What is the Native VLAN?

The Native VLAN is an often confused concept, though it needn’t be. This video will explain what the Native VLAN is and how it affects traffic on a wire.


An Access port (or “untagged port” in the non Cisco world) is a switch port which carries traffic for only one VLAN.

A Trunk port (or “tagged port” in the non Cisco world) is a switch port which carries traffic for multiple VLANs.

When frames traverse a Trunk port, a  VLAN tag is added to distinguish which frames belong to which VLANs. Access ports do not require a VLAN tag, since all incoming and outgoing frames belong to a single VLAN.

The Native VLAN is simply the one VLAN which traverses a Trunk port without a VLAN tag.

4.2 10 votes
Article Rating
Notify of
Newest Most Voted
Inline Feedbacks
View all comments

Very informative

Usually a switch port that is tagged is an Ip phone, a switch port that is untagged and caries data to a pc>

what am I missing here?

Dude, this material is absolutely top notch. Colour schemes, explanations!! Congratulations with the material. The ASA NAT article was awesome, full kudos for that.

Absolutely fantastic material with perfect diagram which makes readers eye catching. Worth reading always as expected from you guys. Keep it up

Hi Ed,

As always you do in your articles, it is clear and right to the point.

East or West, Ed Harmoush’s article is always best.

We all are excited for your next article. After going through your articles we don’t have to look for another to understand the concepts.

In short I would say “one stop for all networking concepts”.


One question; what does it mean when the command ‘encapsulation dot1q 1 native’ is used on a trunk port?
Does it mean tag the native vlan on this trunk? ; or
Assign vlan 1 as the native vlan on this trunk (untagged, of course)

I would assume the former, since by default vlan 1 is set the native vlan (on trunk ports)

Great work as always! Thank you.

super explanation of VLAN . Kudos to the author.

A great excellent networking learning website. I subscribe it in no time.
on the subject of VLAN, would you please present a html regarding
1st) how does management VLAN associate with remote access login(vty line)?..
2nd) any relationship/what difference between management vlan and native vlan?
or are they simply totally different subject , nothing related?

No doubt ,,, i have gone through no. of things on the internet minimum 700-800 … found this the best for clearing the actual thing what is happening inside the network.

Cannot view your full article even after subscribing…

Why looking elsewhere? Everything is said so clearly in this site.
Ed you remind me Keith Bogart……. I mean your explanation are as good as his.

This is kind of misleading. An access port is not carrying tagged traffic, it’s tagging ingress traffic and untagging egress traffic. A trunk port would be carrying tagged traffic and it would be used for one or more VLANs, anything that needs to be carried across a link to another switch.

I get you’re keeping it simple, but understanding tagging will help you understand stuff like QnQ and avoid doing dumb things like access to access port for switch-to-switch communications.

GODDAMMIT I HATE that Yarnstuffer asshole. How DARE YOU talk to Ed that way. Don’t listen to this son of a bitch, Ed, I got this.

You listen to me “Gord,” if that even is your real name. I’m comin’ for ya and there ain’t nothing your little packet pushin’ pussy can do about it.

Yeah, Frank? You stupid little son of a bitch. Meet me by the swings and I’ll strangle you with this CAT5 you stupid son of a bitch ILL; KIOLL YOU

The article is very nice, not just this I am reading every article and going through videos you have been creating and uploading. It is worth to read it. Thanks bro.

I am looking forward for VPN and IPV6 articles.

will the management traffic like cdp/lldp etc get tagged if we change the native vlan from 1 to any other value.

yeah that’s a nice feature, but what is the purpose of having a native vlan without tagging? For what use?