Control Protocols and the Native VLAN

I've always been told, read, and heard (be it through workbooks, videos, classes) that one of the reasons why VLAN 1 cannot be deleted is not because it's a default VLAN but because it carries control traffic (CDP, STP, DTP, VTP, PagP). If you remove VLAN 1 from the trunk allowed VLAN list, all you are doing is pruning data traffic but control traffic still gets sent through the trunk on VLAN 1. If you change the native VLAN to any other value, data traffic uses it but control traffic still uses VLAN 1. The only difference is that in this case, control traffic gets tagged with ID 1 since another VLAN value is the native VLAN (non-tagged traffic).

Well, I was bored last night and had some spare time. I ran the following tests while running wireshark and this is what I found:

SW1-----Dot1Q Trunk-----SW2

1. The native VLAN is 1 and allowed in the trunk allowed list: VTP and DTP were sent on VLAN 1 with a tag whereas CDP was sent without any tag. Why would the switch tag VTP and DTP when VLAN 1 was native and should not be tagging anything? Since CDP was sent tagless, it raises the question as to whether it was in fact being sent on VLAN 1 or it was just being sent without regards to any VLAN. Furthermore, ICMP traffic was not tagged (this was expected)

2. The native VLAN is 1 and removed off the trunk allowed list: Same behavior as above, except that ICMP traffic was dropped (this was expected)

**3. The native VLAN is 2, VLAN 2 exists in the database, and it is allowed in the trunk allowed list: **VTP and DTP were sent on VLAN 2 with a tag whereas CDP was sent without any tag. Why would the switch tag VTP and DTP when VLAN 2 was native and should not be tagging anything? Since CDP was sent tagless, it raises the question as to whether it was in fact being sent on VLAN 2 or it was just being sent without regards to any VLAN. Furthermore, ICMP traffic was not tagged (this is expected)

4. The native VLAN is 2, VLAN 2 exists in the database, and it is removed off the trunk allowed list: Same behavior as in number 3, except that ICMP traffic was dropped (this was expected)

**5. The native VLAN is 100, VLAN 100 does not exist in the database, and it is allowed in the trunk allowed list: **VTP and DTP were sent on VLAN 100 with a tag whereas CDP was sent without any tag. Why would the switch tag VTP and DTP when VLAN 100 was native and should not be tagging anything? Since CDP was sent tagless, it raises the question as to whether it was in fact being sent on VLAN 100 or it was just being sent without regards to any VLAN

While I did not test STP or PagP, it seems to me that certain control traffic is sent on the CURRENTLY configured native VLAN and that CDP is sent without regards to any VLAN. What are your thoughts?

Comments

  • JoeMJoeM ✭✭✭

    Hi Gabe. Nice lab testing. I also thought like you regarding what some have called the "vlan 1 myth" regarding the deletion of vlan 1. Then I learned that these control protocols use vlan 1 regardless of whether vlan 1 was on a truck or not.

    Wireshark even gives the destination as "CDP/VTP/DTP/PAgP/UDLD"

    However, I was not able to reproduce your findings. It could be because I have an old GNS3 image (c3745).

    Here is one thing that I did see in wireshark for VTP regardless of the native vlan -- while using DOT1Q trunking.
    ISL VLAN ID: 0X0001
    .

    .

    So, I am wondering ......since ISL is obsolete now, has the the strategy changed. As you say, it is now TAGGING these controls with the native vlan.

    Can you show your wireshark output?
    Maybe attach a packet capture including the different protocols.

    Also, what switches are you for testing? My guess a much more up-to-date version than I am testing with here.

    Thanks Gabe.

  • Hi Joe,
    Thanks for responding, I will re-run these tests and save the captures. Stay tuned :)

    I was using L2 IOL image version 15.2.

Sign In or Register to comment.