What is a native vlan

What is native vlan and use cases?

In networking, the native VLAN (Virtual Local Area Network) refers to the default VLAN on a trunk port. A trunk port is a network port that can carry traffic for multiple VLANs simultaneously. 

Here's how the native VLAN works and some of its use cases:

1. **Default Untagged VLAN**: When frames traverse a trunk link, they typically have VLAN tags that identify which VLAN they belong to. However, frames that don't have a VLAN tag, such as frames originating from devices that are not VLAN-aware, will be assigned to the native VLAN by default.

2. **Inter-VLAN Communication**: In some network setups, the native VLAN is used for communication between devices that are on different VLANs. For example, if a router is connected to a switch via a trunk link and it's configured to route traffic between VLANs, the frames coming from different VLANs can be untagged and placed into the native VLAN, making it easier for the router to process them.

3. **Legacy Equipment Support**: The native VLAN can also be useful for supporting legacy devices or devices that don't support VLAN tagging. By configuring the native VLAN appropriately, you can ensure that these devices can communicate with other devices on the network.

4. **Management Traffic**: Sometimes, the native VLAN is used for carrying management traffic. This could include traffic for device management protocols, such as SNMP (Simple Network Management Protocol), SSH (Secure Shell), or Telnet.

5. **Security and Segmentation**: While the native VLAN has its uses, it's important to note that leaving it at its default setting can pose security risks, as it can potentially allow unauthorized access to VLANs. Therefore, it's recommended to configure the native VLAN intentionally and avoid using it for regular data traffic if possible. Proper VLAN segmentation and access control should be implemented to ensure network security.

Overall, the native VLAN plays a crucial role in trunking scenarios and can be leveraged for various purposes, including facilitating communication between VLANs, supporting legacy devices, and managing network traffic effectively.

The post explains the concepts of native vlan and how it works in a real-time environment.

In the above diagram, PC1 is connected to port 2 on the switch SW1. The port is a member of vlan 2. PC2 is connected to port 3 on SW1. The port is a member of vlan 3. PC3 is connected to Port 2 on SW2, which is a member of VLAN 2 and PC3 is connected to port 3 on SW2 which is a member of VLAN 3. SW1 and SW2 are connected to each other using a trunk link as shown in the diagram. The trunk is used for carrying traffic for VLAN 2 and VLAN 3 across the switches. VLAN 2 is configured as native VLAN.

Let’s take an example where PC2 pings PC4. PC2 and PC4 are members of VLAN 3 which is not a native VLAN. The following sequence of events would follow.

1. The ping packet generated by PC2 would be encapsulated in an ethernet frame.
2. Since PC4 is on another switch, the trunk link would be used to send out the ethernet frame from the SW1.
3. When the ethernet frame encapsulating the ping packet, reaches port Fa0/4 on the SW1, the switch would insert a VLAN tag, based on the protocol used (802.1q or ISL) on the trunk, which would include the vlan information, which in this case would be vlan 3.
4. When the frame reaches Fa0/4 on SW2 (Other side of the trunk), SW2 would look into the tag information and identify which vlan is the frame intended for, strip the tag and forward it to PC4.

Let’s take an example where PC1 pings PC3. PC1 and PC3 are members of vlan 2 which is configured as native vlan.

1. The ping packet generated by PC1 would be encapsulated in an ethernet frame
2. Since PC3 is on another switch, the trunk link would be used to send out the ethernet frame from SW1.
3. When the ethernet frame encapsulating the ping packet reaches port Fa0/4 on SW1, the switch would not insert a tag since vlan 2 is configured as a native vlan.
4. When a vlan is configured as native, it implies to the switch that traffic originating from the specific vlan should not be tagged (Inserted with additional 802.1q or ISL header) and it should pass through the trunk as a normal ethernet frame.
5. When the frame reaches Fa0/4 on SW2, it would be treated as a normal ethernet frame and would be forwarded to the intended recepient, which is PC3.

what will happen if PC1 pings PC4?

When PC1 pings PC4, the following sequence of events occurs:

1. PC1 sends an ICMP echo request to PC4. This frame leaves PC1's network interface and reaches port 2 on SW1.

2. Since port 2 on SW1 is a member of VLAN 2, the frame is tagged with VLAN 2 information and forwarded towards the trunk link between SW1 and SW2.

3. The trunk link carries traffic for VLAN 2 and VLAN 3. Since VLAN 2 is configured as the native VLAN, the frame leaving SW1 towards SW2 will have no VLAN tagging (it will be untagged).

4. The frame arrives at SW2 through its trunk link and is forwarded out of port 2 since PC3 is connected to port 2 and is a member of VLAN 2.

5. The frame reaches PC3. However, since PC3 is not the intended recipient, it will drop the frame.

6. As a result, PC1 will not receive any response from PC4, and the ping will fail.

The reason for this failure is that VLANs are meant to segregate network traffic logically. In this setup, PC1 and PC4 are in different VLANs (VLAN 2 and VLAN 3, respectively), and they are not directly connected. Therefore, without proper routing or a layer 3 device (like a router) to facilitate communication between the VLANs, they cannot directly communicate with each other.