Default Vlan, Native Vlan, Access, Trunk
针对Vlan的一些概念,需要首先确认的是,基于Vlan的设计原理,即隔离网络的广播域,在同一个设备集中不同Vlan之间是无法通信的(在没有三层设备的情况下)。这是讨论Vlan其他概念的一个先决条件。
为什么要加上同一个设备集这个前提条件呢,下面我们来看一下这个例子,
在该实验中,PC1与PC2分处两个不同的Vlan,但是他们确是可以直接通信的。 Ping statistics for 192.168.1.12: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 78ms, Maximum = 94ms, Average = 90ms
这主要是因为S1与S2是两个不同的Vlan集,由于他们之间是通过access接口连接的,所以他们之间并没有Vlan间的关联,所以他们之间是可以通信的。S1的f0/1,f0/2是属于同一个Vlan 100,所以他们之间可以交换数据。S2的f0/1,f0/2也是属于同一个Vlan 200,所以他们之间也可以交换数据。那么S1与S2之间呢,由于他们之间的access接口连接,他们之间并无关联关系,所以他们也是可以通信的。
这里如果将S1和S2之间的连接换成trunk,那么他们是无法通信的,因为trunk的级联将两个交换机关联成了一个大的Vlan集,没有三层设备,他们是无法通信的。
同样的如果将S1的f0/1的Vlan换成200,那么他们之间也是无法通信的,因为对于S1的f0/1,f0/2分别处于同一设备集中的不同Vlan,所以他们是无法通信的。
下面我们来讨论一下access和trunk的区别。Access只支持一种Vlan ID,他无法将两个独立的Vlan集合关联起来,而trunk支持多个Vlan ID,他可以将多个独立的Vlan集合关联起来,从而形成一个新的Vlan集合。而trunk是通过802.1Q打标签的方式标记来自不同Vlan的数据的。那么既然有了Trunk这个概念,我们为什么还有有Native Vlan这个概念呢?这是因为如果没有引入Native Vlan的概念,那个所有配置了trunk的端口将只支持打了标签的数据流,但并不是所有的设备都支持trunk Vlan的概念。即属于Native Vlan的数据流,不打标签也可以通过trunk链路,这就是Native Vlan的意义所配置,那么势必造成没有打trunk的数据流是无法通过trunk端口的。所以为了解决这一问题,引入了Native在。其他方面,Native Vlan依然遵守在同一个设备集中不同Vlan之间是无法通信的(在没有三层设备的情况下)这一大原则。
Native Vlan和Default Vlan的概念是基本一致的,大部分的交换机上,他们指的是一回事。对于Default Vlan,有些交换机是可以进行更改配置的,例如Foundry。而Cisco是无法配置Default Vlan的。Native Vlan一般都是可以配置的。 在设置trunk的接口上,使用switchport trunk native vlan ID 即可配置为本征vlan
下面是一个关于Native Vlan的解释。 Why Native VLAN exists on a Trunk? Basically, A Native VLAN carries untagged traffic on a trunk line. A trunk line allows mutiple VLAN traffic (tagged traffic). So Why Native VLAN exists on a trunk. Why Native VLAN was created? I'm pretty confused up with VLANs.
Hi Sandy,
With 802.1Q, a trunk link can tag frames between devices that understand the protocol. This allows for multiple VLANs to exist on a single topology. Because 802.1Q is defined as a type of Ethernet frame, it does not require that every device on a link speaks the 802.1Q protocol. Because Ethernet is a shared media and more than two device could be connected on this media, all devices on the link must still be capable of communicating even if they do not speak the 802.1Q protocol. For this reason, 802.1Q also defines a Native VLAN. A trunk port on a switch is defined to be in a Native VLAN, and the 802.1Q trunk will not tag frames that are going out the port that came in on any port that belongs to the same VLAN that is the Native VLAN on the switch. Any Ethernet device would be capable of reading frames for the Native VLANs. The Native VLAN is important on an 802.1Q trunk link. If both sides of the link do not agree on the Native VLAN, the trunk will not operate properly
A Native VLAN is nothing else than a default VLAN given that any port in a (CISCO) switch has to assigned to one VLAN.
By default all ports (access links) belong to VLAN 1 or native VLAN.
Hope that clears out your query !! Regards Ganesh.H
Hello Sandy,
native vlan is an 802.1Q concept: frames belonging to native vlan are sent untagged.
native vlan concept has been introduced as a way to provide backward compatibility to a device that doesn't support vlan tagging: if a switch port is configured to be a trunk unconditionally (regardless of what is connected to the port) without native vlan concept only NIC that support vlan tagging could be connected to the port.
Not all PC Network adapters support vlan tags so the authors of 802.1Q standard introduced 802.1Q to provide backward compatibility to allow a "dumb" device to connect to the network on single vlan = native vlan.
To be noted that Cisco ISL has no native vlan concept. 802.1Q is most used nowdays Hope to help Giuseppe |