@uplink PVST+ and RPVST+ which are cisco and can be tagged..
A native vlan is any untagged vlan, not just vlan 1.
From one of the cert exam books for cisco
"Although maintenance protocols such as Cisco Discovery Protocol (CDP), Port Aggregation Protocol (PAgP), and Dynamic Trunking Protocol (DTP) normally are carried over the native VLAN of a trunk, they will not be affected if the native VLAN is removed or manually pruned from the trunk. They still will be sent and received on the native VLAN as a special case even if the native VLAN ID is not in the list of allowed VLANs."
Any untagged frame is native.. If you want to take something away from that it should be this.
" It is generally the best practice to keep that internal traffic isolated from data traffic."
So put your switches and AP management on a vlan not used for normal user traffic.. This is sometimes called an infrastructure vlan. But then again you have to work with the functionality of your infrastructure devices.. But even if your devices have to be managed with untagged - you don't have to use that vlan for user traffic.. So yes it best to isolate management of your network from user traffic ;)
But here is the thing - you can not really disable untagged traffic like that from being sent, you can keep it from being passed on, etc.. Here I have a dummy vlan 10, the vlan is disabled - it doesn't go anywhere.. I set the native vlan, because you can not really remove it from a port, cisco doesn't let you.. If you remove native vlan from a trunk in cisco it will just send it out what default vlan you have set on the switch.. which will be "untagged"
that is sniff on pfsense on a port connected to switch interface that is in trunk, where native is set to a disabled vlan, notice still see stp and cdp traffic on this port..
If your worried about someone plugging into a port, again the best thing to do is disable and put into a vlan not using, like my vlan 10, But if the port is active and you have cdp or stp enabled - there will be that traffic on that port untagged..
Your causing yourself added config and and work for no real good reason.. And again any port connected to a device is going to be native, ie untagged in some vlan be it the default vlan 1, or some other vlan you put that port in. Even if you told all your devices to do tags, iot devices, printers etc are unlikely to be able to do that, etc. And even if you setup a port to only be tagged, info like stp and cdp is still going to go out that port..
depending on your switch, you may be able to disable stp on specific ports, or stuff like cdp or lldp (non cisco kind of cdp).. But most lower end smart switches are not going to be able to do that, etc.