Have a question or want to start a discussion? Post it! No Registration Necessary. Now with pictures!
- Posted on
- router on a stick
Re: router on a stick
Just a heads up on the use, or non-use, of a native vlan from a updated
Cisco vlan security white paper ...
Read the section on "Double-Encapsulated 802.1Q/Nested VLAN Attack" ...
the IEEE committee that defined 802.1Q decided that because of backward
compatibility it was desirable to support the so-called native VLAN, that is
to say, a VLAN that is not associated explicitly to any tag on an 802.1Q
link. This VLAN is implicitly used for all the untagged traffic received on
an 802.1Q capable port.
This capability is desirable because it allows 802.1Q capable ports to talk
to old 802.3 ports directly by sending and receiving untagged traffic.
However, in all other cases, it may be very detrimental because packets
associated with the native VLAN lose their tags, for example, their identity
enforcement, as well as their Class of Service (802.1p bits) when
transmitted over an 802.1Q link.
For these sole reasons-loss of means of identification and loss of
classification-the use of the native VLAN should be avoided. ..... Protocols
like STP, DTP, and UDLD (check out ) should be the only rightful users of
the native VLAN and their traffic should be completely isolated from any
- » Smoke Detection in a large enclosed venue
- — The site's Newest Thread. Posted in » CCTV, Alarms and other Physical Security
- » CWA Report: Corporate Giveaways to Verizon Leave San Diegans Behind [telecom]
- — The site's Last Updated Thread. Posted in » General Telecommunications Forum