Native VLANs and untagged frames

Switchport access

Switchport trunk


When an untagged frame enters a [trunk](/switchport-trunk) port, that frame is placed on the configured [native VLAN](/native-vlans-and-untagged-frames).  By definition, an [access](/switchport-access) port is assigned a single [VLAN](/vlan) and it is expecting to receive only untagged frames.

But what happens if a tagged frame arrives on an access port?  How does the switch handle such a situation?

On [Nexus](/nexus) devices, if an access port receives a packet with a VLAN tag containing a VLAN ID **which is the same as that assigned to the access port**, the frame will be accepted, and the tag will be stripped.  If the VLAN ID is not the same as that assigned to the access port, the packet is dropped without learning its source [MAC address](/mac-address).

On older IOS devices such as the 2950 and 3550, the same behavior is observed.

On newer devices, starting with the 2960 for example, a switchport will not accept any tagged frames.  All tagged frames, **even those on the actual assigned VLAN**, are dropped unconditionally.

The only exceptions to this rule are:

- The use of [voice VLAN](/cisco-switch-port-configuration-for-ip-phone)
- The configuration of [Q-in-Q tunneling](/vlans-8021q-tunneling-qinq)

Ultimately, the behavior of an access port in such a situation may be slightly different on different platforms, IOS/NX-OS version, and also on different vendors' equipment.


VLANs - when a tagged frame arrives on an access port

Tcl Shell

Telnet

Time to live

Time-based Access List (ACL) on Cisco IOS XR

ToS bits 6 and 7 are Reserved

Token Bucket Burst Behavior in Traffic Shaping

Token Bucket Size Configuration in Traffic Policing

Traceroute - Interpreting output

Traceroute asterisk and !H responses

Traditional Layer 2 Issues in VXLAN Networks

Traffic Shaping and Manually Configuring Bc Values

Traffic Shaping and Queuing with ISP Contracts

Traffic Shaping using Percentage

Transparent Cisco IOS Firewall use cases

Transport Layer port number

Troubleshooting - using Telnet to test transport layer ports

Troubleshooting Route Flapping on Cisco IOS

Troubleshooting a slow network

Troubleshooting high CPU and memory usage on a switch

Type Length Value (TLV)

UDP - Header

UDP - Maximum Datagram Size

UDP Use Cases

UDP's Connectionless Nature

Unicast Reverse Path Forwarding (uRPF)

Unicast traffic

Unidirectional Data Flow Over an IPsec VPN

Unknown unicast traffic

Upgrade your R&S skills to modern networking

UplinkFast Dummy Multicast Frames Behavior During Link Recovery

VACL - use cases

VACL Changes to ACL are active immediately

VACL vs ACL

VLAN - Extended Range

VLAN - Native VLAN on a router on a stick

VLAN - Private VLAN

VLAN - QinQ troubleshooting

VLAN - VLAN IDs 0 and 4095

VLAN Mapping

VLAN SVI status

VLAN Tag

VLAN Trunk interfaces missing in show vlan output

VLAN control frames

VLAN

VLANs - 802.1Q tunneling (QinQ)

VLANs - Dynamic VLAN membership (VMPS)

VLANs - QinQ and CDP

VLANs - Vlans allowed and active in management domain

VLANs SVI

VMware Configuration Maximums

VMware vSwitch Port Groups and VLAN Configuration

VPN - IKEv2 peer address of 0.0.0.0 0.0.0.0

VPN - Interesting Traffic

VPN - NAT Exemption

VPN - crypto keepalive

VPN - default gateway for site to site VPN

VPN - default gateway of VPN client

VPN - split tunneling

VPN DVTI tunnel source

VRF - Definition mode

VRF - VPNv4 address

VRF Communication and Route Target Configuration

VRF and L2TPv3 Configuration and Interaction

VRF capability vrf-lite command

VRF sharing across multiple routers

VRF use cases

VRRP - Virtual IP doesn't respond to pings

VRRP - load balancing

VRRP - support for authentication

VRRP - using the same ID on different interfaces

VRRP - using the same ID on subinterfaces

VRRP and sub-optimal routing

VRRP on sub-interfaces

VTP - Client can't modify VLANs

VTP - Code Field

VTP - Multiple Servers with VTP version 2

VTP - Per interface configuration

VTP - Pruning the Extended VLAN ID Range

VTP - Revision Numbers on transparent switch

VTP - Versions

VTP - domain name automatically changes

VTP - protecting switches from lower revision numbers

VTP Advertisements

VTP Support in Emulators

VTP configuration checklist

VTP filtering shared VLANs

VTP how to disable the VLAN trunking protocol

VTP operation over trunks

VTP primary server

VTP revision number maximum

VTP revision number reset

VTP revision number

VXLAN - Control Plane Options

VXLAN - MP-BGP EVPN and Multicast

VXLAN - Use Cases

VLANs - when a tagged frame arrives on an access port

Links to this page: