Native vlan for a 3550XL swtich

hello
i have the follow dilemma. a 3550XL has a voice vlan 10 , a data vlan 20 and an management vlan 99. assinging the vlan 10 as native wil remove its tagg across the trunk ports. also cisco recomends native vlan not be the same as management vlan . but when i made the vlan 99 the vlan 1 goes in shutdown situation . so what is the best practice about tha native vlan into a voice switch ?
thanks

IEEE 802.1Q Configuration Considerations
IEEE 802.1Q trunks impose these limitations on a network:
In a network of Cisco switches connected through IEEE 802.1Q trunks, the switches maintain one instance of spanning tree for each VLAN allowed on the trunks. Non-Cisco devices might support one spanning-tree instance for all VLANs.
When you connect a Cisco switch to a non-Cisco device through an IEEE 802.1Q trunk, the Cisco switch combines the spanning-tree instance of the VLAN of the trunk with the spanning-tree instance of the non-Cisco IEEE 802.1Q switch. However, spanning-tree information for each VLAN is maintained by Cisco switches separated by a cloud of non-Cisco IEEE 802.1Q switches. The non-Cisco IEEE 802.1Q cloud separating the Cisco switches is treated as a single trunk link between the switches.
Make sure the native VLAN for an IEEE 802.1Q trunk is the same on both ends of the trunk link. If the native VLAN on one end of the trunk is different from the native VLAN on the other end, spanning-tree loops might result.
Disabling spanning tree on the native VLAN of an IEEE 802.1Q trunk without disabling spanning tree on every VLAN in the network can potentially cause spanning-tree loops. We recommend that you leave spanning tree enabled on the native VLAN of an IEEE 802.1Q trunk or disable spanning tree on every VLAN in the network. Make sure your network is loop-free before disabling spanning tree.
http://www.cisco.com/en/US/docs/switches/lan/catalyst3550/software/release/12.2_25_sec/configuration/guide/swvlan.html

Similar Messages

  • Can I use non-native VLAN for AP management (BVI100 vs. BVI1)

    Owning AIR-AP1121G-E-K9 and AIR-AP1131AG-E-K9, with IOS 12.3.8JA2, want to migrate AP (wired) management from native VLAN1 to tagged VLAN100.
    Management VLAN must not be accessed by WiFi devices.
    Tried to configure fa0.100, bridge 100 and BVI 100 instead of fa0.1, bridge 0.1 and BVI1, reloaded and AP is working, but doesn't respond to management.
    Tried to use simple L3 fa0.1, but int is not reachable from outside.
    Any suggestions?
    Thank you very much
    Flavio Molinelli
    [email protected]

    The management VLAN must be the Native VLAN ... it doesn't have to be VLAN 1, but whichever VLAN you declare as Native will be the Management VLAN (at least as far as the AP is concerned) ...
    Some switches / routers permit the management and Native VLANs to be different ... verify that both are configured and matching on both ends (AP and switch / router).
    Good Luck
    Scott

  • What is AP H-REAP Native Vlan used for?

    We have a few APs - CAP3502 and LAP1242s for the most part - whose H-REAP "Native Vlan" doesn't match the switchport's native vlan.  It appears that the switchport native vlan is what gets used for the AP for DHCP (it gets an AP IP address from that network).  If so, does anyone know what the purpose of specifying the native vlan on the H-REAP config is?  I can think of no useful purpose, but if there is one I'd appreciate anyone who could say.
    Thanks.
    BTW this is on a 5508 controller running 7.0.240.0 code.

    Thanks Scott - further info:  the Vlan Mappings are filled in with the appropriate Vlans, which are separate from the AP native vlan.  In this case vlans 202, 203, 204 and 206 are assigned to various SSIDs and the Native Vlan for the AP is set to 201.  The switchport is set to trunk all vlans and has native vlan 221, and it is from vlan 221 that the AP get's its own IP.
    So on the one hand, if specifying the 'native' vlan were to avoid cases where the wrong vlan was native on the switch (and so, to tell the AP which vlan to use for itself and control traffic), I would expect the AP to have a vlan201 address.
    If on the other hand this is merely a 'documentary' setting to say what the 'native vlan' *should* be, then I would expect the AP to have a vlan221 IP, which it does.
    Just trying to find out if this setting does anything more than document.

  • How set native vlan on a VM in vSphere when using the 1000V?

    Using the vSphere Distr Switch, we set native VLAN per VM by setting the VLAN d to 0.
    How do we set the native VLAN for a VM if the VM is connected to a 1000V? I heard we no longer can use VLAN ID 0?                  

    Same way you would on any Cisco switch.
    Add this command to your Uplink port profile:
    switchport trunk native vlan X
    Keep in mind there is no VLAN 0.  VLAN "0" is just how vmware designates the untagged VLAN.  Valid ranges are 1-4095 according to the standard.
    Regards,
    Robert

  • Option "Native VLAN ID" doesn't show up

    Hi all:
    I'm configuring several AP in a WLC 5508. All of them are in FlexConnect with VLAN Mapping and the most are 1131 and I can configure Native VLAN and VLAN mapping option. However, I just added a 2702 AP to the WLC and I found out the "Native VLAN ID" option under FlexConnect tab is missing (attach screenshoot). Is it because of the model of the AP or config issue?.
    As you can see in the screenshoot, AP is in a FlexConnect Group. In it I can't configure Native VLAN for the APs.
    Thanks all
    Francisco

    This issue is bug# CSCus64073 - 1700/2700 APs native vlan
    field missing in Flex tab
    •        The workaround is to “untick vlan support (in the Advanced tab) and tick it back,
    then field will show again” 
    •        If this is unsuccessful, configure the native vlan through the cli with the
    following commands: 
    -         config ap disable ap <AP_Name>
    -         config ap flexconnect vlan native 8 <AP_Name>
    -         config ap enable ap <AP_Name>
    -         show ap config general <AP_Name> should show correct native vlan

  • Changing native VLAN 100 on SFE2000P to VLAN 1?

    The "SFE2000/SFE2000P Gigabit Ethernet Switch Reference Guide" says on page 124 "The Management VLAN is set to VLAN 100 by default, but can be modified." (highlighting is mine).   I'm still searching for how.  Anyone know the trick?  I always end up blocking myself out of the switch and having to reset it.
    My basic problem is trying to connect two SRW224P's with one SFE2000P (in Layer 3 mode).   They need to have the same default or native VLAN for the trunking to work properly.   The SFE2000P has VLAN 100 as default, while the SRW 224P has VLAN 1 as default.
    The documentation says I should be able to change it, but never says how.   I haven't found any way to change the VLAN 1 on the SRW224P's to VLAN 100....but I would be willing to that as well.  I have attachment to VLAN 1 or VLAN 100....I just want them to be the same.
    Thanks....gerry

    Correct. As soon as you change it to 100, you will lose access to the devices since vlan 1 is used for management.  To shorten the down time, you can create vlan 100 and all the SVIs on all switches ahead of time and than change it form 1 to 100 in a maintenance window.
    HTH

  • If VLAN 1 is the native VLAN, then does that mean thier can only be one?

    If VLAN 1 is native, does that mean when you assign another VLAn to be native, VLAN 1 is no longer native and the other VLAN is? meaning you can only have one?

    Let us start by being clear that the concept of native vlan is related to a particular interface doing trunking. If you have two interfaces doing trunking it is quite possible that the first one would have vlan 1 as native and the other one might have vlan 2 as native.
    On a particular interface doing trunking it is quite true that there can be only a single native vlan for that trunk.
    HTH
    Rick

  • Changing the Native VLAN command?

    Can someone please refresh me as to what the command is to change the Native VLAN for the entire switch? (IE: not just on the trunk, I mean the default native for the entire switch). Thanks

    Hi
    While on this topic. I have been trying to trunk to 2960 switches and can't seem to get a proper connection. I am using packet tacer. The 1st switch already has a trunk port going to a router and the router has port is trunked and has sub ints for each of vlans 2 and 3 and each sub trunk has respective  native encap vlan configured. My management vlan is vlan 3. And I don't have an int vlan1 only int vlan 3. The router and the 1st siwtch work fine. But now I am trying to get another trunk port with second switch. I configured both ints for trunking using native vlan 1. Now the links are in up state but both ends are not leds green, one is orange. And I have only int vlan 3 as with other switch and ip in same subnet as managment ip but cannot ping. Strange thing vtp info can pass but no connection to other switch vlans and router etc, only local connectivity. Plz help, below is the configs of the rotuer and two switches. It is switch 1 that is giving me beans to connect to the rest.
    Router0
    version 12.2
    no service timestamps log datetime msec
    no service timestamps debug datetime msec
    service password-encryption
    hostname RouterA
    enable secret 5 $1$mERr$hx5rVt7rPNoS4wqbXKX7m0
    username admin secret 5 $1$mERr$vPOtdREpWgzFVVY37SB2h/
    ip name-server 0.0.0.0
    interface Loopback0
    description management
    ip address 192.168.1.1 255.255.255.0
    interface Loopback1
    ip address 192.168.2.1 255.255.255.224
    interface FastEthernet0/0
    no ip address
    duplex auto
    speed auto
    interface FastEthernet0/0.1
    encapsulation dot1Q 1 native
    ip address 192.168.3.1 255.255.255.0
    interface FastEthernet0/0.2
    encapsulation dot1Q 2
    ip address 10.5.0.1 255.255.255.0
    interface FastEthernet0/0.3
    encapsulation dot1Q 3
    ip address 192.168.4.1 255.255.255.0
    interface FastEthernet0/1
    description management
    no ip address
    duplex auto
    speed auto
    interface Serial0/0
    ip address 172.16.1.1 255.255.255.252
    interface Serial0/1
    no ip address
    interface FastEthernet1/0
    no ip address
    duplex auto
    speed auto
    interface FastEthernet1/1
    no ip address
    duplex auto
    speed auto
    router rip
    version 2
    network 172.16.0.0
    network 192.168.1.0
    network 192.168.2.0
    no auto-summary
    ip classless
    access-list 1 permit 192.168.4.0 0.0.0.255
    access-list 1 permit host 192.168.4.2
    line con 0
    line vty 0 4
    access-class 1 in
    password 7 08316C5D1A2E5505165A
    login
    end
    Switch 0 (connected to Router 0)
    version 12.2
    no service timestamps log datetime msec
    no service timestamps debug datetime msec
    service password-encryption
    hostname SwitchA
    no logging console
    enable secret 5 $1$mERr$hx5rVt7rPNoS4wqbXKX7m0
    ip name-server 0.0.0.0
    username admin password 7 08651D0A043C3705561E0B54322E2B3C2B063137324232064274
    spanning-tree portfast default
    interface FastEthernet0/1
    interface FastEthernet0/2
    interface FastEthernet0/3
    interface FastEthernet0/4
    interface FastEthernet0/5
    switchport access vlan 3
    interface FastEthernet0/6
    switchport access vlan 3
    interface FastEthernet0/7
    interface FastEthernet0/8
    interface FastEthernet0/9
    interface FastEthernet0/10
    interface FastEthernet0/11
    interface FastEthernet0/12
    interface FastEthernet0/13
    switchport access vlan 2
    interface FastEthernet0/14
    switchport access vlan 2
    interface FastEthernet0/15
    switchport access vlan 2
    interface FastEthernet0/16
    switchport access vlan 2
    interface FastEthernet0/17
    switchport access vlan 2
    interface FastEthernet0/18
    switchport mode trunk
    interface FastEthernet0/19
    switchport access vlan 2
    switchport mode access
    interface FastEthernet0/20
    switchport access vlan 2
    interface FastEthernet0/21
    switchport access vlan 2
    interface FastEthernet0/22
    switchport mode access
    interface FastEthernet0/23
    switchport access vlan 2
    interface FastEthernet0/24
    switchport mode trunk
    interface GigabitEthernet1/1
    interface GigabitEthernet1/2
    interface Vlan1
    no ip address
    interface Vlan3
    ip address 192.168.4.10 255.255.255.0
    ip default-gateway 192.168.4.1
    access-list 1 permit 192.168.4.0 0.0.0.255
    access-list 1 permit host 192.168.4.1
    line con 0
    line vty 0 4
    access-class 1 in
    password 7 08316C5D1A2E5505165A
    login
    line vty 5 15
    login
    end
    Switch 1 (connected to Switch0) (This is the second switch which I cannot get connected to rest of network properly)
    version 12.2
    no service timestamps log datetime msec
    no service timestamps debug datetime msec
    no service password-encryption
    hostname Switch
    interface FastEthernet0/1
    interface FastEthernet0/2
    interface FastEthernet0/3
    interface FastEthernet0/4
    interface FastEthernet0/5
    switchport access vlan 3
    interface FastEthernet0/6
    switchport access vlan 3
    interface FastEthernet0/7
    interface FastEthernet0/8
    interface FastEthernet0/9
    interface FastEthernet0/10
    interface FastEthernet0/11
    interface FastEthernet0/12
    interface FastEthernet0/13
    interface FastEthernet0/14
    interface FastEthernet0/15
    interface FastEthernet0/16
    interface FastEthernet0/17
    interface FastEthernet0/18
    switchport mode trunk
    interface FastEthernet0/19
    interface FastEthernet0/20
    interface FastEthernet0/21
    interface FastEthernet0/22
    interface FastEthernet0/23
    interface FastEthernet0/24
    interface GigabitEthernet1/1
    interface GigabitEthernet1/2
    interface Vlan1
    no ip address
    interface Vlan3
    ip address 192.168.4.20 255.255.255.0
    ip default-gateway 192.168.4.1
    line con 0
    line vty 0 4
    login
    line vty 5 15
    login
    end

  • Native Vlan Usage

    I have several vlans on 2950 switches. Each vlan is monitered seperatly and the data on the vlans must never mix. Should I move the native vlan off vlan 1 and set it to match the individual vlan numbers? Or maby I just don't understand the function of the native vlan.

    The native vlan is the vlan on an 802.1q trunk that isn't tagged with an 802.1q header. And that's all there really is to it.
    Generally, most administrators use the same native vlan for the sake of consistency. Some tag the management vlan as the native vlan, while others will set an unused vlan as the native vlan. It's mostly a matter of procedure, policy, and personal preference.
    HTH,
    Bobby
    *Please rate helpful posts.

  • Native Vlan and tagging

    Hi!
    I have a particular installation on a customer site.
    The management vlan is the number 1 (which is the native vlan) for the whole network and all the switches tag the native vlan.
    So when I plug my AP on a port of a switch configured in trunk mode, it doesn't work.
    How can I resolve this issue?
    Thanks

    Yes, you can specify the native VLAN, though I am not sure if that will enable tagging of that VLAN or not. You might have to try it yourself to see. See the following link for pictures of the pages in question.
    http://www.cisco.com/en/US/products/ps6087/products_tech_note09186a0080736123.shtml#t12
    Because I think it will require a reboot after enabling HREAP but before setting up VLAN support, you might need to set it as an access port while making the changes.
    1. Do not use VLANs for your H-REAP deployment and set the access point switch ports as Access ports in the VLAN you want your users to be in. The AP will need an IP in the user VLAN, but that is not usually a problem. If you do not need multiple user VLANs from different SSIDs, this will be the easiest option.
    2. Disable native VLAN tagging for the ports with APs with the command I listed above.

  • Native Vlan and Trunking

    Hi Folks,
    I am having a doubt with native Vlan in trunk ports.
    In a topology of 3 switches. Switch A is connected with switchB and SwitchC on uplinks. Can I configure the different native vlans for 2 different trunk for switch A.
    Like I am having 3 vlan,s configured in switch A with VTP domain transparent(1,500,900-Vlans configured). Same configuration is there in B & C too.
    So can we use 999 as a native vlan for trunk between A&B and native vlan 1 for trunk configured between A&C.

    yes possible, if specific reasons. Already discussed several times on this forum. Pls refer this link:
    http://forum.cisco.com/eforum/servlet/NetProf?page=netprof&forum=Network%20Infrastructure&topic=LAN%2C%20Switching%20and%20Routing&CommCmd=MB%3Fcmd%3Ddisplay_location%26location%3D.2cbe4e88

  • FIP and Native VLAN

    Hello,
    according to documentation, FIP uses native vlan for FCoE VLAN discovery. Is it necessary to trunk native VLAN on the CNA port of a switch facing a server? For example if e1/1 is connected to a host and I'm using VLAN10 for data and VLAN100 for storage, and my native vlan is VLAN1, should the configuration be:
    interface Ethernet1/1
      switchport mode trunk
      switchport trunk native vlan 1
      switchport trunk allowed vlan 1,10,100
      spanning-tree port type edge trunk
    OR is it sufficient to have:
    interface Ethernet1/1
      switchport mode trunk
      switchport trunk allowed vlan 10,100
      spanning-tree port type edge trunk
    Another alternative, which takes into account that host may not tag it's data traffic:
    interface Ethernet1/1
      switchport mode trunk
      switchport trunk native vlan 10
      switchport trunk allowed vlan 10,100
      spanning-tree port type edge trunk
    Is it really a must to trunk native VLAN? In my lab it works either way.

    FIP VLAN Discovery
    FIP VLAN discovery discovers the FCoE VLAN that will be used by all other FIP protocols as well as by the FCoE encapsulation for Fibre Channel payloads on the established virtual link. One of the goals of FC-BB-5 was to be as nonintrusive as possible on initiators and targets, and therefore FIP VLAN discovery occurs in the native VLAN used by the initiator or target to exchange Ethernet traffic. The FIP VLAN discovery protocol is the only FIP protocol running on the native VLAN; all other FIP protocols run on the discovered FCoE VLANs.
    The ENode sends a FIP VLAN discovery request to a multicast MAC address called All-FCF-MACs, which is a multicast MAC address to which all FCFs listen. All FCFs that can be reached in the native VLAN of the ENode are expected to respond on the same VLAN with a response that lists one or more FCoE VLANs that are available for the ENode's VN_Port login. This protocol has the sole purpose of allowing the ENode to discover all the available FCoE VLANs, and it does not cause the ENode to select an FCF.

  • VLAN trunking, native vlan and management vlan

    Hello all,
    In our situation, we have 3 separate vlans: 100 for management vlan and 101 for data and 102 for voice.
    We have an uplink which is trunked using .1Q. Our access ports has the data vlan as the native. Based on our design, what should be the native vlan for this uplink trunk? Should it be the management vlan or the data vlan? Thanks for your help.

    To answer this question you must remember what the native vlan is. Native is where untagged packets are sent, i.e. packets without a dot1Q tag. It is there mainly for compatibility. On an access port it has no function while normal traffic is not tagged and sent to the vlan that is configured for the port. Traffic for the voice vlan is an exception to this general rule.
    Native vlan setting only plays a role on trunk links where most of the traffic carries a tag. As explained, it is then used as the vlan for untagged traffic.
    When you do not consider this a security breach, you may configure the data-vlan as native. Use another vlan (why not vlan1?) in the case where you want to isolate this traffic.
    I find it good design practice to use the same native vlan throughout the network. This keeps things clear and it's better for anyone who is not completely obsessed with security. The latter kind of people can always find a reason to mess things up, both for themselves and for others;-)
    Regards,
    Leo

  • Is this considered NATIVE VLAN?

    Greetings All I know that the Native VLAN in a switch is VLAN 1
    Since my access points needs a native vlan to perform multiple SSID and VLANS etc. If the ACcess pont is sitting on VLAN 20 with an ip address assinged to it from that vlan does that mean VLAN 20 is native?? Sorry for the ignorant question but I am trying to do multiple ssid etc

    Hey Pete,
    Have a read of this good doc, here is an excerpt;
    The routers and switches that make up the physical infrastructure of a network are managed in a different method than the client PCs that attach to that physical infrastructure. The VLAN these router and switch interfaces are members of is called the Native VLAN (by default, VLAN 1). Client PCs are members of a different VLAN, just as IP telephones are members of yet another VLAN. The administrative interface of the access point or bridge (interface BVI1) are considered and numbered a part of the Native VLAN regardless of what VLANs or SSIDs pass through that wireless device.The switchport config might look like this;
    switchport mode trunk
    switchport trunk encapsulation dot1q
    switchport trunk native vlan 1
    switchport trunk allowed vlan 1,10,30
    Where vlan 1 is Native and vlan 10 and 30 will be associated with SSID's.
    When you use an IEEE 802.1Q trunk port, all frames are tagged except those on the VLAN configured as the "native VLAN" for the port. Frames on the native VLAN are always transmitted untagged and are normally received untagged. Therefore, when an AP is connected to the switchport, the native VLAN configured on the AP must match the native VLAN configured on the switchport.
    Note: If there is a mismatch in the native VLANs, the frames are dropped.
    This scenario is better explained with an example. If the native VLAN on the switchport is configured as VLAN 12 and on the AP, the native VLAN is configured as VLAN 1, then when the AP sends a frame on its native VLAN to the switch, the switch considers the frame as belonging to VLAN 12 since the frames from the native VLAN of the AP are untagged. This causes confusion in the network and results in connectivity problems. The same happens when the switchport forwards a frame from its native VLAN to the AP.
    From this good doc;
    Using VLANs with Cisco Aironet Wireless Equipment
    http://www.cisco.com/en/US/products/hw/wireless/ps4570/products_configuration_example09186a00801d0815.shtml#vlanap
    Hope this helps!
    Rob
    Please remember to rate helpful posts.........

  • Native VLAN, Management VLAN

    Is the Native VLAN only used to communicate 802.1q information? Does CDP go over the Native VLAN? Is there a breakdown of what traverses the Native VLAN and the Management VLAN? I have a customer that has their management vlan different than the native vlan.

    I think it does more than what you say:
    802.1Q standard is more than just a tagging mechanism. It also defines a unique spanning tree instance running on the native VLAN for all the VLANs in the network.
    Here is the link:
    http://www.cisco.com/en/US/products/hw/switches/ps700/products_tech_note09186a008012ecf3.shtml#basic_char
    I just suspect there is more to the Native VLAN and I want a document that will provide more information on Cisco's Website.

Maybe you are looking for

  • ITunes 10.2.1.1 Crashing in Windows 7 SP1 - My solution

    I will first start off and say my solution isn't the prettiest girl at the dance but it will get you what you want. Like most of you I spent the last couple weeks combing the Internet for answers but nothing works. iTunes would just stop working/cras

  • I cant open itunes on my iphone 4??

    help i cant seem to open itunes store on my iphone 4! any ideas??

  • How to invoke servlet in a package in iPlanet Web Server 4.01 platform ?

    I want to use a servlet which is in a package. http://10.251.9.194/servlet/aibd.GetService servlet is mapping to /home03/zhangxs/bbn/servlets. but the servlet can not be invoked. I read the errors file as following: [02/ 7��/2001:17:06:35] warning (1

  • Imac to Sharp aqeous

    Ok first off yes i did check the forums and could find an accurate answer. here is the issue: Intel imac to sharp aqueous plasma( late 2007 early 2008 model) from imac mini dvi to HDMI adapter then strait to HDMI input on tv. we are trying to run fro

  • ATV limited to 720p, 24 fps?

    There are many H.264 camcorders nowadays like the Flip MinoHD, VadoHD, Sanyo Xacti and the Kodak Zi6 among others. By default, recording is usually at 720p at 30 fps. The ATV cannot play back these recordings without having to downgrade the format to