What is a native VLAN?

IEEE802.1Q trunks provide native VLANs. A native VLAN is a VLAN to which no VLAN tag is added as an exception when Ethernet frames are forwarded over the trunk link. One native VLAN can be specified for each trunk port.

Ethernet frames in the native VLAN will be forwarded unchanged when they are forwarded over the trunk.

Recognition of VLANs in native VLANs

In order to realize the basic mechanism of VLANs, which is to forward Ethernet frames only between ports of the same VLAN, it is necessary to be able to recognize the VLANs to which Ethernet frames should be forwarded. Native VLANs cannot recognize VLANs by VLAN tags. Native VLANs recognize the VLANs to which Ethernet frames should be forwarded by matching the native VLAN configuration between opposing switches.

For example, in the following figure, the native VLAN is set to the same VLAN1 on the trunk port that connects SW1 and SW2. Therefore, when SW2 forwards a broadcast frame from host D on VLAN1, which is the native VLAN, to the trunk port, no tag is added to the frame.

Then, when SW1 receives a broadcast frame with no tag attached, it judges it as a frame on the native VLAN (VLAN1) and floods the frame to the port belonging to VLAN1.

Fig. Recognizing VLANs in a native VLAN
Fig. Recognizing VLANs in a native VLAN

If the native VLAN is mismatched…

One VLAN can be specified as the native VLAN for each trunk port. The VLAN number specified for the native VLAN must match the port on the opposite side on the trunk port. If the native VLAN does not match the port on the opposite side, Ethernet frames with unmatched native VLANs cannot be forwarded correctly between switches.

In the previous network diagram, consider the case where the native VLAN of the trunk port of SW1 is configured as VLAN2, and the native VLAN of the trunk port of SW2 is configured as VLAN1, resulting in mismatched configuration.

When a broadcast frame is sent from host D in VLAN 1, SW1 forwards the frame from the trunk port without adding a VLAN tag because its native VLAN is VLAN 1. SW2 recognizes the frame as a frame in VLAN 2, which is the native VLAN, because it does not have a VLAN tag, and forwards it to the port of host C port.

Even if a broadcast frame from host D in VLAN 1 reaches host C in VLAN 2, it will be discarded without any IP processing. If the native VLANs are mismatched, communication across the switches of VLAN1 and VLAN2, which are configured to be mismatched, will not be possible.

Fig. Example of Ethernet frame forwarding in the case of a native VLAN mismatch
Fig. Example of Ethernet frame forwarding in the case of a native VLAN mismatch

Cisco Native VLAN configuration

The native VLAN is VLAN1 by default. To change the native VLAN, configure it in interface configuration mode as follows

Native VLAN configuraiton

Switch(config-if)#switchport trunk native vlan <vlan-number>

<vlan-number> : VLAN ID you want to make the native VLAN.

To verify the native VLAN, the show interface trunk command is easy to understand.

Switch#show interfaces trunk

Port        Mode         Encapsulation  Status        Native vlan
Fa0/3       on           802.1q         trunking      1

Port      Vlans allowed on trunk
Fa0/3       1-4094

Port        Vlans allowed and active in management domain
Fa0/3       1-2

Port        Vlans in spanning tree forwarding state and not pruned
Fa0/3       1-2

VLAN(Virtual LAN)