switchport trunk native vlan [id]
Configures the native VLAN for an 802.1Q trunk interface, specifying which VLAN's frames are sent untagged on the trunk.
switchport trunk native vlan [id]When to Use This Command
- Setting the native VLAN to a non-default VLAN (e.g., VLAN 99) for management traffic to avoid VLAN 1 security risks.
- Aligning native VLANs on both ends of a trunk to prevent VLAN mismatch errors and ensure proper communication.
- Configuring a trunk port to carry untagged traffic for a specific VLAN, such as VoIP or legacy devices that do not support tagging.
- Changing the native VLAN during network migration to match a new VLAN design without disrupting existing trunk links.
Command Examples
Set native VLAN to 99 on trunk interface
Switch(config-if)# switchport trunk native vlan 99This command sets the native VLAN to 99 on the current trunk interface. No output is displayed upon successful configuration.
Verify native VLAN configuration
Switch# show interfaces trunkPort Mode Encapsulation Status Native vlan Gi0/1 on 802.1q trunking 99 Port Vlans allowed on trunk Gi0/1 1-1005 Port Vlans allowed and active in management domain Gi0/1 1,10,20,99 Port Vlans in spanning tree forwarding state and not pruned Gi0/1 1,10,20,99
The 'show interfaces trunk' output displays trunk details. The 'Native vlan' column shows the configured native VLAN (99). The allowed VLAN list includes VLAN 99. Ensure the native VLAN matches on both ends of the trunk.
Understanding the Output
The command itself produces no output. To verify, use 'show interfaces trunk'. The 'Native vlan' column indicates the VLAN that is untagged on the trunk. A mismatch between ends causes the port to be err-disabled or connectivity issues. The allowed VLAN list should include the native VLAN. The spanning tree forwarding state shows which VLANs are active. A good configuration has matching native VLANs on both sides and the native VLAN included in the allowed list.
CCNA Exam Tips
CCNA exam tip: The native VLAN must match on both ends of a trunk; otherwise, the trunk may not form or may cause VLAN hopping.
CCNA exam tip: By default, VLAN 1 is the native VLAN; changing it is a security best practice.
CCNA exam tip: The 'switchport trunk native vlan' command is only valid on trunk ports; it will be rejected on access ports.
CCNA exam tip: On some switches, the native VLAN must also be allowed on the trunk; use 'switchport trunk allowed vlan add' if needed.
Common Mistakes
Mistake 1: Setting the native VLAN to a VLAN that is not allowed on the trunk, causing untagged traffic to be dropped.
Mistake 2: Forgetting to configure the same native VLAN on the other end of the trunk, leading to a native VLAN mismatch error.
Mistake 3: Using this command on an access port; it only works on trunk ports.
Related Commands
show interfaces trunk
Displays trunk interface status, allowed VLANs, and pruning information for all trunk ports on a Cisco switch, used to verify trunking configuration and VLAN membership.
switchport mode trunk
Configures a switch interface as a trunk port, allowing multiple VLANs to traverse the link using IEEE 802.1Q tagging.
switchport trunk allowed vlan [list]
Restricts the VLANs that are allowed to traverse a trunk link on a Cisco switch, used to control which VLAN traffic is permitted on the trunk.
Practice for the CCNA 200-301
Test your knowledge with hundreds of CCNA practice questions covering all exam domains.
Practice CCNA Questions