When configuring an 802.1Q trunk, a matching, native VLAN must be defined on
each end of the trunk link. A trunk link is inherently associated with tagging
each frame with a VLAN ID. The purpose of the native VLAN is to allow frames
not tagged with a VLAN ID to traverse the trunk link. An 802.1Q Native VLAN is
defined as one of the following:

- The VLAN that a port is associated with when not in trunking operational
mode
- The VLAN that is associated with untagged frames that are received on a
switch port.
- The VLAN to which Layer 2 frames will be forwarded if received untagged on
an 802.1Q trunk port
Compare this to ISL, where no frame may be transported on the trunk
link without encapsulation and any frames received on a trunk port that are
un-encapsulated are immediately dropped.
Each physical port has a
parameter called a Port VLAN identifier (PVID). Every 802.1Q port is assigned a
PVID value equal to the native VLAN ID (VID). When a port receives a tagged
frame that is to traverse the trunk link, the tag is respected. For all
untagged frames the PVID is considered the tag. This allows the frames to
traverse devices that may be unable to read VLAN tag information.
Native
VLANs have the following attributes:
- A trunk port will support only one native, active VLAN per operational
mode. The modes are Access and Trunk.
- By default on Catalyst switches, all switch ports and native VLANs for
802.1Q are assigned to VLAN1.
- The 802.1Q trunk ports connected to each other via physical or logical
segments must all have the same native VLAN configured to operate correctly.
- If the native VLAN is misconfigured for trunk ports on the same trunk link,
Layer 2 loops can occur due to diverting STP BPDUs from their correct
VLAN.
Example: Native VLAN Implementation; Two End Devices on the Same
Switch Port
A standard place where the Native VLAN of 802.1Q might be
used is when a single switch port supports traffic to an IP Phone that then
provides a connection to a PC. The port must be configured as 802.1Q so that
the Layer 2 header allows the QoS marking to populate the priority (PRI) bits
for the telephony traffic. A standard Ethernet packet provides no field for
this marking.
The traffic arriving on the switch port from the IP phone
will be tagged with VLAN information. The PC traffic arriving on the same
switch port will not be tagged. The VLAN ID for the telephony traffic arriving
on the 802.1Q trunk port will be respected. The PC traffic arriving with no tag
will traverse the Native VLAN.
About Issues with 802.1Q Native
VLANs
The following issues need to be considered when configuring the
native VLAN on an 802.1Q trunk link:

- The native VLAN interface configurations must match at both ends of the
link or the trunk may not form.
- By default, the native VLAN will be VLAN1. For the purpose of security, the
native VLAN on a trunk should be set to a specific VLAN ID that is not used for
normal operations elsewhere on the network.
- If there is a native VLAN mismatch on an 802.1Q link, CDP, if used and
functioning, will issue a "VLAN mismatch" error.
- On select versions of Cisco IOS software, CDP may not be transmitted or
will be automatically turned off if VLAN1 is disabled on the trunk.
- If there is a native VLAN mismatch on either side of an 802.1Q link, Layer
2 loops may occur.
- When troubleshooting VLANs, note that a link can have one native VLAN
association when in access mode, and another native VLAN association when in
trunk mode.