Typically, you configure 802.1Q trunks with a native VLAN ID, which strips tagging from all packets on that VLAN and allows all untagged traffic and control traffic to transit the switch. Packets that enter the switch with 802.1Q tags that match the native VLAN ID value are similarly stripped of tagging. If you choose to maintain the tagging on the native VLAN and drop untagged traffic, enter the vlan dot1q tag native command.
Use the vlan dot1q tag native command to configure the switch to tag the traffic received on the native VLAN and to admit only the 802.1Q-tagged frame, dropping any untagged traffic, including untagged traffic in the native VLAN. Control traffic continues to be accepted untagged on the native VLAN on a trunked port, when the vlan dot1q tag native command is enabled.
If you enable 802.1Q tagging on one switch and disable it on another switch, all traffic is dropped; you must identically configure 802.1Q tagging on each switch.
To exclude untagged control traffic but include tagged data traffic, use the vlan dot1q tag native exclude control command.
The no vlan dot1q tag native exclude control command specifies that both control and data traffic will egress the trunk port as untagged.
The vlan dot1q tag native command applies only to trunk ports.
This command does not require a license.
This example shows how to enable dot1q tagging for all VLANs on all trunk ports on the switch:
switch(config)# vlan dot1q tag native
This example shows how to exclude untagged control traffic, but include tagged data traffic for all VLANs on all trunk ports on the switch:
switch(config)# vlan dot1q tag native exclude control