I was confused by this word for a while since I didn't play with switches for a few months.
But now I found it :
Note: On an 802.1Q trunk, one VLAN is NOT tagged. This VLAN, named the native VLAN, must be configured the same on each side of the trunk. In this way, you can deduce to which VLAN a frame belongs when you receive a frame with no tag.
http://www.cisco.com/en/US/products/hw/switches/ps700/products_tech_note09186a008012ecf3.shtml#basic_char
So that means if you use switch to connect firewall and core network by trunking them, the better way is to use an unused VLAN and make it as the native vlan. Then the untagged traffic (might be an attacker) won't bypass the firewall via trunk link.
No comments:
Post a Comment