunks. It is not necessary to have native VLAN on the trunk.
How Native VLAN Works?
Let’s take an example and understand how it works. We can have a look at the below diagram. There are several PCs connected to switches and HUB. Switch1 and Switch2 are connected with each other. Also, the HUB is connected to various PC’s and also connected to switch2. We are connecting to a hub and we got the link between switch1 and switch2 which is a trunk link.
There is specific traffic coming to switch1 (let’s say 10), so before it sends to the trunk link it will add a tag (frame tagging processing). This is to ensure that switch2 should understand that this frame belongs to which VLAN. So that they can only forward out of the ports. But there are some cases where we may receive frames without any tag, especially if we are receiving it via HUB as they don’t understand the concept of tagging. Switch assumes that it belongs to native VLAN and by default, it will send it to native VLAN.
As we all know the switch has 2 types of ports one is trunk port and the other one is Access port. Since endpoints don’t understand the concept of VLAN, switch expects to receive untagged traffic on an access port while truck ports supposed to receive the tagged frames. So simply when untagged traffic is received by the access port, a switch will associate that traffic from that port with VLAN associated with that port. As for trunk port traffic must be the tagged one and switch use this VLAN information to decide which VLAN it will associate it.
If a switch receives any specific frame without tag is going to assume that it’s a native VLAN. Trunks carry only tagged frames and the purpose is to transfer data from the different VLANs. We can use the ping command to see the same. There is only one native VLAN per trunk and this must match on both the ends of the trunk which are responsible for all the traffic which is untagged.
The reason why the frames are tagged before they traverse the trunk is that when it goes to the other side of the trunk, the switch can read that tag and can determine which VLAN the frame belongs to. Accordingly, it can forward it to that particular VLAN. Always remember that all the untagged frames are carried by native VLAN and tagged one’s are carried by the TRUNK only. It is also known as untagged VLAN.
Importance of Native VLAN
Here are some of the importance which are explained below:
- It is genuine VLAN with its members and sends frames that are encapsulated or you can say it as tagged ones.
- It also takes care of frames that do not have an assigned VLAN membership and are therefore untagged.
- With this, a switch can forward any layer2 frame received on a trunk port, tagged or not, to an intended VLAN.
- Any un-encapsulated frames received on a trunk port are immediately dropped their itself.
- All the frames transmitted from the trunk port are encapsulated form.
- An attacker who attempts to use the VLAN hopping attack, it will ultimately end up in a dead VLAN which has no host to leverage.
- Each physical port has an identifier known as a port VLAN identifier (PVID).
- All the untagged frames are assigned or allocated to this PVID.
- It supports traffic coming from many VLANs which is tagged traffic as well as untagged traffic which is not coming from a single VLAN.
- It’s always good to use VLAN other than VLAN1 as the native VLAN.
Why we use it?
Here are some of the uses that are given below:
- It is used to support and carry untagged traffic on a trunk port.
- To separate traffic sent by the devices to the different PC’S.
- To reduce the workload.
- Eliminates the need for expensive routers.
- It provides more flexibility.
- If the native VLAN is configured wrongly for the trunk ports on the same trunk link, layer2 loops can occur.
- When it is configured to 802.1Q on a cisco switch, then it is possible to define a different native VLAN.
- We can access VLAN to an access port from that defined native VLAN which is for an operational trunk.
- Support only Dot1Q.
- All switch ports are by default assigned to a VLAN1.
- To ensure better security by keeping the host that works with sensitive data on separate VLAN.
Finally, we can conclude that the basic purpose of native VLAN is to serve it as a common identifier on opposing ends of a trunk link. To carry untagged traffic which is generated by a computer device attached to a switch port, which is configured with the native VLAN.
This is a guide to What is Native VLAN. Here we discuss the basic concept, how does it work, its importance and uses of native VLAN. You can also go through our other suggested articles to learn more –