router on a stick - Page 2

Have a question or want to start a discussion? Post it! No Registration Necessary.  Now with pictures!

Threaded View
Re: router on a stick
Quoted text here. Click to load it

Many thanks guys- I find with the CCNA course you learn something
useful and new every day !


Re: router on a stick

Quoted text here. Click to load it

Just a heads up on the use, or non-use, of a native vlan from a updated
Cisco vlan security white paper ...

http://www.cisco.com/en/US/products/hw/switches/ps708/products_white_paper09186a008013159f.shtml

Read the section on "Double-Encapsulated 802.1Q/Nested VLAN Attack" ...


the IEEE committee that defined 802.1Q decided that because of backward
compatibility it was desirable to support the so-called native VLAN, that is
to say, a VLAN that is not associated explicitly to any tag on an 802.1Q
link. This VLAN is implicitly used for all the untagged traffic received on
an 802.1Q capable port.

This capability is desirable because it allows 802.1Q capable ports to talk
to old 802.3 ports directly by sending and receiving untagged traffic.
However, in all other cases, it may be very detrimental because packets
associated with the native VLAN lose their tags, for example, their identity
enforcement, as well as their Class of Service (802.1p bits) when
transmitted over an 802.1Q link.

For these sole reasons-loss of means of identification and loss of
classification-the use of the native VLAN should be avoided. ..... Protocols
like STP, DTP, and UDLD (check out [3]) should be the only rightful users of
the native VLAN and their traffic should be completely isolated from any
data packets.

BernieM



Site Timeline