Changing or Modifying the Trunk Native VLAN
Cisco doesn’t recommend that you change the trunk port native VLAN from VLAN 1, but you
can, and some people do it for security reasons. To change the native VLAN, use the command
in Table 6.8:
Because nontagged traffic is considered a security threat, the recommended configuration
for the native VLAN is a parked VLAN. A parked VLAN is a real VLAN that exists in the
VLAN database but is not used to carry any enterprise data. This means you create the VLAN
and assign no ports or data to it. This way, if there is any untagged data, it will be placed in
this parked VLAN and go nowhere, causing no harm.
S1#config t
S1(config)#int f0/1
S1(config-if)#switchport trunk ?
allowed Set allowed VLAN characteristics when interface is
in trunking mode
native Set trunking native characteristics when interface
is in trunking mode
pruning Set pruning VLAN characteristics when interface is
in trunking mode
S1(config-if)#switchport trunk native ?
vlan Set native VLAN when interface is in trunking mode
TABLE 6 . 8 Changing the native VLAN
Command Meaning
switchport trunk native Allows the configuration of the native VLAN on a trunk link. The
native VLAN is important for the proper operation of 802.1q
encapsulation because it specifies what VLAN will carry any
traffic that is not tagged.
S1(config-if)#switchport trunk native vlan ?
<1-4094> VLAN ID of the native VLAN when this port is in
trunking mode
S1(config-if)#switchport trunk native vlan 40
S1(config-if)#^Z