If the native vlan is changed, is it a good security measure to remove it from the allowed list of vlans on a trunked port?
-
Solved native vlan security
-
Short answer, yes.
Best practice is no traffic should ever be carried on the native VLAN. Also the native VLAN should not be 1. There really isn't a reason to use the Native VLAN because every frame in your network should be accounted for and tagged. The Native VLAN is used to tag untagged traffic crossing a trunk link.
So you see, if you are already tagging all traffic that comes in through access ports, your traffic should never be untagged in the first place. And because it's trivial to VLAN hop onto the Native VLAN it should never be used for legitimate traffic.
-
@Will-McNair said in native vlan security:
If the native vlan is changed, is it a good security measure to remove it from the allowed list of vlans on a trunked port?
As Daniel said, for security sake, yes. He gave good reason to do so!
Cordially,
Ronnie Wong
Edutainer Manager, ITProTV*if the post above has answered the question, please mark as solved.
**All "answers" and responses are offered "as is" and my opinion. There is no implied service, support, or guarantee by ITProTV.