What did you think of the VLAN Challenge? How did you do? How do you think your colleagues would do? www.practicalnetworking.net/stand-alone/vlans/#challenge
I've watched way to many of your videos in the last couple of days. VLANing was something I technically understood after running into it a bunch on the job, but never learned the basics of. Your two VLAN videos gave me the basics and it just clicked. Thank you!
@@PracticalNetworking agree with P, was a great video,, was fast information and watched it 3 times, pausing so I can "digest". I'm working on my net+ and Sec+ certifications which is how I found my way here. great video
you were able to pack a lot of information in a short amount of time. I am already pretty familiar with this particular topic, but i like watching your content because the highly efficient nature of your instruction is impressive. keep the the excellent work!
Why did Cisco use two "names" for the untagged vlan associated with a port? If configured as an access port, the name is Access vlan, if it is a trunk port, it is called the native vlan. But they are the same thing, an untagged frame that is associated with a specific vlan. In your Virtual Local Area Networks (VLANs) page, in the Native VLAN section, you go out of your way to state, "remember that the Native VLAN concept only applies to Trunk ports; traffic leaving and arriving on an Access port is always expected to be untagged. " To me, it's like the difference between a violin and a fiddle. Hint: they are the same thing, its more about the style of music being played. Access ports will also accept frames with IEEE 802.1Q tags as long as the the tag matches the access vlan, as will the native vlan on a trunk port. So, from an operation point of view, I see very little difference between access vlan and native vlan. Edit: at least some Cisco switches do. For more info google "802.1q tag on access switchport" at the cisco site. I tend to use the terms untagged vlan and native vlan interchangeably, although that may cause some confusion for the jargon purists. I hardly ever use the term access vlan, although I do use the term access port frequently. I suppose the biggest advantage of using the term native vlan only when talking about trunk ports is because that is the keyword that must be used when configuring trunk ports, and the term access vlan must be used when configuring access ports. And there are other esoteric details about what constitutes an untagged frame, e.g. vlan 0 priority tagging, that I won't go into. I think Cisco's choice to use two distinct terms for the same "thing" leads to confusion.
Hi Jon, thanks for the thorough comment. I agree with you, Cisco's terminology here (and in other places) can lead to confusion. The reason I stress the "Native VLAN" only applies to trunk ports is to reinforce that (at least with Cisco switches) setting the Native VLAN on an Access Port does nothing. The Native VLAN configuration itself only applies if the port is a Trunk Port. You touch on this later in your comment, in fact. In truth, the "feature" of an untagged VLAN on a trunk port was a good idea in theory, but I've never really seen the use of a Native VLAN -- most sites simply set it to something unused, as an effort to "disable" the Native VLAN entirely. (there is one use case for the Native VLAN in VOIP, but even that has it's own set of downsides, details here: www.practicalnetworking.net/stand-alone/voice-vlan-auxiliary-vlan/#trunk-native-vlan ) I think your analogy of Fiddle vs Violin is perfect -- a Fiddle is a Violin used to play Folk music. The Native VLAN is the untagged VLAN on a trunk port. Yes, in the end, they are the same thing (a VLAN who's traffic traverses without a tag), but called something different when used in a specific context.
Hi Hana. I spoke to the difference in this post over on the Network Engineering Stack Exchange: networkengineering.stackexchange.com/questions/19377/is-the-default-vlan-simply-the-default-native-untagged-vlan-on-all-interface
Thanks Team for your effort to brought good videos like these. please make portable to mobile screen as well. sometimes I could not able to see configurations clearly on mobile screen.
Good video, my question is why use a Native VLAN? Under what circumstances do you decide that one VLAN should traverse the trunk line untagged? Thank you
Good question! The most common use case for Native VLANs has to do with allowing Voice and Data VLANs to traverse on a single link. Details here: www.practicalnetworking.net/stand-alone/voice-vlan-auxiliary-vlan/ Albeit, that particular use case is considered somewhat legacy for the modern day. Remember a lot of this technology was built simply to provide options and features, and not necessarily with a specific use case in mind. When considering the thought "do we want to create an option to have a VLAN traverse a trunk without a tag" it seems sensible to say yes, just for the sake of providing the option.
Bro, that #A,#T exercise was MONEY, that was an exceptional quiz and I was just thinking to myself: I will be purchasing more of your courses other than TLS, which I'm excited to dive into shortly. I just want to assure my ccna house is in order first. Thank you again and I'm going back through your vids and liking and commenting so get use to my Kali !
After so much time spent viewing your videos again and again, I feel you like a good friend, even I has never met you!! Wish you all the best and priory good health!!! I think that worth after finishing your OSPF series, to make a series about VLANs and VTP/STP with your excellent unique type of teaching! Lastly two questions. Why they said that we should change native VLAN to other than VLAN 1 for security purposes? And as we have change the native VLAN to VLAN 33, if we have p.e. a PC7 attached to a port that not belongs to any VLAN, should be able now to ping p.e. PC3 which belongs to VLAN 33? or the port that PC7 attached should be also firstly setup to belongs to VLAN 33? What happened to all the other switch port that initially setup to be on the native VLAN?
Thank you for the kind words =). Re: VLANs, I've already got some stuff created, they are linked here: www.practicalnetworking.net/index/vlans-index/ VTP/STP are on my list if I ever get the time. Maybe even a full CCNA course, who knows. If PC7 is attached to a switchport set as a Trunk, and PC7 is sending traffic without a tag, the switch will assign that traffic to whatever is configured as the Native VLAN. If it's 33, then PC7's traffic will stay in VLAN 33 and will be able to ping/reach other devices on VLAN 33. Hope this helps =). If you have more Q's, pop in on Discord: pracnet.net/discord
Hi thanks for taking the time to make this video, it was very well done. However, I do have a question about something you said. I'm still pretty new to this, but I think I finally get the definition that 'tagged' ports on a switch will be expecting already tagged packets, while 'untagged' ports will be expecting packets without tags and proceed to assign one. So given that, how come during the 1st quick summary you say that all traffic passing through a trunk is assigned a tag? I thought trunk ports only expect tagged packets, and distribute them accordingly? Thanks if you can answer, I have to start asking these questions now because I will just keep getting confused if I don't ask and keep trying to learn lol.
Hi Bumbaclutz. Good question. If I'm understanding your question correctly, I think it is answered in this video. Rather than trying to summarize the video, let me simply point you in that direction: th-cam.com/video/MmwF1oHOvmg/w-d-xo.html
for what i understand if you have a vlan which uses more packets you dnt need to tag all packets on that vlan, so you can just send all of that traffic untagged and spare the overhead. i am confused on this part so correct me if i am wrong since there always a native vlan present in sw , you can config a vlan e.g vlan 99 and make it native and not use vlan 99 at all for any traffic; this way rest of your vlans work as normal and their packets will be tagged on trunk link, plus your control traffic that uses vlan 1 ( cdp and dtp hello packets ) will be tagged too . in conclusion if you want your packets to not be tagged you can create a vlan and make it native. here is a link for learningnetwork.cisco.com/thread/85047 ( that tell protocols packets sent by default on vlan 1 )
Hello, with respect of your above explanation, regardless of more or less packets, take it like this, Trunk ports support tagged and untagged simultaneously if you are using 802.1q trunking. The trunk port is assigned a default port VLAN ID (PVID) upon which all untagged traffic will travel. This VLAN is called the native VLAN and is always the VLAN 1 by default, but it can be changed to any VLAN number. @@furmal86
Hi Javed, I recently wrote an article which discusses one of the use cases for the Native VLAN. Hope it helps: www.practicalnetworking.net/stand-alone/voice-vlan-auxiliary-vlan/#trunk-native-vlan
This is good but the three main purposes of it according to another video and which line up with the course I recently took are backwards compatibility, voice ip and sending some control and management protocol traffic like cdp, vtp and stp. It's also best practice to have it assigned to a vlan that isn't being used by end users nor management if I understood correctly (maybe just management). What about vlan 1, is that traffic still untagged after changing the native vlan?
Good Questions! All that you said about the Native VLAN is accurate. I was trying to keep this video to 5 minutes or less, so couldn't get into _too_ much additional detail. I just wanted to show the workings of the Native VLAN. But yes, lots of use in Voice. I wrote about that here: www.practicalnetworking.net/stand-alone/voice-vlan-auxiliary-vlan/ As for management traffic, some of that defaults to VLAN 1, some of it defaults to untagged -- there isn't consistency among vendors and implementations. Many folks use the same vendor all over, so it isn't too much of a problem (particularly in switching and L2 domains). > What about vlan 1, is that traffic still untagged after changing the native vlan? Vlan 1 is untagged _because_ it is the default Native VLAN ;). If you change the Native VLAN, traffic on VLAN 1 will be tagged between the switches. (unless the implementation intentionally _always_ sends management traffic w/o a tag, as mentioned above).
@@PracticalNetworking Thanks or the detailed response! And interesting practice questions in the vlan article you had made, never thought about such a scenario.
There is a use case for Native VLAN for supporting VOIP phones on older switches. I wrote about that here: www.practicalnetworking.net/stand-alone/voice-vlan-auxiliary-vlan/ Glad you enjoyed the video =)
Hi..thank you fr a great video. (1) How many native Vlan per port? (2) How many native Vlan per trunk? (3) How many native Vlan per switch? By default native Vlan is Vlan1... what is the best practice... to use default vlan1 or other (non-use) vlan id as a native vlan in a switch. Thank you.
There is only 1 Native VLAN per *trunk* port. Each Trunk port can have their own Native VLAN. I wrote more about all this here: networkengineering.stackexchange.com/a/19379/3675
So what is the actual purpose of the native VLAN? I see traffic that isn’t tagged has less overhead, okay cool. In addition, I’ve read/learned the native VLAN is there for legacy support, such as for switches that don’t have the ability to tag frames or for switches that run different iOS. However, are there any more purposes behind the creation of this VLAN? Thank you in advance for your time. Solid video mate!
Hi Karanja, I recently wrote an article which discusses one of the use cases for the Native VLAN. Hope it helps: www.practicalnetworking.net/stand-alone/voice-vlan-auxiliary-vlan/#trunk-native-vlan
I have always wondered when frames are tagged. 1) Are frames tagged at ingress to a VLAN assigned access (untagged) port? 2)Or, are the frames tagged when they egress a trunk (tagged) port? Thanks for the great networking videos!
Switches could use an actual 802.1q tag internally or some other mechanism for internally 'tagging' frames to specific VLANs. It's probably different for every switch and every switch vendor. Hence, there is no way to answer _exactly_ *when* a tag is added. However, we can say with assurance, that if it conforms to 802.1q specification, a frame egressing a trunk/tagged port *must* include a VLAN tag.
Do we need to allow native vlan on trunk port ? For example if I allow only vlan 22 on trunk port command switchport trunk alloved vlan 22 - does the communication in vlan 33 (native) will be still working ?
> does the communication in vlan 33 (native) will be still working ? Nope, because you removed it from the Allowed VLAN list. The native VLAN doesn't *need* to be Allowed and can be disabled. It's on/allowed by default though, as all other VLANs. www.practicalnetworking.net/stand-alone/configuring-vlans/#trunk_allowed_vlans
You wouldn't _need_ to use the NativeVLAN between two switches that understand and send VLAN tags. The idea behind the Native VLAN is if you are connecting a switch which _doesn't_ understand VLANs to your switch that _does._ It's a way to assign that incoming (untagged) traffic to the VLAN of your choosing.
What is the point of Native VLAN, if this example continued, when computers 1 and 2 respectively on VLAN11 and VLAN22 can still talk to computers across the internet to computers 4 and 5 with the Native VLAN assigned those two switches' trunks is VLAN33?
The Native VLAN doesn't change the path of traffic, it simply affects whether a tag is necessary on the link. A (somewhat antiquated) use-case for the Native VLAN has to do with VOIP and the Voice VLAN: www.practicalnetworking.net/stand-alone/voice-vlan-auxiliary-vlan/#trunk-native-vlan
What if I want to make PC2 and PC5 as a native vlan as well? Is it possible in addition to the PC's 3 and 6, to make PC's 2 and 5 as a native vlan in this trunk port? Or only one native vlan in one trunk port between two switches?
If you did that, and both VLAN 22 and VLAN 33 traffic was traversing the trunk link... how would the receiving switch know what traffic belonged to VLAN 22 vs VLAN 33? If you can answer that, then you'll understand why you can only have one Native VLAN per trunk link. Need a hint? See this video: th-cam.com/video/MmwF1oHOvmg/w-d-xo.html
For several days I’m struggling to find an explanation of the purpose is Native VLAN function itself; I can’t have a normal night of sleep because of that. 🤦♂️ If frames travel trough a Trunk the same way as through a Native VLAN, except tagging, what’s the purpose of configuring a NVLAN on a switch then? I know that all of the interfaces assigned to a NVLAN by default (at the beginning) and it’s a good security practice to change the NVLAN number, but still I don’t get its purpose… sorry, I’m just frustrated.
The purpose is simply to provide a way to associate incoming untagged traffic to the VLAN of your choice. Consider a switch that doesn't support VLANs (or a hub, or Wifi AccessPoint, or whatever...) if that switch is connected to YOUR switch (that _does_ support VLANs) you might want a way to associate that traffic to the VLAN of your choice. Beyond that, there is another use case for VLANs (somewhat legacy now though) outlined in this article: www.practicalnetworking.net/stand-alone/voice-vlan-auxiliary-vlan/
Hi, thank you for showing how it works very clearly: the vlan 33's frames are not tagged when travelling from SW1 to SW2 if native vlan 33 is set on each trunk port OK, but the key point to understand is "what is the goal to untag one specific vlan between two sw ?" OR "should we configure a native vlan not equal to default vlan 1 for each trunk in a topology ?" Backward compatibility is not relevant today, so native vlan is not used for this purpose So, is the only goal = minimise security risk prevent that untagged frames belong to vlan 1 ? Could you clarify ? Regards
I provide a use case for the Native VLAN in this article: www.practicalnetworking.net/stand-alone/voice-vlan-auxiliary-vlan/ The main thought "today" with the Native VLAN is to make sure you aren't using that VLAN for data. So you have two options: 1. Leave Native VLAN as the default (VLAN 1), but don't use VLAN 1 anywhere in your topology 2. Change the Native VLAN to something other than 1 Many people also recommend doing both.
Thanks, i dont understand so much because i am not so good at english, bu thanks And, where i can get switch .image files like in your this video? I struggling looking for cisco switcj so i can add it into gns3
The only approved place to get images for GNS3 is from Cisco. VIRL is another emulation platform that you can buy directly from Cisco and it comes with images pre loaded.
@@PracticalNetworking do you need to purchase it?, because i've been looking for it and found none Os perhaps you must register with account? Because that's how i got my packrt tracer back then And thanks for replying.
PVID is another term for the Native VLAN. I mention this at this part of this other video on VLANs: th-cam.com/video/MmwF1oHOvmg/w-d-xo.html Normally, an Access Port carries one VLAN, and a Trunk port carries multiple VLANs and requires all frames to include a VLAN tag -- with one exception being the Native VLAN (or PVID). It seems a Hybrid port is a trunk port that allows multiple VLANs to traverse without a tag. There would have to be a way to map traffic to a VLAN though, maybe by mac address or IP address or ACL. I think watching the above linked video from that time stamp will help clarify for you.
Greetings a question heart !!! Because if you changed the native Vlan which by default is 1 Example Int F0 / 1 the link Switchport trunk Native Vlan 100 Success Because then you have to create Vlan 100 if you go to the Show int Trunk command and there is Vlan 100 (Native) without having to create it Because the purpose is to pass unlabeled traffic so if I create a vlan 100 it will be empty it will not have assigned ports The normal traffic passes to me without creating it, I simply change the switchport trunk Native Vlan 100 and it passes me normal through the Trunk link but I want to know why you create it if it is For a Traffic without a label Because if I believe it, I will have to assign it a port in access mode and there I will be creating Another Vlan and that is not the purpose of the native Vlan Post Data: in my army I have two switches and two Vlan that communicate via trunk and I also have PCs on both switches to communicate natively I hope you understand me ?
Hi Maria. I'm not following 100% what your question is. I _think_ however, that this video might give you more context: th-cam.com/video/MmwF1oHOvmg/w-d-xo.html Try it out, then feel free to ask further questions on Discord: pracnet.net/discord
Wait.....what network simulation software is being used here? That doesn't look like packet tracer. I ask because I saw you open wireshark directly from the simulation
. for sure they cant connect , its still vlan . the only difference is that the other host is placed on a different lan . native vlans dont tag for a reason i dont know coz they are configutef to be native to each other ? but vlan is still a vlan, just look closely on the header wineshark is giving on transmissions not on the same lan
The intended use is the rare cases where a switch or device doesn't support sending VLAN tags. I have an example of why you would use a Native VLAN here: www.practicalnetworking.net/stand-alone/voice-vlan-auxiliary-vlan/ That's very rare now though, so there isn't much use for Native VLANs in the current world.
@@PracticalNetworking See that's what I was trying to figure out. Why does this thing exist lol. I appreciate the clarification. So more or less Native VLAN is about obsolete? Thanks for the response btw. I've been in networking for years and never really bothered to really look into why these are a thing.
@@Gambo8807 The only use case would be if you are connecting a switch that _does_ support VLANs to a switch that _does NOT_ (i.e., a managed switch to an unmanaged switch), you may want to designate all the incoming untagged frames from the unmanaged switch to a specific VLAN on the managed switch. But yea, over all pretty rare.
Ed, A great excellent networking learning website. I subscribe it in no time. on the subject of VLAN, would you please present a html regarding 1st) how does management VLAN associate with remote access login(vty line)?.. 2nd) any relationship/what difference between management vlan and native vlan? or are they simply totally different subject , nothing related?
To be honest, I recorded this a few years ago on an older computer I don't have access to anymore. I'm not 100% sure what version of IOS I used. More than likely it was IOSv.
Suppose you have Switch X that doesn't' support VLANs / 802.1q and you have it connected to your switch (Switch A) that DOES support VLANs. You'd want to associate the frames coming in from Switch X to a particular VLAN on Switch A. The Native VLAN would allow that. There is also another use case for Native VLANs that is outlined in this article discussing Voice VLANs: www.practicalnetworking.net/stand-alone/voice-vlan-auxiliary-vlan/
Wireshark is my defacto tool for analyzing HTTPS. It can do HTTPS decryption if you provide it with the necessary keys. To learn more about HTTPS, check out this class: www.practicalnetworking.net/classes/tls/
What did you think of the VLAN Challenge? How did you do? How do you think your colleagues would do?
www.practicalnetworking.net/stand-alone/vlans/#challenge
Great quiz. Got both right, but it took a while keeping track of all the native vlan mismatches :) .
HPE ArubaNetworks AOS-CX uses TRUNKING (and access ports). The AOS-CX commands are similar to Cisco's but the devil is in the details.
do you offer any courses on udemy or cbt?
Yep. Here you go: classes.pracnet.net/
Wow, the challenge cemented the theory for me. Thank you.
Explained this concept so much more clearly than every other video I've watched
=) Thank you for the kind words, Chris. Sorry that I'm only just now seeing this comment !
I've watched way to many of your videos in the last couple of days. VLANing was something I technically understood after running into it a bunch on the job, but never learned the basics of. Your two VLAN videos gave me the basics and it just clicked. Thank you!
_too_ many? No such things ;)
Glad you enjoyed the VLAN content, Devin. Glad you've enjoyed the channel. =)
Clear, concise without dragging out (so you can pause if you need to be no time wasting).
Good job.
Thanks P, glad you enjoyed the video =)
@@PracticalNetworking agree with P, was a great video,, was fast information and watched it 3 times, pausing so I can "digest". I'm working on my net+ and Sec+ certifications which is how I found my way here. great video
you were able to pack a lot of information in a short amount of time. I am already pretty familiar with this particular topic, but i like watching your content because the highly efficient nature of your instruction is impressive. keep the the excellent work!
Thanks for the kind words =) I'm glad you enjoyed the video!
This is by far the best explanation of Native Vlan ever!!!!!!! Thank you so much!!!!!!!!!
Your videos are always if high quality and easy to understand.please bring videos on ccna security and data center .
Thanks for the kind words =) And the suggestion for future content!
Why did Cisco use two "names" for the untagged vlan associated with a port? If configured as an access port, the name is Access vlan, if it is a trunk port, it is called the native vlan. But they are the same thing, an untagged frame that is associated with a specific vlan.
In your Virtual Local Area Networks (VLANs) page, in the Native VLAN section, you go out of your way to state, "remember that the Native VLAN concept only applies to Trunk ports; traffic leaving and arriving on an Access port is always expected to be untagged.
"
To me, it's like the difference between a violin and a fiddle. Hint: they are the same thing, its more about the style of music being played.
Access ports will also accept frames with IEEE 802.1Q tags as long as the the tag matches the access vlan, as will the native vlan on a trunk port. So, from an operation point of view, I see very little difference between access vlan and native vlan. Edit: at least some Cisco switches do. For more info google "802.1q tag on access switchport" at the cisco site.
I tend to use the terms untagged vlan and native vlan interchangeably, although that may cause some confusion for the jargon purists. I hardly ever use the term access vlan, although I do use the term access port frequently.
I suppose the biggest advantage of using the term native vlan only when talking about trunk ports is because that is the keyword that must be used when configuring trunk ports, and the term access vlan must be used when configuring access ports.
And there are other esoteric details about what constitutes an untagged frame, e.g. vlan 0 priority tagging, that I won't go into.
I think Cisco's choice to use two distinct terms for the same "thing" leads to confusion.
Hi Jon, thanks for the thorough comment. I agree with you, Cisco's terminology here (and in other places) can lead to confusion.
The reason I stress the "Native VLAN" only applies to trunk ports is to reinforce that (at least with Cisco switches) setting the Native VLAN on an Access Port does nothing. The Native VLAN configuration itself only applies if the port is a Trunk Port. You touch on this later in your comment, in fact.
In truth, the "feature" of an untagged VLAN on a trunk port was a good idea in theory, but I've never really seen the use of a Native VLAN -- most sites simply set it to something unused, as an effort to "disable" the Native VLAN entirely. (there is one use case for the Native VLAN in VOIP, but even that has it's own set of downsides, details here: www.practicalnetworking.net/stand-alone/voice-vlan-auxiliary-vlan/#trunk-native-vlan )
I think your analogy of Fiddle vs Violin is perfect -- a Fiddle is a Violin used to play Folk music. The Native VLAN is the untagged VLAN on a trunk port. Yes, in the end, they are the same thing (a VLAN who's traffic traverses without a tag), but called something different when used in a specific context.
What you are doing is absolutely fascinating. Keep going!
Thank you, Asher, for supporting the channel and contributing to the continued creation of more content.
Amazing video! Clarified the concept of Native VLANs in a concise manner.
For me this the best video that explains native vlan
Glad you enjoyed it, Samso =)
Wow 😍 what a crystal clear explanation you have given 👍
Thank you, Rohit =)
wow, you explained several complicated concepts clearly in under 6 minutes, great job!!! thank you!
You're very welcome!
Please make a video explaining the differences between DEFAULT VLAN and NATIVE VLAN. thanks! great vid
Hi Hana. I spoke to the difference in this post over on the Network Engineering Stack Exchange: networkengineering.stackexchange.com/questions/19377/is-the-default-vlan-simply-the-default-native-untagged-vlan-on-all-interface
@@PracticalNetworking Thank you!
You're welcome!
Thanks Team for your effort to brought good videos like these.
please make portable to mobile screen as well. sometimes I could not able to see configurations clearly on mobile screen.
Noted. Thanks for the feedback. Glad you enjoyed the series.
Great video! I like the illustration of this, and clearly explained what native VLAN is as compared to other videos I found.
Thank you! Glad you enjoyed it.
Your Explanation is simply Awesome ...
Thank you, glad you enjoy them =)
Great explanation, helped clear my grey cells about this after seeing a few othe vids on the same subject. Clear and concise. Thank you
Glad it helped =)
Glad it helped =)
Glad it helped =)
that's a great way to explain the tagged and untagged..tnx!!!
Great explanation. But i think the real question is not what, but when and why would you use the native vlan.
Good video, my question is why use a Native VLAN? Under what circumstances do you decide that one VLAN should traverse the trunk line untagged? Thank you
Good question! The most common use case for Native VLANs has to do with allowing Voice and Data VLANs to traverse on a single link. Details here: www.practicalnetworking.net/stand-alone/voice-vlan-auxiliary-vlan/
Albeit, that particular use case is considered somewhat legacy for the modern day.
Remember a lot of this technology was built simply to provide options and features, and not necessarily with a specific use case in mind. When considering the thought "do we want to create an option to have a VLAN traverse a trunk without a tag" it seems sensible to say yes, just for the sake of providing the option.
Thank you for these videos. Please create more such kind of videos.
You're welcome. Glad you enjoyed it =)
@@PracticalNetworking Do you have Network Troubleshoot video series? I am really interested in it.
Mate your teaching is awesome. Nuff said
Thanks Rui =) I appreciate the kind words!
This was awesome...!! I request you to make more videos like this...!!!
The next video I plan to make will cover the `network` command and will be similar format to this one (explanation, plus live configuration). =)
Excellent videos, can you please do video on VLAN filtering , perfect, hash and Double VLAN , stripping.
Bro, that #A,#T exercise was MONEY, that was an exceptional quiz and I was just thinking to myself: I will be purchasing more of your courses other than TLS, which I'm excited to dive into shortly. I just want to assure my ccna house is in order first. Thank you again and I'm going back through your vids and liking and commenting so get use to my Kali !
Very nice video....keep up the good job and thank you for your time!!!
Thank you - very nicely explained and demonstrated.
Your video is really good, explained network terms clearly!!!!!!
Thank you =) Glad you enjoyed it.
Wow awesome... Please sir I have a complain, the CLI is too little I can't see it. Maybe you make it bold next time. Thank you sir
I'll remember that for future videos. Sorry it was small in this video =(. Glad you enjoyed the content either way.
Crystal clear explanation ✌️
Thank you 😊
You are welcome 😊
After so much time spent viewing your videos again and again, I feel you like a good friend, even I has never met you!!
Wish you all the best and priory good health!!!
I think that worth after finishing your OSPF series, to make a series about VLANs and VTP/STP with your excellent unique type of teaching!
Lastly two questions.
Why they said that we should change native VLAN to other than VLAN 1 for security purposes?
And as we have change the native VLAN to VLAN 33, if we have p.e. a PC7 attached to a port that not belongs to any VLAN, should be able now to ping p.e. PC3 which belongs to VLAN 33? or the port that PC7 attached should be also firstly setup to belongs to VLAN 33? What happened to all the other switch port that initially setup to be on the native VLAN?
Thank you for the kind words =).
Re: VLANs, I've already got some stuff created, they are linked here: www.practicalnetworking.net/index/vlans-index/
VTP/STP are on my list if I ever get the time. Maybe even a full CCNA course, who knows.
If PC7 is attached to a switchport set as a Trunk, and PC7 is sending traffic without a tag, the switch will assign that traffic to whatever is configured as the Native VLAN. If it's 33, then PC7's traffic will stay in VLAN 33 and will be able to ping/reach other devices on VLAN 33.
Hope this helps =). If you have more Q's, pop in on Discord: pracnet.net/discord
@@PracticalNetworking Many many thanks for your response.
A full CCNA course, created from you, is our dream that sometime should become true!!
@@pmanolak It's something I think about very often. Who knows what the future will hold =)
@@PracticalNetworking that's true!! 🙂
Another well explained video. Thanks
Keep it up you good at this TH-cam thang. This will help me with ccna that i take end of this month!
Clear explanation Ed but why we need Native vlan ?
Very clear and concise. Thank you
You are welcome!
Hi thanks for taking the time to make this video, it was very well done. However, I do have a question about something you said.
I'm still pretty new to this, but I think I finally get the definition that 'tagged' ports on a switch will be expecting already tagged packets, while 'untagged' ports will be expecting packets without tags and proceed to assign one.
So given that, how come during the 1st quick summary you say that all traffic passing through a trunk is assigned a tag? I thought trunk ports only expect tagged packets, and distribute them accordingly?
Thanks if you can answer, I have to start asking these questions now because I will just keep getting confused if I don't ask and keep trying to learn lol.
Hi Bumbaclutz. Good question. If I'm understanding your question correctly, I think it is answered in this video. Rather than trying to summarize the video, let me simply point you in that direction: th-cam.com/video/MmwF1oHOvmg/w-d-xo.html
What are the real time applications of configuring native vlan the network, I mean which scenarios it is used?
for what i understand if you have a vlan which uses more packets you dnt need to tag all packets on that vlan, so you can just send all of that traffic untagged and spare the overhead.
i am confused on this part so correct me if i am wrong since there always a native vlan present in sw , you can config a vlan e.g vlan 99 and make it native and not use vlan 99 at all for any traffic; this way rest of your vlans work as normal and their packets will be tagged on trunk link, plus your control traffic that uses vlan 1 ( cdp and dtp hello packets ) will be tagged too .
in conclusion if you want your packets to not be tagged you can create a vlan and make it native.
here is a link for learningnetwork.cisco.com/thread/85047 ( that tell protocols packets sent by default on vlan 1 )
Hello, with respect of your above explanation, regardless of more or less packets, take it like this, Trunk ports support tagged and untagged simultaneously if you are using 802.1q trunking. The trunk port is assigned a default port VLAN ID (PVID) upon which all untagged traffic will travel. This VLAN is called the native VLAN and is always the VLAN 1 by default, but it can be changed to any VLAN number. @@furmal86
Hi Javed, I recently wrote an article which discusses one of the use cases for the Native VLAN. Hope it helps:
www.practicalnetworking.net/stand-alone/voice-vlan-auxiliary-vlan/#trunk-native-vlan
This is good but the three main purposes of it according to another video and which line up with the course I recently took are backwards compatibility, voice ip and sending some control and management protocol traffic like cdp, vtp and stp. It's also best practice to have it assigned to a vlan that isn't being used by end users nor management if I understood correctly (maybe just management).
What about vlan 1, is that traffic still untagged after changing the native vlan?
Good Questions!
All that you said about the Native VLAN is accurate. I was trying to keep this video to 5 minutes or less, so couldn't get into _too_ much additional detail. I just wanted to show the workings of the Native VLAN.
But yes, lots of use in Voice. I wrote about that here: www.practicalnetworking.net/stand-alone/voice-vlan-auxiliary-vlan/
As for management traffic, some of that defaults to VLAN 1, some of it defaults to untagged -- there isn't consistency among vendors and implementations. Many folks use the same vendor all over, so it isn't too much of a problem (particularly in switching and L2 domains).
> What about vlan 1, is that traffic still untagged after changing the native vlan?
Vlan 1 is untagged _because_ it is the default Native VLAN ;). If you change the Native VLAN, traffic on VLAN 1 will be tagged between the switches.
(unless the implementation intentionally _always_ sends management traffic w/o a tag, as mentioned above).
@@PracticalNetworking Thanks or the detailed response!
And interesting practice questions in the vlan article you had made, never thought about such a scenario.
@@Alianger Glad you enjoyed it =). Cheers, Alianger!
Extraordinary, much appreciate your efforts :)
Gladly!
another awesome video on VLAN!!!
Thank you =)
Great video. Should native vlans match on both switches?
Great video! I find an experiment here. And a little suggestion, if you explain in the real scenario, when will we use the native VLAN feature?
There is a use case for Native VLAN for supporting VOIP phones on older switches. I wrote about that here:
www.practicalnetworking.net/stand-alone/voice-vlan-auxiliary-vlan/
Glad you enjoyed the video =)
Thank you so much bro!!!!!! really explained very well
Glad it helped!
Hi..thank you fr a great video. (1) How many native Vlan per port? (2) How many native Vlan per trunk? (3) How many native Vlan per switch? By default native Vlan is Vlan1... what is the best practice... to use default vlan1 or other (non-use) vlan id as a native vlan in a switch. Thank you.
There is only 1 Native VLAN per *trunk* port. Each Trunk port can have their own Native VLAN. I wrote more about all this here: networkengineering.stackexchange.com/a/19379/3675
Much easier to understand. Thanks
=) You're welcome!
THANK YOU, I finally understand it
Wohoo! Congrats!
So what is the actual purpose of the native VLAN? I see traffic that isn’t tagged has less overhead, okay cool. In addition, I’ve read/learned the native VLAN is there for legacy support, such as for switches that don’t have the ability to tag frames or for switches that run different iOS. However, are there any more purposes behind the creation of this VLAN?
Thank you in advance for your time. Solid video mate!
Hi Karanja,
I recently wrote an article which discusses one of the use cases for the Native VLAN. Hope it helps:
www.practicalnetworking.net/stand-alone/voice-vlan-auxiliary-vlan/#trunk-native-vlan
Thanks for that article. I found it helpful. Appreciate you.
Great video ! Thank you !
You're welcome =) Glad you liked it!
Please add videos for routing protocols eg OSPF
It's on my list. =) Thanks, Priyanka.
Great Video thnk you so much. keep rocking
Thank you, RD =)
I have always wondered when frames are tagged. 1) Are frames tagged at ingress to a VLAN assigned access (untagged) port? 2)Or, are the frames tagged when they egress a trunk (tagged) port? Thanks for the great networking videos!
Switches could use an actual 802.1q tag internally or some other mechanism for internally 'tagging' frames to specific VLANs. It's probably different for every switch and every switch vendor. Hence, there is no way to answer _exactly_ *when* a tag is added.
However, we can say with assurance, that if it conforms to 802.1q specification, a frame egressing a trunk/tagged port *must* include a VLAN tag.
Do we need to allow native vlan on trunk port ?
For example if I allow only vlan 22 on trunk port command switchport trunk alloved vlan 22 - does the communication in vlan 33 (native) will be still working ?
> does the communication in vlan 33 (native) will be still working ?
Nope, because you removed it from the Allowed VLAN list.
The native VLAN doesn't *need* to be Allowed and can be disabled. It's on/allowed by default though, as all other VLANs.
www.practicalnetworking.net/stand-alone/configuring-vlans/#trunk_allowed_vlans
@@PracticalNetworking thanks :)
Why native VLAN isn't tagged across the switches?
When other VLANs are tagged, what if native would also be tagged?
You wouldn't _need_ to use the NativeVLAN between two switches that understand and send VLAN tags. The idea behind the Native VLAN is if you are connecting a switch which _doesn't_ understand VLANs to your switch that _does._ It's a way to assign that incoming (untagged) traffic to the VLAN of your choosing.
What is the point of Native VLAN, if this example continued, when computers 1 and 2 respectively on VLAN11 and VLAN22 can still talk to computers across the internet to computers 4 and 5 with the Native VLAN assigned those two switches' trunks is VLAN33?
The Native VLAN doesn't change the path of traffic, it simply affects whether a tag is necessary on the link. A (somewhat antiquated) use-case for the Native VLAN has to do with VOIP and the Voice VLAN: www.practicalnetworking.net/stand-alone/voice-vlan-auxiliary-vlan/#trunk-native-vlan
What if I want to make PC2 and PC5 as a native vlan as well? Is it possible in addition to the PC's 3 and 6, to make PC's 2 and 5 as a native vlan in this trunk port? Or only one native vlan in one trunk port between two switches?
If you did that, and both VLAN 22 and VLAN 33 traffic was traversing the trunk link... how would the receiving switch know what traffic belonged to VLAN 22 vs VLAN 33?
If you can answer that, then you'll understand why you can only have one Native VLAN per trunk link.
Need a hint? See this video: th-cam.com/video/MmwF1oHOvmg/w-d-xo.html
Thank you so much! This is fantastic!
For several days I’m struggling to find an explanation of the purpose is Native VLAN function itself; I can’t have a normal night of sleep because of that. 🤦♂️
If frames travel trough a Trunk the same way as through a Native VLAN, except tagging, what’s the purpose of configuring a NVLAN on a switch then? I know that all of the interfaces assigned to a NVLAN by default (at the beginning) and it’s a good security practice to change the NVLAN number, but still I don’t get its purpose… sorry, I’m just frustrated.
The purpose is simply to provide a way to associate incoming untagged traffic to the VLAN of your choice. Consider a switch that doesn't support VLANs (or a hub, or Wifi AccessPoint, or whatever...) if that switch is connected to YOUR switch (that _does_ support VLANs) you might want a way to associate that traffic to the VLAN of your choice.
Beyond that, there is another use case for VLANs (somewhat legacy now though) outlined in this article:
www.practicalnetworking.net/stand-alone/voice-vlan-auxiliary-vlan/
You're good but your videos are never clear that's why I love Jeremy.
To each their own. =)
Well explained thank you.
You're welcome!
Bro, U r a legend
Thank you for the kind words =)
Thank you very much for this vídeo
You are welcome
Great video!
Thank you, Sean =)
Hi, thank you for showing how it works very clearly: the vlan 33's frames are not tagged when travelling from SW1 to SW2 if native vlan 33 is set on each trunk port
OK, but the key point to understand is "what is the goal to untag one specific vlan between two sw ?"
OR "should we configure a native vlan not equal to default vlan 1 for each trunk in a topology ?"
Backward compatibility is not relevant today, so native vlan is not used for this purpose
So, is the only goal = minimise security risk prevent that untagged frames belong to vlan 1 ?
Could you clarify ?
Regards
I provide a use case for the Native VLAN in this article:
www.practicalnetworking.net/stand-alone/voice-vlan-auxiliary-vlan/
The main thought "today" with the Native VLAN is to make sure you aren't using that VLAN for data. So you have two options:
1. Leave Native VLAN as the default (VLAN 1), but don't use VLAN 1 anywhere in your topology
2. Change the Native VLAN to something other than 1
Many people also recommend doing both.
Great video 💯💯.. thank you 💙
You're welcome =)
What a beautiful video! :)
Thanks alot, highly appreciated.
Gladly. =)
Thanks, i dont understand so much because i am not so good at english, bu thanks
And, where i can get switch .image files like in your this video?
I struggling looking for cisco switcj so i can add it into gns3
The only approved place to get images for GNS3 is from Cisco. VIRL is another emulation platform that you can buy directly from Cisco and it comes with images pre loaded.
@@PracticalNetworking do you need to purchase it?, because i've been looking for it and found none
Os perhaps you must register with account?
Because that's how i got my packrt tracer back then
And thanks for replying.
Thank you its cleared with me
Glad it helped =)
great video!
Glad you enjoyed it, Alexander!
I loved it.
finally Native Vlan Demystified.
=)
Excelent ... well done ...
Thank you! Cheers!
Great video.
Excellent !
Glad you like it!
Excellent 👍🏻👍🏻👍🏻👍🏻👍🏻
Thanks 👍
Saved my Life
In that case, I'm VERY glad you found this video =)
I am learning CCNP and HCNP recently. Huawei's PVID and hybrid concepts are killing me. Can you explain them?
PVID is another term for the Native VLAN. I mention this at this part of this other video on VLANs:
th-cam.com/video/MmwF1oHOvmg/w-d-xo.html
Normally, an Access Port carries one VLAN, and a Trunk port carries multiple VLANs and requires all frames to include a VLAN tag -- with one exception being the Native VLAN (or PVID). It seems a Hybrid port is a trunk port that allows multiple VLANs to traverse without a tag. There would have to be a way to map traffic to a VLAN though, maybe by mac address or IP address or ACL. I think watching the above linked video from that time stamp will help clarify for you.
So nice, thanks
Most welcome 😊
Greetings a question heart !!! Because if you changed the native Vlan which by default is 1
Example
Int F0 / 1 the link
Switchport trunk Native Vlan 100
Success
Because then you have to create Vlan 100 if you go to the Show int Trunk command and there is Vlan 100 (Native) without having to create it
Because the purpose is to pass unlabeled traffic so if I create a vlan 100 it will be empty it will not have assigned ports
The normal traffic passes to me without creating it, I simply change the switchport trunk Native Vlan 100 and it passes me normal through the Trunk link but I want to know why you create it if it is For a Traffic without a label
Because if I believe it, I will have to assign it a port in access mode and there I will be creating Another Vlan and that is not the purpose of the native Vlan
Post Data: in my army I have two switches and two Vlan that communicate via trunk and I also have PCs on both switches to communicate natively
I hope you understand me ?
Hi Maria. I'm not following 100% what your question is. I _think_ however, that this video might give you more context: th-cam.com/video/MmwF1oHOvmg/w-d-xo.html
Try it out, then feel free to ask further questions on Discord: pracnet.net/discord
How do you use Switch in gns
Could you please make a video on
How to use switch in gns 3.
Thanks so much bro
No problem
Definitive Indeed !!
=)
this is helpful
Glad you thought so, Lisandro =)
Wait.....what network simulation software is being used here? That doesn't look like packet tracer. I ask because I saw you open wireshark directly from the simulation
That software is GNS3 =)
@@PracticalNetworking Wireshark comes preinstalled on GNS3?
@@jasonbourne1218 Yes. I believe so. But don't take my word for it, look it up here: www.gns3.com/
. for sure they cant connect , its still vlan . the only difference is that the other host is placed on a different lan . native vlans dont tag for a reason i dont know coz they are configutef to be native to each other ? but vlan is still a vlan, just look closely on the header wineshark is giving on transmissions not on the same lan
Great video, thank you
Make video how is DNS work please. Thanks
DNS is on my list =)
Is native vlan mainly used to save memory usage?
The intended use is the rare cases where a switch or device doesn't support sending VLAN tags. I have an example of why you would use a Native VLAN here: www.practicalnetworking.net/stand-alone/voice-vlan-auxiliary-vlan/
That's very rare now though, so there isn't much use for Native VLANs in the current world.
@@PracticalNetworking See that's what I was trying to figure out. Why does this thing exist lol. I appreciate the clarification. So more or less Native VLAN is about obsolete? Thanks for the response btw. I've been in networking for years and never really bothered to really look into why these are a thing.
@@Gambo8807 The only use case would be if you are connecting a switch that _does_ support VLANs to a switch that _does NOT_ (i.e., a managed switch to an unmanaged switch), you may want to designate all the incoming untagged frames from the unmanaged switch to a specific VLAN on the managed switch.
But yea, over all pretty rare.
What's the difference between Native VLAN and Default VLAN?
Great question. I wrote about the difference here: networkengineering.stackexchange.com/a/19379
Ed,
A great excellent networking learning website. I subscribe it in no time.
on the subject of VLAN, would you please present a html regarding
1st) how does management VLAN associate with remote access login(vty line)?..
2nd) any relationship/what difference between management vlan and native vlan?
or are they simply totally different subject , nothing related?
Hi I.Wu, glad you enjoyed the content =)
I responded on my website:
www.practicalnetworking.net/stand-alone/what-is-the-native-vlan/#comment-105814
Great video thank you this
Thank you =)
What IOS / model are you using for these layer 3 switches?
To be honest, I recorded this a few years ago on an older computer I don't have access to anymore. I'm not 100% sure what version of IOS I used. More than likely it was IOSv.
@@PracticalNetworking Your videos are so amazing. You should make a full ccna course it would be so informative!
Wow you can change the font for notpad?
Ha! ;) Learning the important things from this video. =)
@@PracticalNetworking Haha good video btw :)
Glad you enjoyed it. =)
could you tell me please, what is the name of application which you are using to simulate network ?
GNS3
thanks buddy
You're welcome!
hmm but why would i want to do this? is is faster or something?
Suppose you have Switch X that doesn't' support VLANs / 802.1q and you have it connected to your switch (Switch A) that DOES support VLANs. You'd want to associate the frames coming in from Switch X to a particular VLAN on Switch A. The Native VLAN would allow that.
There is also another use case for Native VLANs that is outlined in this article discussing Voice VLANs:
www.practicalnetworking.net/stand-alone/voice-vlan-auxiliary-vlan/
@@PracticalNetworking and of course great answer as always, thank you
Happy to help =)
Amazing!!!!
thank you sir
Most welcome
hello actually i am doing malware analysis in https so what are the best tools for analyzing traffic apart from wireshark i have pcaps also....
Wireshark is my defacto tool for analyzing HTTPS. It can do HTTPS decryption if you provide it with the necessary keys. To learn more about HTTPS, check out this class:
www.practicalnetworking.net/classes/tls/