How one Switch identify the Native vlan mismatch
Dear All,
I am using two cisco L2 switches. Both are connected by a trunk link. Unfortunately I configured different native vlan between two switches. Suddenly I got an error that native vlan mismatch. When I changed the configuration Now it's working fine. My question is that how one switch identify that native vlan mismatch(either by Bpdu, cdp or packet). Please mention which of the following used by switch to identify native Vlan mismatch.
Regards,
Sanjib
Sanjib, Karsten,
It's CDP.
Yes, and STP as well if you run a trunk between the two switches. PVST+ and RPVST+ BPDUs have a TLV in their trailer that carries the VLAN number for which the BPDU was originated. If the BPDU is received in a different VLAN (caused by a native VLAN mismatch), the receiving switch will be able to detect it.
Wireshark 1.12.x will be capable of displaying this TLV field in captured PVST+ and RPVST+ BPDUs. Until 1.12.x is released, you may want to try daily builds from:
http://www.wireshark.org/download/automated/
They already incorporate the enhancement.
Best regards,
Peter
Similar Messages
-
Native Vlan Mismatch on Switch LD connected to
I am running 3 switches each with the same 3 vlans. I also have 2 local directors in failover mode. The primary has interfaces connected to switch one and the secondary has interfaces to switch two. Trunking is disabled on all device ports but enabled on a dedicated fiber connection between the 2 switches
The first vlan is vlan 1 for management
The second is vlan 2 for the gateway side of the local directors
The third is vlan 3 for the server side of the local directors
On the primary switch I am logging CDP messages telling me i have a native vlan mismatch on the 2 local director ports. The secondary switch I dont get these messages.
Any ideas what is going on here and why? Thanks, Art.You mention above " but trunking is enabled on a dedicated fiber connection between the two switches", therefore trunking is enabled.
Because trunked ports need to be assigned to the same native vlan, I would do a "show trunk" and verify that the port used for trunking on each switch, are assigned to the same native vlan, I've seen the mismatch if the are not. That command above is if your switch is using CatalystOS, otherwise, use this command for NativeOS - sh int fast 0/1 switchport and look for the "trunking native mode vlan" number. They must match on each side. To correct the problem, do set vlan 1 4/10 to assign port 4/10 to vlan 1 which, is your management vlan which I assume you've choosen to be your native vlan.
Hope this helps. -
Dear all,
I am getting the following message in our VSS.
Sep 2 05:56:18.501: %CDP-SW1-4-NATIVE_VLAN_MISMATCH: Native VLAN mismatch
discovered on GigabitEthernet1/2/29 (304), with HQ-DC-CSW-VSS.abc.com
GigabitEthernet2/2/28 (300).
interface GigabitEthernet2/2/28
description *** F5 Load Balancer Port 2 Primary ***
switchport
switchport access vlan 300
switchport mode access
interface GigabitEthernet1/2/29
description *** F5 Load Balancer Port 5 Primary ***
switchport
switchport access vlan 304
switchport mode access
Can anyone explain me how I get this message although g2/2/28 and gi 1/2/29 are access ports.?How to fix this issue?Is this interrupt the network(loop)?
ThanksCould u try this:
sw1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
sw1(config)#no cdp advertise-v2
regards
Inayath -
Does it need add the native vlan to allowed vlan list ?
If I confiured the port like this "
switchport trunk native vlan 10
switchport trunk allowed vlan 11,12"
does the vlan 10 allowed passing ? or it still need add vlan 10 to the allowed vlan list like "
switchport trunk native vlan 10
switchport trunk allowed vlan 10,11,12"
ThanksYes you can remove the native VLAN from the list, and it does prevent the native VLAN from traversing the trunk. That is, if you look at the Spanning Tree for the native VLAN, the trunk will be absent from the list of ports on the VLAN.
The question of untagged frames is a different one. There are some control protocols, particularly link-local ones, that are sent untagged, and these will traverse the trunk regardless. However, they are not considered as part of the native VLAN Spanning Tree as such.
But beware: there is a bug in earlier IOS and in all CatOS switches! If you use a non-1 VLAN as your trunk native VLAN, and you disallow it from the trunks, and there are no other ports carrying that native VLAN, then the Spanning Tree for that VLAN shut down. That is fair enough. But the bug is that the Spanning Tree for VLAN 1 also breaks down, sending your network into meltdown.
Kevin Dorrell
Luxembourg -
Changing the Native VLAN command?
Can someone please refresh me as to what the command is to change the Native VLAN for the entire switch? (IE: not just on the trunk, I mean the default native for the entire switch). Thanks
Hi
While on this topic. I have been trying to trunk to 2960 switches and can't seem to get a proper connection. I am using packet tacer. The 1st switch already has a trunk port going to a router and the router has port is trunked and has sub ints for each of vlans 2 and 3 and each sub trunk has respective native encap vlan configured. My management vlan is vlan 3. And I don't have an int vlan1 only int vlan 3. The router and the 1st siwtch work fine. But now I am trying to get another trunk port with second switch. I configured both ints for trunking using native vlan 1. Now the links are in up state but both ends are not leds green, one is orange. And I have only int vlan 3 as with other switch and ip in same subnet as managment ip but cannot ping. Strange thing vtp info can pass but no connection to other switch vlans and router etc, only local connectivity. Plz help, below is the configs of the rotuer and two switches. It is switch 1 that is giving me beans to connect to the rest.
Router0
version 12.2
no service timestamps log datetime msec
no service timestamps debug datetime msec
service password-encryption
hostname RouterA
enable secret 5 $1$mERr$hx5rVt7rPNoS4wqbXKX7m0
username admin secret 5 $1$mERr$vPOtdREpWgzFVVY37SB2h/
ip name-server 0.0.0.0
interface Loopback0
description management
ip address 192.168.1.1 255.255.255.0
interface Loopback1
ip address 192.168.2.1 255.255.255.224
interface FastEthernet0/0
no ip address
duplex auto
speed auto
interface FastEthernet0/0.1
encapsulation dot1Q 1 native
ip address 192.168.3.1 255.255.255.0
interface FastEthernet0/0.2
encapsulation dot1Q 2
ip address 10.5.0.1 255.255.255.0
interface FastEthernet0/0.3
encapsulation dot1Q 3
ip address 192.168.4.1 255.255.255.0
interface FastEthernet0/1
description management
no ip address
duplex auto
speed auto
interface Serial0/0
ip address 172.16.1.1 255.255.255.252
interface Serial0/1
no ip address
interface FastEthernet1/0
no ip address
duplex auto
speed auto
interface FastEthernet1/1
no ip address
duplex auto
speed auto
router rip
version 2
network 172.16.0.0
network 192.168.1.0
network 192.168.2.0
no auto-summary
ip classless
access-list 1 permit 192.168.4.0 0.0.0.255
access-list 1 permit host 192.168.4.2
line con 0
line vty 0 4
access-class 1 in
password 7 08316C5D1A2E5505165A
login
end
Switch 0 (connected to Router 0)
version 12.2
no service timestamps log datetime msec
no service timestamps debug datetime msec
service password-encryption
hostname SwitchA
no logging console
enable secret 5 $1$mERr$hx5rVt7rPNoS4wqbXKX7m0
ip name-server 0.0.0.0
username admin password 7 08651D0A043C3705561E0B54322E2B3C2B063137324232064274
spanning-tree portfast default
interface FastEthernet0/1
interface FastEthernet0/2
interface FastEthernet0/3
interface FastEthernet0/4
interface FastEthernet0/5
switchport access vlan 3
interface FastEthernet0/6
switchport access vlan 3
interface FastEthernet0/7
interface FastEthernet0/8
interface FastEthernet0/9
interface FastEthernet0/10
interface FastEthernet0/11
interface FastEthernet0/12
interface FastEthernet0/13
switchport access vlan 2
interface FastEthernet0/14
switchport access vlan 2
interface FastEthernet0/15
switchport access vlan 2
interface FastEthernet0/16
switchport access vlan 2
interface FastEthernet0/17
switchport access vlan 2
interface FastEthernet0/18
switchport mode trunk
interface FastEthernet0/19
switchport access vlan 2
switchport mode access
interface FastEthernet0/20
switchport access vlan 2
interface FastEthernet0/21
switchport access vlan 2
interface FastEthernet0/22
switchport mode access
interface FastEthernet0/23
switchport access vlan 2
interface FastEthernet0/24
switchport mode trunk
interface GigabitEthernet1/1
interface GigabitEthernet1/2
interface Vlan1
no ip address
interface Vlan3
ip address 192.168.4.10 255.255.255.0
ip default-gateway 192.168.4.1
access-list 1 permit 192.168.4.0 0.0.0.255
access-list 1 permit host 192.168.4.1
line con 0
line vty 0 4
access-class 1 in
password 7 08316C5D1A2E5505165A
login
line vty 5 15
login
end
Switch 1 (connected to Switch0) (This is the second switch which I cannot get connected to rest of network properly)
version 12.2
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
hostname Switch
interface FastEthernet0/1
interface FastEthernet0/2
interface FastEthernet0/3
interface FastEthernet0/4
interface FastEthernet0/5
switchport access vlan 3
interface FastEthernet0/6
switchport access vlan 3
interface FastEthernet0/7
interface FastEthernet0/8
interface FastEthernet0/9
interface FastEthernet0/10
interface FastEthernet0/11
interface FastEthernet0/12
interface FastEthernet0/13
interface FastEthernet0/14
interface FastEthernet0/15
interface FastEthernet0/16
interface FastEthernet0/17
interface FastEthernet0/18
switchport mode trunk
interface FastEthernet0/19
interface FastEthernet0/20
interface FastEthernet0/21
interface FastEthernet0/22
interface FastEthernet0/23
interface FastEthernet0/24
interface GigabitEthernet1/1
interface GigabitEthernet1/2
interface Vlan1
no ip address
interface Vlan3
ip address 192.168.4.20 255.255.255.0
ip default-gateway 192.168.4.1
line con 0
line vty 0 4
login
line vty 5 15
login
end -
Can anyone tell me or point me in the proper direction for the method to set the native vlan on the WLC? I have a 3750 that is showing a native vlan mismatch going to the 4402.
hello - have a look at this link
http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a008070ba8f.shtml
explains config for WLC and uplink switch.
hth
andy -
%CDP-W-NATIVE_VLAN_MISMATCH: Native VLAN mismatch detected on interface fa1.
I am getting the following message in my logs on SF300-8
"%CDP-W-NATIVE_VLAN_MISMATCH: Native VLAN mismatch detected on interface fa1."
What is causing the error, see VLAN setup below:Hi,
Yes, in this case you can change the native vlan on the that switch with the command (config-if)#switchport trunk native vlan #, there is no need to reboot the switch in order for the change to take effect.
Regards, -
%CDP-W-NATIVE_VLAN_MISMATCH: Native VLAN mismatch detected on interface gi26.
Hell everyone,
I have a sonicwall firewall with 6 vlan and 3 cisco sg28 switches connected to it, everything is working fine, but I se I have these waring the the log files of all three switches.
I just need to know the best way to resolve this..
the firsrt switch is the "core" switch and the other two are connect to it in a star pattern.
Sonicwall--switch1.101.1----switch 101.10
|
|
switch 101.20
So core switch 101.1 has default vlan set to 100 which is the default lan on the sonicwall that it is connected to. There are no devices in .100
switch 101.10 has devault vlan set to 1
switch 101.20 has default vlan set to 1
switch 101.1 is seeing these warnings..
2147483643
2014-Apr-01 19:33:08
Warning
%CDP-W-NATIVE_VLAN_MISMATCH: Native VLAN mismatch detected on interface gi27.
2147483644
2014-Apr-01 19:30:52
Warning
%CDP-W-NATIVE_VLAN_MISMATCH: Native VLAN mismatch detected on interface gi26.
switch 101.10 is seeing these warnings;
%CDP-W-NATIVE_VLAN_MISMATCH: Native VLAN mismatch detected on interface gi52.
port gi52 is connecting to switch 101.1
switch 101.20 is seeing these warings;
%CDP-W-NATIVE_VLAN_MISMATCH: Native VLAN mismatch detected on interface gi27.
portgi27 is connected to switch 101.1
Thanks!Hi,
Yes, in this case you can change the native vlan on the that switch with the command (config-if)#switchport trunk native vlan #, there is no need to reboot the switch in order for the change to take effect.
Regards, -
How do you identify the Logical system in start routine of a transformation
My scenario is this. I have five r3 systems that I am extracting from. In the start routine of the transformation from the r3 data source to my data store I am going to delete data and I need to know the source system id. How do I identify the logical system or source system id in the transformation. Is there a system field that contains this information. I do not want to hard code the source system id in the routine.
hi
have a lool at tables rsreqdone and rsbkrequest with a join you should be able to determine the source.
regards
Boujema
How to give points: Mark your thread as a question while creating it. In the answers you get, you can assign the points by clicking on the stars to the left. You also get a point yourself for rewarding (one per thread).
Edited by: Boujema Bouhazama on May 9, 2008 12:04 AM -
How do I identify the maximum length of video in iMovie which can be made into a dvd in iDVD, please?
I made a sellection of video clips > pressed on "share" > on iDVD > after one hour of formating the message was under "project duration" : "Your project exceeds the maximum content duration. To burn your DVD, change the encoder setting in the Project Info window."
I have edited out some of the clips and waited anothe hour or so bu the same message appeared !
I want to know in advance how long can be the video clip sellection for the quality of video chosen ( the best before HD).
please help if ou can.
thank you very much indeed.
Michael
North LondonIt's trying to tell you to change the encoding setting:
iDVD encoding settings:
http://docs.info.apple.com/article.html?path=iDVD/7.0/en/11417.html
Short version:
Best Performance is for videos of up to 60 minutes
Best Quality is for videos of up to 120 minutes
Professional Quality is also for up to 120 minutes but even higher quality (and takes much longer)
That was for single-layer DVDs. Double these numbers for dual-layer DVDs.
Professional Quality: The Professional Quality option uses advanced technology to encode your video, resulting in the best quality of video possible on your burned DVD. You can select this option regardless of your project’s duration (up to 2 hours of video for a single-layer disc and 4 hours for a double-layer disc). Because Professional Quality encoding is time-consuming (requiring about twice as much time to encode a project as the High Quality option, for example) choose it only if you are not concerned about the time taken.
In both cases the maximum length includes titles, transitions and effects etc. Allow about 15 minutes for these.
You can use the amount of video in your project as a rough determination of which method to choose. If your project has an hour or less of video (for a single-layer disc), choose Best Performance. If it has between 1 and 2 hours of video (for a single-layer disc), choose High Quality. If you want the best possible encoding quality for projects that are up to 2 hours (for a single-layer disc), choose Professional Quality. This option takes about twice as long as the High Quality option, so select it only if time is not an issue for you.
Use the Capacity meter in the Project Info window (choose Project > Project Info) to determine how many minutes of video your project contains.
NOTE: With the Best Performance setting, you can turn background encoding off by choosing Advanced > “Encode in Background.” The checkmark is removed to show it’s no longer selected. Turning off background encoding can help performance if your system seems sluggish.
And whilst checking these settings in iDVD Preferences, make sure that the settings for NTSC/PAL and DV/DV Widescreen are also what you want.
http://support.apple.com/kb/HT1502?viewlocale=en_US -
How can i identify the environment name or database name in the PL/SQL code
Hi,
I am using UTL_FILE to genearate the files.,
My problem is, I have to design the common sql file , which can be executed in 2 diffrent environments ( Say QA & DEV ) , with no parameters. It has to identify the environment and based on the environment , it has to generate the concern files.,
The only change needs to be incorporated is , file names , which will change based on the environment.,
can nay one tell me , how can i identify the environment name or database name in the PL/SQL code ??
RajaIn this case, USEC_GI_DEV.NA.XXXNET.NET is a TNS alias. That alias exists only on the client machine. There is no way to access that information on the database server.
You would have to find something in the v$database or v$instance table that uniquely identifies the database (and you may need some help from the DBAs to do this because you need to ensure that the data element you choose is compatible with whatever refresh process(es) are used in your environment).
Now, if you are writing a stand-alone SQL*Plus script, SQL*Plus, as a client tool, does have access to the TNS alias in later versions. But that is a client-side determination, not a server-side determination.
Justin -
How to switch to the Greek apple store?
In order to be able to download updates
When trying to get updates, I sometimes get the message
'Your account is not valid for use in the Greek store. You must switch to the US store before purchasing'Do you mean how you switch to the greek app store or to the US app store?
If so for both of them, then you'll need to create an account with both or just the one. -
HT1420 How do I identify the 5 computers authorized?
Getting message saying that 5 computers are already authorized.... I don't own 5 computers, how can I identify the computers that have been authorized with my account?
If you mean a List... This is not possible...
Open itunes on the computer you want to deactivate. Make sure you are logged in. Under the "Store" menu, pull down top "De-authorize this computer"
If you no longer have, or access to, the computer(s) you want to deauthorise,
Log in to iTunes, go to "view your account info" on the itunes store, deauthorise all five, (Please Note: this can only be done Once every 12 months) and then re-authorize your current Computer(s) one at a time.
Authorise / Deauthorise About
http://support.apple.com/kb/HT1420 -
About the Native Vlan and Management Vlan.
I wanted to know that Management vlan and Native vlan can be different vlan id or both should be same vlan id. Why should not be native vlan 1.
The use of a native VLAN is generally frowned upon now as there are some well known security exploits that leverage this untagged VLAN. Cisco often recommends setting the Native VLAN to an unused VLAN in your infrastructure in order to render it useless for attacks.
It is also recommended that you create a separate VLAN for your Management traffic and that this VLAN be tagged (therefore not a Native VLAN).
Native Vlan is the vlan which will be sent untagged even in Trunk links. Consider a Trunk link configured between two switches SWA and SWB, if a system in vlan1 of SWA is sending a frame via SWB, then this frame will be received as untagged by SWB, then switch B decides that the untagged frame is from native vlan 1 and handles accordingly. By default native vlan is 1, this can also be changed as per requirement.
Example: In the below figure if a IP phone and system are connected toa switch port as below, the the Phones will send its frames tagged with vlan 10 where as the frames sent by system will be untagged. So here the the corresponding switch port should be configured as native vlan 20. So that it can recognise and handle the frames from system and IP phone properly.
a
Management vlan is different, it means that this vlan will be used for management purposes like Logging into the switch for management, Monitoring the switch,collecting Syslog ans SNMP traps, etc will be done by management vlan IP. This also by default vlan 1 in cisco. So as Antony said the it is always a Best practice and security measure to not use the default vlan and use custom vlans.
Hope this helps ! -
How to switch off the pop-up message in rspcm
Hi there,
Does anyone know how to switch off the pop-up message in rspcm?
The monitoring user shouldn't get the pop-up below anymore:
Statusänderung des Requests Sollen Folge-Events ausgelöst werden?
The pop-up in english might be
status change of request - trigger subsequent processing? or similar
We would like to outsource the process chain monitoring (rspcm) to our operating.
But operating shouldn't deal with the pop-up above and make decisions especially when delta infopackages are involved.
Thanks for your help in advance.
Regards,
Wolfgang SmetanaElena,
Is the subsequent process defined on success or failure ? if that is not defined - you might come across this message.....
Arun
Maybe you are looking for
-
How to Restrict the node level in account hierarchy
Hi experts, I want to restrict the node level in account hierarchy. I attached one example. in that if i click 6000 node again it want to show error message. for one parent node i want to create only two child node. Further if i create means it want
-
Master Detail Form - Update Statement for Column in the Detail Section
Hello, I've posted a demo application to apex.oracle.com Application# 49298 Application Name: Street_Inventory Basically, on page 3 I have a Master Detail Form. In the Detail section, I want the value of On_hand to save to table ITEMS. Here's my code
-
Blue Screen On eMac From Generic USB cable for a digital camera?
I recently got a digital camera from a friend and ordered a $2 usb cable to upload my pics. it uploaded them fine but the next time i started my computer i got a blue screen with only the mouse curser on it. i unplugged the cable and tried to start i
-
Many years ago, I had a copy of fireworks and dreamweaver. It seemed like I only worked with fireworks and created websites, links etc. Do you have to have both and somehow they work in tandem?
-
JNDI look up failure from JUnitEE for Sunone AppServer 8
Hi, Dear All: I am trying to set up a test framework for developing J2EE application, I successfully deployed the EJB components, see the sun-ejb-jar.xml below: <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE sun-ejb-jar PUBLIC "-//Sun Microsystems,