Growing a little tired of reading numerous useless posts about the native VLAN, I decided to do one that describes exactly what it is. The native VLAN has two main functions:
Tags incoming un-tagged traffic on trunk links with the native VLAN.
Un-tags outgoing traffic that has already been tagged with same VLAN that is being used for the native VLAN on the trunk.
Let me elaborate on this a little bit with aid of the diagram shown below.
Native VLAN
A normal design would use the same native VLAN both sides of the trunk. But to understand the native VLAN properly, Ive designed it this way instead. So going back to the bullet points above (specifically bullet point 2), when the switchport connecting to Host A has been configured to use the same access VLAN (vlan 50) that is being used as the native VLAN on the trunk, the data sent from Host A is un-tagged as it leaves Switch 1 towards switch 2. This leads us up to bullet point 1 (above), where switch2 now receives an un-tagged frame (i.e. a frame without a VLAN tag on it). Switch2 will always tag this, currently tag-less frame with the configured native VLAN on the trunk, in this case VLAN 60. So this actually leaks VLAN 50 into VLAN 60s broadcast domain.
Ill now configure this to demonstrate that it actually works. Below is the current configuration (notice Ive not configured the native VLAN yet).
s1#
interface FastEthernet0/23
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface FastEthernet0/20
switchport access vlan 50
s2#
interface FastEthernet0/23
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface FastEthernet0/20
switchport access vlan 60
Now to configure the native vlan.
s2(config)#int fa0/23
s2(config-if)#switchport trunk native vlan 60
####### now i quickly switched over to switch1 ########
s1(config)#int fa0/23
s1(config-if)#switchport trunk native vlan 50
s1(config-if)#
*Mar 1 00:53:14.851: %SPANTREE-2-RECV_PVID_ERR: Received BPDU with inconsistent peer vlan id 60 on FastEthernet0/23 VLAN50.
*Mar 1 00:53:14.851: %SPANTREE-2-BLOCK_PVID_LOCAL: Blocking FastEthernet0/23 on VLAN0050. Inconsistent local vlan.
s1(config)#
*Mar 1 00:53:44.119: %CDP-4-NATIVE_VLAN_MISMATCH: Native VLAN mismatch discovered on FastEthernet0/23 (50), with s2 FastEthernet0/23 (60).
s1(config-if)#end
So whats happened here is spanning-tree is not happy about the native VLAN mis-match weve just configured and ended up putting the port into the inconsistent state, as shown below.
s1#sh span int fa0/23
Vlan Role Sts Cost Prio.Nbr Type
——————- —- — ——— ——– ——————————–
VLAN0001 Desg FWD 19 128.25 P2p
VLAN0050 Desg BKN*19 128.25 P2p *PVID_Inc
What this means is that the port is in blocking state which, in spanning-tree, means BPDUs can be sent/received but mac addresses cannot be learned (i.e. the data-plane will not work). So by default a native VLAN mis-match causes spanning-tree to block the port. So if we disable spanning-tree for vlan 50 and 60, we should find that the port will become useable in the data plane and allow host A (192.168.1.1) to ping host B (192.168.4.1) even though they are on different subnets/broadcast domains and dont have a gateway configured.
S1(config)#no spanning-tree vlan 50
S2(config)#no spanning-tree vlan 60
Now to send some pings from host A to Host B.
HostA#ping 192.168.4.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.4.1, timeout is 2 seconds:
!!!!!
So now, the data plane is working, and we are learning mac-addresses on VLAN50. Notice that Host B appears as being in VLAN50 on Switch 1, even though on switch 2 I put it in access vlan 60. This is because Switch1 tagged the un-tagged frame as it arrived on the trunk port with the native VLAN (vlan 50).
s1#sh mac address-table int fa0/23
Mac Address Table
——————————————-
Vlan Mac Address Type Ports
—- ———– ——– —–
1 0023.0443.0c99 DYNAMIC Fa0/23
50 0016.4661.a4c1 DYNAMIC Fa0/23 (this is Host B)
50 0023.0443.0c99 DYNAMIC Fa0/23 (This is Switch 2)