
In general, when creating [trunks](/switchport-trunk), it is considered [best practice](/vlan-native-vlan-best-practices) to create a native [VLAN](/vlan) on both ends of the trunk that will not be used anywhere else. 

Now when you apply this to a router on a stick scenario, the switch end of the configuration should use the same best practice. You should create the VLAN and assign it as the native VLAN on that interface. On the router end of the link, you have one of two choices:

Choice 1: Explicitly create a subinterface where the native VLAN will be configured. i.e.

`interface fastethernet 1/0/1.99 encapsulation dot1q 99 native`

You don’t even have to configure an IP address, and actually, you shouldn’t. Essentially what this does is if any frames are sent to this interface with no VLAN tag, they will be processed by this interface. This interface essentially goes nowhere, so any frames coming here would be dropped.

Choice 2: Don’t create a subinterface for the native VLAN. The physical interface will process any frames sent without a VLAN ID by default.

In this case, you don’t even have to specify the `encapsulation dot1q 99 native` command as all untagged traffic will go to this interface by default. Again, if you don’t configure an IP address the interface will go nowhere so any untagged frames that reach it will be dropped.

So in both cases, the native VLAN configs at both ends of such a link will match and will function correctly and safely.

Links:

https://forum.networklessons.com/t/native-vlan-subint/2375/4?u=lagapidis

https://networklessons.com/switching/802-1q-native-vlan-cisco-ios-switch

VLAN - Native VLAN on a router on a stick

Switchport trunk configuration ignores access commands

Switchport trunk encapsulation

Switchport trunk

Symmetric Digital Subscriber Line (SDSL)

Syslog - Logging buffered command

Syslog - logging discriminator

Syslog - terminal monitor

Syslog relay or proxy

Syslog severity levels

Syslog

TCP - Congestion control

TCP - Header

TCP - SEQ and ACK values

TCP - Slow start

TCP - Three-way handshake

TCP - Urgent pointer field

TCP - Window Size Scaling

TCP - factors affecting segment size

TCP - role of checksum field

TCP MSS and window size

TCP RST flag

TCP SYN timeout

TCP header options

TCP phantom byte

TCP-IP model

TFTP

Tcl Shell

Telnet

Time to live

Traceroute - Interpreting output

Traceroute asterisk and !H responses

Traceroute

Transparent Cisco IOS Firewall use cases

Transport Layer port number

Troubleshooting - using Telnet to test transport layer ports

Troubleshooting a slow network

Troubleshooting high CPU and memory usage on a switch

UDP - Header

UDP - Maximum Datagram Size

Unicast Reverse Path Forwarding (uRPF)

Unicast traffic

Unknown unicast traffic

Upgrade your R&S skills to modern networking

VACL - Changes to ACL are active immediately

VACL - use cases

VLAN - Extended Range

VLAN - Native VLAN best practices

VLAN - Private VLAN

VLAN - QinQ troubleshooting

VLAN - Trunk interfaces don't appear in `show vlan` output

VLAN - VLAN IDs 0 and 4095

VLAN Access Lists

VLAN Mapping

VLAN SVI status

VLAN Tag

VLAN control frames

VLAN

VLANs - 802.1Q tunneling (QinQ)

VLANs - Dynamic VLAN membership (VMPS)

VLANs - QinQ and CDP

VLANs - Vlans allowed and active in management domain

VLANs - when a tagged frame arrives on an access port

VLANs SVI

VPN - IKEv2 peer address of 0.0.0.0 0.0.0.0

VPN - Interesting Traffic

VPN - NAT Exemption

VPN - crypto keepalive

VPN - default gateway for site to site VPN

VPN - default gateway of VPN client

VPN - split tunneling

VPN DVTI tunnel source

VRF - Definition mode

VRF - VPNv4 address

VRF capability vrf-lite command

VRF lite route leaking

VRF sharing across multiple routers

VRF use cases

VRRP - Virtual IP doesn't respond to pings

VRRP - load balancing

VRRP - support for authentication

VRRP - using the same ID on different interfaces

VRRP - using the same ID on subinterfaces

VRRP on sub-interfaces

VTP - Client can't modify VLANs

VTP - Multiple Servers with VTP version 2

VTP - Per interface configuration

VTP - Revision Numbers on transparent switch

VTP - Versions

VTP - domain name automatically changes

VTP - employing in an emulator

VTP - protecting switches from lower revision numbers

VTP Advertisements

VTP configuration checklist

VTP filtering shared VLANs

VTP how to disable the VLAN trunking protocol