Default/native vlan- voip data question- cisco sf300

hi everybody,
I have to set up voip and data vlans on cisco sf 300-24P. I will set up phones over LLDP and
on the same port (on switch) I will have untagged vlan 10 for data, so PC will be connected
through IP phones on network.
So what confuses me that on SF 300 under VLAN mgmt--> Default VLAN settings you got
options to change default VLAN id (which is of course VLAN1) which will be active after reboot.
How come that you can change default vlan? Isnt that default vlan is always vlan 1 and you can
change native vlan to be something else- let say vlan 10 which will be untagged vlan for data?
So what is best practise- should I just leave default vlan 1 and use it for data also or I sholud
change it to let say VLAN 10 to be native and use it for data.
And what will be with default VLAN 1 if I change it with above mentioned procedure?
Thx!

Hi,
Best Practice is to leave Vlan 1 for management purposes only. Create yourself a DATA and VOICE vlan. Usually Management vlan does not have DHCP enabled and have to static assigned pc within your management vlan for access. I would say that it really depends on how the rest of your network is configured depending on configuration of switch now. Unless this is a clean install. 
Hope this helps,
Jasbryan

Similar Messages

  • Changing Default Native VLAN

    Hi,
         We are using CISCO 3750-G Switch as Core Switch. VLAN1 is being our Native VLAN since the implementation.
    This switch is connected with 10 numbers of CISCO 2960 Switches by trunking ports. IP addresses assigned for L2 Switches from VLAN1 only.
    Now I want to change the Default Native VLAN from 1 to some other.
    My query is is there any pre-requesties to change Native VLAN or Can I change to Native VLAN ID simply?
    Looking forward support.
    Regards,
    Ramesh Balachandran

    HI Ramesh,
    Native VLAN will come into picture if you use trunks in your switches. Procedure to change the native VLAN.
    1) conf ter
        interface
        switchport trunk native vlan
    CAUTION: If you are chaning the native VLAN only one end the spanning-tree for the orginal native vlan and the changed native vlan will go into inconsistency state and will be blocked.
    In the below example on the local end(Native VLAN chosen is 2 and the remote end is 1)
    3750#sh spanning-tree int gi1/8
    Vlan                Role Sts Cost      Prio.Nbr Type
    VLAN0001            Desg BKN*4         128.8    P2p *PVID_Inc
    VLAN0002            Desg BKN*4         128.8    P2p *PVID_Inc
    Thanks & Regards,
    Karthick Murugan
    CCIE#39285

  • Native VLAN on Cisco Switches

    I have a question regarding the default native  vlan, I have a cisco based environment and I set vlan XXX on a native on  trunk links, I also running Multiple Spanning Tree on my switches &  create instances for vlan segregation.
    My question is here could I put vlan 1 (default) in any of instance or not?
    Thanks & Regards,

    With MST, it is not running per VLAN spanning tree, it sends all BPDUs via instance 0 which is called the CIST. These frames are sent untagged via the native VLAN. Normally this is VLAN 1 but if you change it to another VLAN then the BPDUs are sent untagged on that native VLAN.
    Regarding if to use instance 0 or not, it is often recommended to create as many instances as you need to create the desired topology (usually two) and put your VLANs in those instances. It's a good pratice to map all your VLANs straight away because changing the instance to VLAN mapping makes the MST region become multi region until they all have the same instance to VLAN mapping.
    I would keep all VLANs out of instance 0 but it's definitely possible to have VLANs mapped in instance 0 as well.
    Daniel Dib
    CCIE #37149
    Please rate helpful posts.

  • Various questions on uplink profiles, CoS, native VLAN, downlink trunking

    I will be using vPC End Host Mode with MAC-pinning. I see I can further configure MAC-Pinning. Is this required or will it automatically forward packets by just turning it on? Is it also best not to enable failover for the vnics in this configuration? See this text from the Cisco 1000V deployment Guide:
    Fabric Fail-Over Mode
    Within the Cisco UCS M71KR-E, M71KR-Q and M81KR adapter types, the Cisco Unified Computing System can
    enable a fabric failover capability in which loss of connectivity on a path in use will cause remapping of traffic
    through a redundant path within the Cisco Unified Computing System. It is recommended to allow the Cisco Nexus
    1000V redundancy mechanism to provide the redundancy and not to enable fabric fail-over when creating the
    network interfaces within the UCS Service Profiles. Figure 3 shows the dialog box. Make sure the Enable Failover
    checkbox is not checked."
    What is the 1000V redundancy?? I didn't know it has redundancy. Is it the MAC-Pinning set up in the 1000V? Is it Network State Tracking?
    The 1000V has redundancy and we can even pin VLANs to whatever vNIC we want. See Cisco's Best Practices for Nexus 1000V and UCS.
    Nexus1000V management VLAN. Can I use the same VLAN for this and for ESX-management and for Switch management? E.g VLan 3 for everything.
    According to the below text (1000V Deployment Guide), I can have them all in the same vlan:
    There are no best practices that specify whether the VSM
    and the VMware ESX management interface should be on the same VLAN. If the management VLAN for
    network devices is a different VLAN than that used for server management, the VSM management
    interface should be on the management VLAN used for the network devices. Otherwise, the VSM and the
    VMware ESX management interfaces should share the same VLAN.
    I will also be using CoS and Qos to prioritize the traffic. The CoS can either be set in the 1000V (Host control Full) or per virtual adapter (Host control none) in UCS. Since I don't know how to configure CoS on the 1000V, I wonder if I can just set it in UCS (per adapter) as before when using the 1000V, ie. we have 2 choices.
    Yes, you can still manage CoS using QoS on the vnics when using 1000V:
    The recommended action in the Cisco Nexus 1000V Series is to assign a class of service (CoS) of 6 to the VMware service console and VMkernel flows and to honor these QoS markings on the data center switch to which the Cisco UCS 6100 Series Fabric Interconnect connects. Marking of QoS values can be performed on the Cisco Nexus 1000V Series Switch in all cases, or it can be performed on a per-VIF basis on the Cisco UCS M81KR or P81E within the Cisco Unified Computing System with or without the Cisco Nexus 1000V Series Switch.
    Something else: Native VLANs
    Is it important to have the same native VLAN on the UCS and the Cisco switch? And not to use the default native VLAN 1?   I read somewhere that the native VLAN is used for communication between the switches and CDP amongst others. I know the native VLAN is for all untagged traffic. I see many people set the ESXi management VLAN as native also, and in the above article the native VLAN (default 1) is setup. Why? I have been advised to leave out the native VLAN.
    Example:Will I be able to access a VM set with VLAN 0 (native) if the native VLAN is the same in UCS and the Cisco switch (Eg. VLAN 2)? Can I just configure a access port with the same VLAN ID as the native VLAN, i.e 2 and connect to it with a PC using the same IP network address?
    And is it important to trunk this native VLAN? I see in a Netapp Flexpod config they state this: "This configuration also leverages the native VLAN on the trunk ports to discard untagged packets, by setting the native VLAN on the port channel, but not including this VLAN in the allowed VLANs on the port channel". But I don't understand it...
    What about the downlinks from the FI to the chassis. Do you configure this as a port channel also in UCS? Or is this not possible with the setup described here with 1000V and MAC-pinning.
    No, port channel should not be configured when MAC-pinning is configured.
    [Robert] The VSM doesn't participate in STP so it will never send BPDU's.  However, since VMs can act like bridges & routers these days, we advise to add two commands to your upstream VEM uplinks - PortFast and BPDUFilter.  PortFast so the interface is FWD faster (since there's no STP on the VSM anyway) and BPDUFilter to ignore any received BPDU's from VMs.  I prefer to ignore them then using BPDU Gaurd - which will shutdown the interface if BPDU's are received.
    -Are you thinking of the upstream switch here (Nexus, Catalyst) or the N1kV uplink profile config?
    Edit: 26 July 14:23. Found answers to many of my many questions...

    Answers inline.
    Atle Dale wrote:
    Something else: Native VLANsIs it important to have the same native VLAN on the UCS and the Cisco switch? And not to use the default native VLAN 1?   I read somewhere that the native VLAN is used for communication between the switches and CDP amongst others. I know the native VLAN is for all untagged traffic. I see many people set the ESXi management VLAN as native also, and in the above article the native VLAN (default 1) is setup. Why? I have been advised to leave out the native VLAN.[Robert] The native VLAN is assigned per hop.  This means between the 1000v Uplinks port profile and your UCS vNIC definition, the native VLAN should be the same.  If you're not using a native VLAN, the "default" VLAN will be used for control traffic communication.  The native VLAN and default VLAN are not necessarily the same.  Native refers to VLAN traffic without an 802.1q header and can be assigned or not.  A default VLAN is mandatory.  This happens to start as VLAN 1 in UCS but can be changed. The default VLAN will be used for control traffic communication.  If you look at any switch (including the 1000v or Fabric Interconnects) and do a "show int trunk" from the NXOS CLI, you'll see there's always one VLAN allowed on every interface (by default VLAN 1) - This is your default VLAN.Example:Will I be able to access a VM set with VLAN 0 (native) if the native VLAN is the same in UCS and the Cisco switch (Eg. VLAN 2)? Can I just configure a access port with the same VLAN ID as the native VLAN, i.e 2 and connect to it with a PC using the same IP network address?[Robert] There's no VLAN 0.  An access port doesn't use a native VLAN - as its assigned to only to a single VLAN.  A trunk on the other hand carries multiple VLANs and can have a native vlan assigned.  Remember your native vlan usage must be matched between each hop.  Most network admins setup the native vlan to be the same throughout their network for simplicity.  In your example, you wouldn't set your VM's port profile to be in VLAN 0 (doens't exist), but rather VLAN 2 as an access port.  If VLAN 2 also happens to be your Native VLAN northbound of UCS, then you would configured VLAN 2 as the Native VLAN on your UCS ethernet uplinks.  On switch northbound of the UCS Interconnects you'll want to ensure on the receiving trunk interface VLAN 2 is set as the native vlan also.  Summary:1000v - VM vEthernet port profile set as access port VLAN 21000v - Ethernet Uplink Port profile set as trunk with Native VLAN 2UCS - vNIC in Service Profile allowing all required VLANs, and VLAN 2 set as NativeUCS - Uplink Interface(s) or Port Channel set as trunk with VLAN 2 as Native VLANUpstream Switch from UCS - Set as trunk interface with Native VLAN 2From this example, your VM will be reachable on VLAN 2 from any device - assuming you have L3/routing configured correctly also.And is it important to trunk this native VLAN? I see in a Netapp Flexpod config they state this: "This configuration also leverages the native VLAN on the trunk ports to discard untagged packets, by setting the native VLAN on the port channel, but not including this VLAN in the allowed VLANs on the port channel". But I don't understand it...[Robert] This statement recommends "not" to use a native VLAN.  This is a practice by some people.  Rather than using a native VLAN throughout their network, they tag everything.  This doesn't change the operation or reachability of any VLAN or device - it's simply a design descision.  The reason some people opt not to use a native VLAN is that almost all switches use VLAN 1 as the native by default.  So if you're using the native VLAN 1 for management access to all your devices, and someone connects in (without your knowing) another switch and simply plug into it - they'd land on the same VLAN as your management devices and potentially do harm.What about the downlinks from the FI to the chassis. Do you configure this as a port channel also in UCS? Or is this not possible with the setup descrived here with 1000V and MAC-pinning.[Robert] On the first generation hardware (6100 FI and 2104 IOM) port channeling is not possible.  With the latest HW (6200 and 2200) you can create port channels with all the IOM - FI server links.  This is not configurable.  You either tell the system to use Port Channel or Individual Links.  The major bonus of using a Port Channel is losing a link doesn't impact any pinned interfaces - as it would with individual server interfaces.  To fix a failed link when configured as "Individual" you must re-ack the Chassis to re-pinn the virtual interfaces to the remaining server uplinks.  In regards to 1000v uplinks - the only supported port channeling method is "Mac Pinning".  This is because you can't port channel physical interfaces going to separate Fabrics (one to A and one to B).  Mac Pinning gets around this by using pinning so all uplinks can be utilized at the same time.--[Robert] The VSM doesn't participate in STP so it will never send BPDU's.  However, since VMs can act like bridges & routers these days, we advise to add two commands to your upstream VEM uplinks - PortFast and BPDUFilter.  PortFast so the interface is FWD faster (since there's no STP on the VSM anyway) and BPDUFilter to ignore any received BPDU's from VMs.  I prefer to ignore them then using BPDU Gaurd - which will shutdown the interface if BPDU's are received.-Are you thinking of the upstream switch here (Nexus, Catalyst) or the N1kV uplink profile config?[Robert] The two STP commands would be used only when the VEM (ESX host) is directly connected to an upstream switch.  For UCS these two commands to NOT apply.

  • Switchport trunk native vlan question...

    What am I missing in regards to the following two lines assigned to a sw interface:
    switchport trunk native vlan 80
    switchport mode trunk
    Why assign a VLAN to the port when your trunking it (meaning you allowing all VLANs to pass)?
    Thank you.

    By default native VLAN is VLAN 1, but can be changed to any No. on the trunk port by command "switchport trunk native vlan #". This will make a new vlan# as native & allow all pkts from this vlan to pass thru trunk untagged.
    Native VLANs are used to carry CDP, PAgP & VTP messages. Thus the Frames on native VLAN are untagged. For these messages to propagate between devices, native VLANS must match on both sides of the trunk. In case of native VLAN mismatch on bothsides of the trunk, STP will put the trunk port in err-disabled state.

  • 1410 native vlan Change

    I need to use vlans in a 1410 bridge environment an i need to change the default native vlan too. The question is: what happens to the BVI1 interface, since this one is associated with the native vlan?; is it automatically associated with the new native vlan?, will i need to create a new interface?, what about the connectivity? (this radio does not have a console port). I wolud like to make all changes via CLI.

    You can configure multiple VLANs on the Wireless bridge using the GUI, you do not need CLI or console access to configure VLANs. Here is a good document which explains how to configure VLANs on Bridges.
    http://www.cisco.com/en/US/products/hw/wireless/ps4570/products_configuration_example09186a00801d0815.shtml#vlanbr

  • Changing native vlan

    Is there a good reason to change the default native vlan 1 between two 802.1Q trunks? And is there a rule regarding best practices? thanks.

    With 802.1q trunking, the only significance of the native vlan is the fact that it is not tagged. Most administrators default to vlan 1, but others vary.
    It's discussed in the best practices document, but there's no specific best practice for Native Vlan, as changing it does not have any bearing on network performance or stability. It does talk about the significance of Vlan 1, which may be of interest.
    http://www.cisco.com/en/US/customer/products/hw/switches/ps663/products_tech_note09186a0080094713.shtml
    HTH,
    Bobby

  • Native VLAN 1

    I'm in the process of setting up UCS.  The default native vlan has a vlan ID of 1 in UCS.  Our native vlan is 1000.  So I setup a new vlan with the vlan ID of 1000 and set it as the natvie VLAN.  I cannot delete the VLAN default (1) even though it isn't the native vlan anymore because UCS won't let me.  We use VLAN id 1 for some of our corporate servers so I can't create a vlan with that ID without an overlap.  Since it's not being used as the native vlan anymore can I go ahead and use VLAN default (1) or is there some issue with me using that vlan?
    Additionally, one other question in regard to the natvie vlan.  I setup another UCS environment and have a few ESXi servers running on it with some active vm's.  When I setup UCS I added a vlan for our companines native vlan (vlan id 1000), but I forgot to set it as the Native VLAN.  So VLAN default (1) is still listed as the Native VLAN.  What implications would there be if I changed the Native VLAN to the vlan I setup (vlan id 1000) while there are running ESXi servers and virtual machines.  Neither the ESXi servers or vm's are using either on of those vlan's in service profiles and vnic templates.

    Russ,
    VLAN 1 can't be pruned from your uplinks it's one of those caveats.  We strongly discourage the use of VLAN 1 anywhere in your network as it presents a security risk.  (Since VLAN 1 exists on every switch by default, its hard to block access to devices using that VLAN).
    You can still use VLAN 1 even if it's not set as the native - no problem there.  Just take note that VLAN is not elgible for Disjoint L2 configuration and will always be allowed on all uplinks.  If you don't have any disjoint L2 networks - then its no problem for you.
    When you talk about the Native VLAN be careful.  If things are working as they are with VLAN 1 as the native vlan, changing it could impact your hosts if they need to communicate to other northbound devices.  I really try to caution people against using Native VLANs at all.  You're blindly sending untagged packets, and relying on the upstream L2 device to decide which VLAN to put the traffic onto.  Native VLANs can change from hop to hop also so it opens up the door for VLAN mis-matching.   You're far better off to TAG EVERYTHING - so there's no concern of native VLANs getting mixed up anywhere. 
    Regards,
    Robert

  • About the Native Vlan and Management Vlan.

    I wanted to know that Management vlan and Native vlan can be different vlan id or  both should be same vlan id. Why should not be native vlan 1.

    The use of a native VLAN is generally frowned upon now as there are some well known security exploits that leverage this untagged VLAN. Cisco often recommends setting the Native VLAN to an unused VLAN in your infrastructure in order to render it useless for attacks.
    It is also recommended that you create a separate VLAN for your Management traffic and that this VLAN be tagged (therefore not a Native VLAN).
    Native Vlan is the vlan which will be sent untagged even in Trunk links. Consider a Trunk link configured between two switches SWA and SWB, if a system in vlan1 of SWA is sending a frame via SWB, then this frame will be received as untagged by SWB, then switch B decides that the untagged frame is from native vlan 1 and handles accordingly. By default native vlan is 1, this can also be changed as per requirement.
    Example: In the below figure if a IP phone and system are connected toa switch port as below, the the Phones will  send its frames tagged with vlan 10 where as the frames sent by system will be untagged. So here the the corresponding switch port should be configured as native vlan 20. So that it can recognise and handle the frames from system and IP phone properly.
    a
    Management vlan is different, it means that this vlan will be used for management purposes like Logging into the switch for management, Monitoring the switch,collecting Syslog ans SNMP traps, etc will be done by management vlan IP. This also by default vlan 1 in cisco. So as Antony said the it is always a Best practice and security measure to not use the default vlan and use custom vlans.
    Hope this helps !

  • Native vlan query

    (CE)--Trunk-port-via.wi-max-device--(PE-Switch)--Trunk port--(PE-Router)
    In above scenario suppse CE router is unable to create sub-interface so to communicate with PE router I have used
    switchport trunk native vlan 834 and it's working
    But when I use
    encapsulation dot1Q 834 native on router sub-interface it is not working
    ##########Working config#################
    PE-Switch#
    interface FastEthernet1/0/5
    switchport trunk encapsulation dot1q
    switchport trunk native vlan 834
    switchport trunk allowed vlan 503,834
    switchport mode trunk
    speed 100
    duplex full
    PE-Router#
    interface GigabitEthernet1/0/1.834
    bandwidth 128
    encapsulation dot1Q 834
    ip vrf forwarding ABC
    ip address 172.34.63.69 255.255.255.252
    end
    PE-Router#ping vrf ABC 172.34.63.70
    Type escape sequence to abort.
    Sending 5, 100-byte ICMP Echos to 172.34.63.70, timeout is 2 seconds:
    Success rate is 100 percent (5/5), round-trip min/avg/max = 1/3/4 ms
    ##########Non-Working config#################
    PE-Switch#
    interface FastEthernet1/0/5
    switchport trunk encapsulation dot1q
    switchport trunk allowed vlan 503,834
    switchport mode trunk
    speed 100
    duplex full
    PE-Router#
    interface GigabitEthernet1/0/1.834
    bandwidth 128
    encapsulation dot1Q 834 native
    ip vrf forwarding ABC
    ip address 172.34.63.69 255.255.255.252
    end
    PE-Router#ping vrf ABC 172.34.63.70
    Type escape sequence to abort.
    Sending 5, 100-byte ICMP Echos to 172.34.63.70, timeout is 2 seconds:
    Success rate is 0 percent (0/5)
    Thanks & Regards
    Mahesh

    Hi,
    I'm confused with your configuration because the switchport trunk native vlan 834 command is gone in your non-working configuration.
    Also is Fas1/0/5 connected to your CE or PE-Router.
    Let's say Fas1/0/5 is connected to your CE and 1/0/6 to your PE-Router. A working configuration should be:
    PE-Switch#
    interface FastEthernet1/0/5
    switchport trunk encapsulation dot1q
    switchport trunk native vlan 834
    switchport trunk allowed vlan 503,834
    switchport mode trunk
    speed 100
    duplex full
    interface FastEthernet1/0/6
    switchport trunk encapsulation dot1q
    switchport trunk native vlan 834
    switchport trunk allowed vlan 503,834
    switchport mode trunk
    speed 100
    duplex full
    PE-Router#
    interface GigabitEthernet1/0/1.834
    bandwidth 128
    encapsulation dot1Q 834 native
    ip vrf forwarding ABC
    ip address 172.34.63.69 255.255.255.252
    end
    Be sure your native VLAN is consistant on all your trunk or you could have traffic leaking between VLAN 1 (default native VLAN) and VLAN 834
    HTH
    Laurent.

  • The old native vlan question....

    Topic came up during troubleshooting a 3524XL sw.
    I think my understanding of the native vlan concept is wrong.
    I thought on a trunk port (Cisco device) that any packet transversing a trunk link (dot1q trunk that is) has a vlan tag applied on the egress port.  As an untagged packet arrives on the port (prior to being sent out over the trunk), its is tagged with the native vlan (if its not assocated with any other vlan), then sent out the (egress) the trunked port. 
    But lately I have been reading that
    "A native vlan is the untagged vlan on an 802.1q trunked switchport. The native vlan and management vlan could be the same, but it is better security practice that they aren't. Basically if a switch receives untagged frames on a trunkport, they are assumed to be part of the vlan that are designated on the switchport as the native vlan. Frames egressing a switchport on the native vlan are not tagged. This is the definition however more recent switch software often will allow you to tag all of the frames, even those in the native vlan. This gives some added security and allows the CoS bits to be carried between switches even on the native vlan. Let me know if you need further clarification."
    From : https://learningnetwork.cisco.com/thread/8721
    So this tells me that you can have a packet transversing a dot1q link w/o a vlan tag...then when it arrives on the other end its put in the vlan that is on that native vlan question.  Is this correct?
    If so, and a packet can transverse a trunk link w/o a VLAN tag applied, how does a sw detect (ingress) a native vlan mismatch?
    Thanks!

    Hi,
    It's correct, the native vlan is not tagged by default on the trunk link but some platform can make you tag all traffic though even the native vlan.
    The native vlan mismatch is detected through cdp.
    Regards.
    Alain.
    Don't forget to rate helpful posts.

  • SG500 auto voice VLAN question about native VLAN

    I have been installing SG300 and SG500 switches and using the auto voice vlan feature by simply changing voice vlan to 100 and using vlan 1 for default and data.  I normally put the switch in L3 mode and make an access porteach for my IP PBX (vlan 100)  and one to connect to existing data network (vlan 1). Then I make a static route in customers default gateway to route back to vlan 100 and everything works nicely for most installs. 
    On my last install I decided to try to change the default vlan 1 to vlan 10 and go with 10 for data and 100 for voice.  The problem I ran into was that the auto generated config on my phone switchports still use vlan 1 as native vlan.  I am trying to find a way to still use auto vlan and get the desired native vlan without having to make manual config changes.
    Should this be possible?
    Thanks in advance.

    Hi Brandon, you need to modify the macro from native vlan 1 to vlan 10.
    Check out this topic how to modify the macro
    https://supportforums.cisco.com/thread/2177613
    -Tom
    Please mark answered for helpful posts

  • VLANs - Default, Native and Management

    Okay, please help in understanding the concept of VLANs by confirming whether the following is true or not, and based on that please help me to clear my doubts.
    Default vlan - Always Vlan 1 on a switch and cannot be changed. It's purpose is to account the interfaces/ports which are not assigned with a vlan explicitly.
    Native vlan - By default, it is also vlan 1 in a switch, but can be changed. Frames belonging to the native vlan are sent across the trunk link untagged. It's sole purpose is to provide back ward compatibility to the devices that doesn't understand frame tagging, as per 802.1q.
    Management vlan- for managing switches.
    Now my doubts ::
    1. Can anyone please draw and explain a scenario in which NATIVe vlan comes into use, so that I can understand its purpose completely.
    2. Management vlan- how they are created/assigned and is used ?

    Hello
    From a security perspective its best practice to not use vlan1 whatsoever as it well documented that all cisco switches default to this vlan.
    Also it is best to define a native vlan that will be not used.
    This is due to something I think is called ( double tagging or vlan hopping) - and it when a hacker knowing that vlan 1 is untagged and the default vlan  can apply an outer tag to a encapsulated packet and send this into your network, then when this outer tag is stripped away the native vlan1 is seen by the switch which is excepted into your network.and sent on its merry way toward its destination.
    So to negate this threat it is best to either tagged ALL vlans or define a unused native vlan  and a tagged management vlan and not allow the native vlan to cross any trunks
    example:
    vlan 1 = shutdown
    vlan 10 = management
    vlan 11-49 - user vlans
    vlan 50 = native
    conf t
    vlan 2-50
    exit
    int vlan 1
    shut
    int vlan 10
    ip address x.x.x.x y.y.y.y.y
    interface gig x/x
    switchport trunk encapsulation dot1q
    switchport trunk native vlan 50
    switchport trunk allowed vlan 2-49
    res
    Paul

  • Native VLAN on Cisco 3750x vs Cisco 2960S

    Hi,
    I have a scenario where I connect my Cisco switch 2960s with Cisco router 1941 as photo below
    My question is when i connect router with cisco 2960s I config interface Gi1/0/1 as a trunk. everything work fine, I can ping from router to switch(172.16.29.2).
    But when I changed to cisco 3750x, i config interface Gi1/0/1 as a trunk, it cannot ping from router to switch(172.16.29.2). But after I add native vlan 30 on interface Gi1/0/1 I can ping from router to switch (172.16.29.2)
    Any idea why ? is there any different of native vlan on cisco 2960s and 3750x ?
    Thank you for your kind answer
    John

    Hi John
    It seems for me that the 3750 is doing what it should do, if the router do not have subinterfaces and dot1q, it will send traffic without dot1q tag, and the 3750 will drop these packets because they arrive without a tag. That's why native vlan fixes the problem.
    The 2960 should work the same way that 3750 do, so I wonder if there is some differences in the config between the switches.
    Can You share the config for gi0/1 on the router and also the switchportconfig for both switches.
    Also a "show interface gi1/0/1 switchport" for both switches.
    /Mikael

  • Default Native directory password for accessing openldap data

    hi everyone ,
    i was trying to read openldap data from hyperion shared services . i know i can change the password in change native directory password for the root and i can read all the Ldap data.
    I was wondering if there is any default password for root in Shared services , since company is not allowing me to access change the password so i wish to know what is the default Native Directory password for LDAP stored in Hyperion Shared services for Root.

    try username: admin password: password; its a default user and password for hyperion products.
    regards,
    LYN

Maybe you are looking for

  • Launching on Mac OS X leopard fails with Error

    Attempted to start datamodeler logged in as an admin user and as sudo to root with the same result. root/users/loves2playbb/Downloads/datamodeler # sh datamodeler.sh Oracle SQL Developer Data Modeler Copyright (c) 1997, 2009, Oracle and/or its affili

  • Problem in using BI Presentation Beans(more specific to crosstab) in jsp

    In the Web Application developed using Oracle JDeveloper 10.1.2.1, i am using BiBeans 10.1.2.0.2 crosstab for data representation in jsp. Jsp also contains other interface components like textbox, submit buttons etc. The problem is: on clicking submi

  • External task - prepare method - decode-encode

    In the prepare method, I write code refer to thread: How to invoke a java application in the middle of the process Using Papi to operate with process How to invoke a java application in the middle of the process If the error is caused by decoding and

  • Error in the G/L master data

    HI, Error message comes no direct posting made to a particular gl account error is gl account is a control account   transactions cannot be posted direct to control account.

  • Advise for adding larger internal hard drive & faster processor

    After five years it is time to make some upgrades to my G4 Quicksilver 733 MHz Tower. The hard drive is nearly full and the processor doesn't seem as fast as it once did (especially after using my faster PowerBook G4). I want to replace the 40GB hard