02-27-2019 10:53 AM
I am always a creature of habit with my trunk ports having a different native vlan than "vlan 1". Does a native work with PA? if I set my trunk to the PA as native vlan 999 is there a need or method to set same native vlan on the PA? Is there even a need to do this? What mgmt traffic would pass from switch to PA over a native vlan if any?
02-27-2019 11:16 AM
Hello,
This article basically says that PAN does not do native vlans.
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClE2CAK
I used to use them, but I dont anymore. Only tagged traffic passed via the trunk.
Hope that helps.
02-27-2019 05:15 PM
So this depends a little bit on your configuration on your switch. By default, the switch actually won't tag the native vlan at all, and a trunk port with a set native VLAN will assign all untagged frames to that VLAN. However, with the command 'vlan dot1q tag native' you can essentially override that behavior so that even the native vlan will tag the frames on the trunk port.
The PA has no understanding a "native vlan" because outside of Cisco that doesn't really mean anything. The traffic either has tagged frames or it doesn't. Unless you have the configuration statement 'vlan dot1q tag native' in your configuration, the native VLAN on your trunk port is simply untagged traffic.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
