Native Vlan Mismatch on Switch LD connected to
I am running 3 switches each with the same 3 vlans. I also have 2 local directors in failover mode. The primary has interfaces connected to switch one and the secondary has interfaces to switch two. Trunking is disabled on all device ports but enabled on a dedicated fiber connection between the 2 switches
The first vlan is vlan 1 for management
The second is vlan 2 for the gateway side of the local directors
The third is vlan 3 for the server side of the local directors
On the primary switch I am logging CDP messages telling me i have a native vlan mismatch on the 2 local director ports. The secondary switch I dont get these messages.
Any ideas what is going on here and why? Thanks, Art.
You mention above " but trunking is enabled on a dedicated fiber connection between the two switches", therefore trunking is enabled.
Because trunked ports need to be assigned to the same native vlan, I would do a "show trunk" and verify that the port used for trunking on each switch, are assigned to the same native vlan, I've seen the mismatch if the are not. That command above is if your switch is using CatalystOS, otherwise, use this command for NativeOS - sh int fast 0/1 switchport and look for the "trunking native mode vlan" number. They must match on each side. To correct the problem, do set vlan 1 4/10 to assign port 4/10 to vlan 1 which, is your management vlan which I assume you've choosen to be your native vlan.
Hope this helps.
Similar Messages
-
How one Switch identify the Native vlan mismatch
Dear All,
I am using two cisco L2 switches. Both are connected by a trunk link. Unfortunately I configured different native vlan between two switches. Suddenly I got an error that native vlan mismatch. When I changed the configuration Now it's working fine. My question is that how one switch identify that native vlan mismatch(either by Bpdu, cdp or packet). Please mention which of the following used by switch to identify native Vlan mismatch.
Regards,
SanjibSanjib, Karsten,
It's CDP.
Yes, and STP as well if you run a trunk between the two switches. PVST+ and RPVST+ BPDUs have a TLV in their trailer that carries the VLAN number for which the BPDU was originated. If the BPDU is received in a different VLAN (caused by a native VLAN mismatch), the receiving switch will be able to detect it.
Wireshark 1.12.x will be capable of displaying this TLV field in captured PVST+ and RPVST+ BPDUs. Until 1.12.x is released, you may want to try daily builds from:
http://www.wireshark.org/download/automated/
They already incorporate the enhancement.
Best regards,
Peter -
%CDP-W-NATIVE_VLAN_MISMATCH: Native VLAN mismatch detected on interface gi26.
Hell everyone,
I have a sonicwall firewall with 6 vlan and 3 cisco sg28 switches connected to it, everything is working fine, but I se I have these waring the the log files of all three switches.
I just need to know the best way to resolve this..
the firsrt switch is the "core" switch and the other two are connect to it in a star pattern.
Sonicwall--switch1.101.1----switch 101.10
|
|
switch 101.20
So core switch 101.1 has default vlan set to 100 which is the default lan on the sonicwall that it is connected to. There are no devices in .100
switch 101.10 has devault vlan set to 1
switch 101.20 has default vlan set to 1
switch 101.1 is seeing these warnings..
2147483643
2014-Apr-01 19:33:08
Warning
%CDP-W-NATIVE_VLAN_MISMATCH: Native VLAN mismatch detected on interface gi27.
2147483644
2014-Apr-01 19:30:52
Warning
%CDP-W-NATIVE_VLAN_MISMATCH: Native VLAN mismatch detected on interface gi26.
switch 101.10 is seeing these warnings;
%CDP-W-NATIVE_VLAN_MISMATCH: Native VLAN mismatch detected on interface gi52.
port gi52 is connecting to switch 101.1
switch 101.20 is seeing these warings;
%CDP-W-NATIVE_VLAN_MISMATCH: Native VLAN mismatch detected on interface gi27.
portgi27 is connected to switch 101.1
Thanks!Hi,
Yes, in this case you can change the native vlan on the that switch with the command (config-if)#switchport trunk native vlan #, there is no need to reboot the switch in order for the change to take effect.
Regards, -
Can anyone tell me or point me in the proper direction for the method to set the native vlan on the WLC? I have a 3750 that is showing a native vlan mismatch going to the 4402.
hello - have a look at this link
http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a008070ba8f.shtml
explains config for WLC and uplink switch.
hth
andy -
%CDP-W-NATIVE_VLAN_MISMATCH: Native VLAN mismatch detected on interface fa1.
I am getting the following message in my logs on SF300-8
"%CDP-W-NATIVE_VLAN_MISMATCH: Native VLAN mismatch detected on interface fa1."
What is causing the error, see VLAN setup below:Hi,
Yes, in this case you can change the native vlan on the that switch with the command (config-if)#switchport trunk native vlan #, there is no need to reboot the switch in order for the change to take effect.
Regards, -
Dear all,
I am getting the following message in our VSS.
Sep 2 05:56:18.501: %CDP-SW1-4-NATIVE_VLAN_MISMATCH: Native VLAN mismatch
discovered on GigabitEthernet1/2/29 (304), with HQ-DC-CSW-VSS.abc.com
GigabitEthernet2/2/28 (300).
interface GigabitEthernet2/2/28
description *** F5 Load Balancer Port 2 Primary ***
switchport
switchport access vlan 300
switchport mode access
interface GigabitEthernet1/2/29
description *** F5 Load Balancer Port 5 Primary ***
switchport
switchport access vlan 304
switchport mode access
Can anyone explain me how I get this message although g2/2/28 and gi 1/2/29 are access ports.?How to fix this issue?Is this interrupt the network(loop)?
ThanksCould u try this:
sw1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
sw1(config)#no cdp advertise-v2
regards
Inayath -
I've 7 accesss switches from which one switch is connected to 2nd switch with RJ 45 Trunk and other switches cascaded with eachother.
My question is ,Is native vlan necessary on all access switches, if yes than ?
Overview:SW1-Trunkport Fa0/1 to SW2-Fa0/13.
SW2-SW3-SW4-SW5-SW6-SW7(Cascading).
SW4-Connected to core switch Trunk port.
Encapsulation type is dotlq and the cascaded switches are in half duplex but the switch that has the RJ45 trunk connectivity with 2nd switch is in Auto duplex and the connectivity for core switch is also in Auto duplex from one of access switch.
Is that affecting speed?Thank you for that.
Last thing I want to know that , can i remove Native Vlans from the uplink and gb ports ,
Is that Necessary to keep in Native Vlan?
If no than why?
interface GigabitEthernet0/1
switchport trunk encapsulation dot1q
switchport trunk native vlan 100******
switchport mode trunk
interface GigabitEthernet0/2
description *** Cascaded to...***
duplex half
switchport trunk encapsulation dot1q
switchport trunk native vlan 100****(Can I remove, if no use?)
switchport mode trunk -
Native VLAN on wired switch and wireless AP
On our 3560g switch we have g0/15 set up as a trunk to connect our wireless AP.
Port Mode Encapsulation Status Native vlan
Gi0/15 on 802.1q trunking 35
Port Vlans allowed on trunk
Gi0/15 1-4094
Port Vlans allowed and active in management domain
Gi0/15 1,10-14,18,20,22,30,35
Port Vlans in spanning tree forwarding state and not pruned
Gi0/15 1,10-14,18,20,22,30,35
On my AP I have the native VLAN as 1.
From my reading I found that the AP and the switch port should have the same Native vlan on both ends of the trunk. Well my access point will not work unless the AP trunk is on 1 and the switch is on 35. Any ideas?dot11 ssid guestwifi
vlan 20
authentication open eap eap_methods
authentication network-eap eap_methods
authentication key-management wpa
dot11 ssid nwifi
vlan 35
authentication open eap eap_methods
authentication network-eap eap_methods
authentication key-management wpa
guest-mode
dot11 arp-cache optional
c
bridge irb
interface Dot11Radio0
no ip address
no ip route-cache
encryption mode ciphers aes-ccm tkip
encryption vlan 35 mode ciphers aes-ccm tkip
encryption vlan 1 mode ciphers aes-ccm tkip
encryption vlan 20 mode ciphers aes-ccm tkip
ssid guestwifi
ssid raydonwifi
mbssid
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
channel 2462
station-role root
no dot11 extension aironet
interface Dot11Radio0.1
encapsulation dot1Q 1 native
no ip route-cache
bridge-group 1
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
interface Dot11Radio0.20
encapsulation dot1Q 20
no ip route-cache
bridge-group 20
bridge-group 20 block-unknown-source
no bridge-group 20 source-learning
no bridge-group 20 unicast-flooding
bridge-group 20 spanning-disabled
interface Dot11Radio0.35
encapsulation dot1Q 35
no ip route-cache
bridge-group 35
bridge-group 35 block-unknown-source
no bridge-group 35 source-learning
no bridge-group 35 unicast-flooding
bridge-group 35 spanning-disabled
interface Dot11Radio1
no ip address
no ip route-cache
shutdown
encryption mode ciphers tkip
speed basic-6.0 9.0 basic-12.0 18.0 basic-24.0 36.0 48.0 54.0
channel 5200
station-role root bridge
antenna receive right
antenna transmit right
bridge-group 1
bridge-group 1 spanning-disabled
interface FastEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
interface FastEthernet0.1
encapsulation dot1Q 1 native
no ip route-cache
bridge-group 1
interface FastEthernet0.20
encapsulation dot1Q 20
no ip route-cache
bridge-group 20
bridge-group 20 spanning-disabled
interface FastEthernet0.35
encapsulation dot1Q 35
no ip route-cache
bridge-group 35
bridge-group 35 spanning-disabled
interface BVI1
ip address 192.168.35.12 255.255.255.0
no ip route-cache
ip default-gateway 192.168.35.1
no ip http server
ip http authentication aaa
ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
ip radius source-interface BVI1
access-list 111 permit tcp any any neq telnet
snmp-server community home RO
snmp-server enable traps tty
control-plane
bridge 1 route ip
line con 0
access-class 111 in
transport preferred all
transport output all
line vty 0 4
access-class 111 in
transport preferred all
transport input all
transport output all
line vty 5 15
access-class 111 in
transport preferred all
transport input all
transport output all
end -
Is it possible to configure AAA and EAPFAST on a 3750G switch to use a vlan other than vlan1 for management/native vlan? We are working with RADIUS on Server 2008.
Hi John,
Yes, you can do that.
On 3750 you can take a look at the feature called 802.1x Authentication with VLAN Assignment:
http://www.cisco.com/en/US/partner/docs/switches/lan/catalyst3750/software/release/12.2_52_se/configuration/guide/sw8021x.html#wp1289244.
Basically, you define on the RADIUS server what VLAN each User (or User Group) you want to assign, then when the user connects the PC to the port, it authenticates and the RADIUS server returns the required attributes for VLAN assignament to the switch. The switch interprets them and changes the switchport to the configured VLAN.
The switch will be a simple man-in-the middle during authentication and only processes the RADIUS Reject (if authe fails) or RADIUS Accept (if authe passes).
The authentication methods like EAP-FAST must be agreed between the RADIUS server (AAA Server) and the PC (AAA supplicant).
If you want to authenticate users based on certificates you have to use either EAP-FAST, EAP-TLS or EAP-TTLS.
The most widely spread (which comes by default on WinXP machines) authentication method is PEAP which uses MS-CHAP (username/password) to authenticate users.
HTH,
Tiago
If this helps you and/or answers your question please mark the question as "answered" and/or rate it, so other users can easily find it. -
Native vlan mismatch error msg from cdp
get this message from my 6509 connects to 3550. but no trunking is set between them. my other ports also have the same settings, with no err msg but have a native vlan unknown status... why???
this 6509 is not set by me.. :(I do not have enough information from you to say if it is a bug. Past output of
sh ver
sh cdp neigh detail
sh int trunk
sh run int gigx/y or sh run int fas x/y -
I have a question regarding the default native vlan, I have a cisco based environment and I set vlan XXX on a native on trunk links, I also running Multiple Spanning Tree on my switches & create instances for vlan segregation.
My question is here could I put vlan 1 (default) in any of instance or not?
Thanks & Regards,With MST, it is not running per VLAN spanning tree, it sends all BPDUs via instance 0 which is called the CIST. These frames are sent untagged via the native VLAN. Normally this is VLAN 1 but if you change it to another VLAN then the BPDUs are sent untagged on that native VLAN.
Regarding if to use instance 0 or not, it is often recommended to create as many instances as you need to create the desired topology (usually two) and put your VLANs in those instances. It's a good pratice to map all your VLANs straight away because changing the instance to VLAN mapping makes the MST region become multi region until they all have the same instance to VLAN mapping.
I would keep all VLANs out of instance 0 but it's definitely possible to have VLANs mapped in instance 0 as well.
Daniel Dib
CCIE #37149
Please rate helpful posts. -
Cisco sg 100d unmanaged switch not connecting to network
I have a Cisco sg 100d-08 unmanaged switched that had been working just fine for several months but now devices attached to the network thru are no longer on the network. All lights are on indicating the ports are active. Tried power recycle but no joy. When I replaced the switch with an old Belkin model everything works fine. Is there anyway to reset this unmanaged switch or do I now just have an expensive paper weight?
When the management interface is part of VLAN x
Make sure that the management interface vlan id is set to 0 (untagged ) If the native vlan on the switch trunk connected to controller is vlan x. If the native vlan is something else make sure to tag the mangement interface vlan with x.
Another interesting thing that might happen with switch having the following command enabled:
SW(config)#dot1q tag native
In that case all trunk native vlan frames will be tagged , so you have to tag the management vlan on the controller as well in that case.
To be able to troubleshoot such connectivity problem, you should get the output of:
show run int
show interface <\\ > switchport
the latter command should be your best friend.
One recommondation, make sure to tag your management / ap-manager interface with vlan id to maintain QoS limiting based on dot1p values for downstream traffic from the wired side.
In the above scenario , If you can provide the output of show interface <\\> switchport
I should tell you why the recommended action solved your issue based on the above explanation, and if you would like I can maitain the tag for you.
Please Don't Forget to rate correct Answers -
Hello! I have a network in with a i have a switch stack configured for voice and data. Particularly, both are configured to pass over the same port.
I want to add a temporary switch (different model) to the network and configure it the same way. In particular, I want to see that I can set up the voice/data VLAN's on this new switch and test to confirm all is working. I need an uplink though back to the original switches so that this new switch can get a proper connection.
When I connect the new switch in, I can't seem to get an IP and the CLI keeps showing a "Native VLAN mismatch error" and shows the hostname of the original switch.
So my questions are:
How can I add this temporary switch to the existing switch to get a connection, not as another stacked switch?
How can I configure the voice/data VLAN's on the switch so as to be able to test the voice/data traffic over the same port?Hi! Yes I did change the native vlan for that particular port on "Sw2" (New switch) to match "Sw1" (existing switch). The Sw2 port shows native vlan inactive though.
Below is an output from them on that port.
(SW1)
Name: Gi3/0/5
Switchport: Enabled
Administrative Mode: trunk
Operational Mode: trunk
Administrative Trunking Encapsulation: dot1q
Operational Trunking Encapsulation: dot1q
Negotiation of Trunking: On
Access Mode VLAN: 1 (default)
Trunking Native Mode VLAN: 100 (VLAN0100)
Administrative Native VLAN tagging: enabled
Voice VLAN: 10 (VLAN0010)
Administrative private-vlan host-association: none
Administrative private-vlan mapping: none
Administrative private-vlan trunk native VLAN: none
Administrative private-vlan trunk Native VLAN tagging: enabled
Administrative private-vlan trunk encapsulation: dot1q
Administrative private-vlan trunk normal VLANs: none
Administrative private-vlan trunk private VLANs: none
Operational private-vlan: none
Trunking VLANs Enabled: ALL
Pruning VLANs Enabled: 2-1001
Capture Mode Disabled
Capture VLANs Allowed: ALL
Protected: false
Unknown unicast blocked: disabled
Unknown multicast blocked: disabled
Appliance trust: none
SW2
Name: Gi3/0/5
Switchport: Enabled
Administrative Mode: trunk
Operational Mode: trunk
Administrative Trunking Encapsulation: dot1q
Operational Trunking Encapsulation: dot1q
Negotiation of Trunking: On
Access Mode VLAN: 1 (default)
Trunking Native Mode VLAN: 100 (Inactive)
Administrative Native VLAN tagging: enabled
Voice VLAN: 10 (Voice)
Administrative private-vlan host-association: none
Administrative private-vlan mapping: none
Administrative private-vlan trunk native VLAN: none
Administrative private-vlan trunk Native VLAN tagging: enabled
Administrative private-vlan trunk encapsulation: dot1q
Administrative private-vlan trunk normal VLANs: none
Administrative private-vlan trunk private VLANs: none
Operational private-vlan: none
Trunking VLANs Enabled: ALL
Pruning VLANs Enabled: 2-1001
Capture Mode Disabled
Capture VLANs Allowed: ALL
Protected: false
Unknown unicast blocked: disabled
Unknown multicast blocked: disabled
Appliance trust: none -
SG500 LACP trunk mismatch native vlan on individual ports
Hi All,
I have just configured up a sg500 with a lacp trunk to an upstream switch.
I am getting native vlan mismatch on the individual ports of the lacp team.
24-Jan-2013 12:54:48 %CDP-W-NATIVE_VLAN_MISMATCH: Native VLAN mismatch detected on interface gi1/1/24.
24-Jan-2013 12:57:35 %CDP-W-NATIVE_VLAN_MISMATCH: Native VLAN mismatch detected on interface gi1/1/48.
The following is showing the correct native vlan
BH-WS-AC-2#show int switchport port 1
Port : Po1
Port Mode: Trunk
Gvrp Status: disabled
Ingress Filtering: true
Acceptable Frame Type: admitAll
Ingress UnTagged VLAN ( NATIVE ): 2000
Port is member in:
Vlan Name Egress rule Port Membership Type
1200 1200 Tagged Static
1210 Management Tagged Static
1212 1212 Tagged Static
2000 Native Vlan Untagged Static
But the following shows that the individual ports think they are the default vlan 1.
BH-WS-AC-2#show int switchport gi1/1/48
Port : gi1/1/48
Port Mode: Trunk
Gvrp Status: disabled
Ingress Filtering: true
Acceptable Frame Type: admitAll
Ingress UnTagged VLAN ( NATIVE ): 1
Port is member in:
Vlan Name Egress rule Port Membership Type
The following shows the LACP as up:
BH-WS-AC-2#show int Port-Channel 1
Load balancing: src-dst-mac-ip.
Gathering information...
Channel Ports
Po1 Active: gi1/1/24,gi1/1/48
Is this normal behaviour? as i cannot set the native vlan directly on the gi interface due to it being in the trunk.
SimonHi Simon, native vlan mismatch is a cosmetic error from CDP. It won't affect services provided the vlans are a member of the ports in question.
You can set the native vlan while it is within the lag. On the SX500 it would be
config t
int po1
switchport trunk native vlan xxxx
The port channel is the same as any other individual port so it's not a problem. 802.1q specifies the native vlan is the untagged member, if you want to get rid of the error, make sure the untagged vlans match up on both sides.
-Tom
Please mark answered for helpful posts -
Hi guys,
I am having problem. I am not sure about this issue. Recently, I have new switch(2950) plugin into the Core switch. However, it keep generating log every 30 mins on my core switch. any idea about this problem?
2005 Jul 01 22:51:15 GMT+2 +07:00 %CDP-4-NVLANMISMATCH:Native vlan mismatch dete
cted on port 3/22
Core> (enable) show port 3/22
* = Configured MAC Address
Port Name Status Vlan Duplex Speed Type
3/22 2950 connected 210 full 100 100BaseFX MM
Core> (enable) show trunk 3/22
* - indicates vtp domain mismatch
# - indicates dot1q-all-tagged enabled on the port
Port Mode Encapsulation Status Native vlan
3/22 off negotiate not-trunking 210
Port Vlans allowed on trunk
3/22 1-1005,1025-4094
Port Vlans allowed and active in management domain
3/22 210
Port Vlans in spanning tree forwarding state and not pruned
3/22
core#show ver
WS-C6506 Software, Version NmpSW: 7.6(7)
Copyright (c) 1995-2004 by Cisco Systems
NMP S/W compiled on May 6 2004, 23:21:07
System Bootstrap Version: 7.1(1)
System Boot Image File is 'bootflash:cat6000-sup2k8.7-6-7.bin'
System Configuration register is 0x102
Core--->2950
2950#show vla
VLAN Name Status Ports
1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4
Fa0/5, Fa0/6, Fa0/7, Fa0/8
Fa0/9, Fa0/10, Fa0/11, Fa0/12
Fa0/13, Fa0/14, Fa0/15, Fa0/16
Fa0/17, Fa0/18, Fa0/19, Fa0/20
Fa0/21, Fa0/22, Fa0/23, Fa0/24
Fa0/25, Fa0/26
2950#show vtp st
VTP Version : 2
Configuration Revision : 0
Maximum VLANs supported locally : 250
Number of existing VLANs : 5
VTP Operating Mode : Transparent
VTP Domain Name : access
VTP Pruning Mode : Disabled
VTP V2 Mode : Disabled
VTP Traps Generation : Disabled
MD5 digest : 0xB6 0x18 0x3A 0xBA 0xC7 0x54 0x71 0x55
Configuration last modified by 0.0.0.0 at 0-0-00 00:00:00Hi guys,
Thanks for promptly replied. However I had tried to harded core on 2950 Vlan 210(every interfaces). No luck. The core switch still flooding the log. Correct If I am wrong. Since my 2950 is configured as transparent. It shouldn't broadcast the VLAN info. Am I right? This is not the switch connected to the VLAN 210. I have another switch 210 connected to Core. But it doesn't generate the log.
Core(enable) show vlan
VLAN Name Status IfIndex Mod/Ports, Vlans
1 default active 5 2/23-24
3/9,3/18,3/23-24
4/28,4/38-40
5/9-48
5 ServerFarm active 112 4/1-9,4/11-27,4/29-30,4/
33-37,4/43
5/1-8
20 External active 10 4/10,4/41,4/44-48
30 External2 active 11
80 DMZ active 114 4/42
100 User1 active 12
120 User2 active 13 2/1-21
3/1-8,3/10-17,3/19-21
210 VLAN0210 active 116 2/22
3/22
4/31-32
Core# (enable) show vlan 210
VLAN Name Status IfIndex Mod/Ports, Vlans
210 VLAN0210 active 116 1/1-2
2/22<<
3/22<<
4/31-32
15/1
Core> (enable) show port 2/22
* = Configured MAC Address
Port Name Status Vlan Duplex Speed Type
2/22 SwitchA connected 210 full 100 100BaseFX MM
Maybe you are looking for
-
Error in posting data to buffer: CL_RSPLS_DELTA_BUFFER_B unf Form READ-06-
Hello, I have a problem in executing functions in my planning folders which contain hierarchy variables in the filter of the function. Whenever I run a SAP standard function which has a hierarchy variable in the function filter, I get an error meesa
-
My new MacBook pro won't charge to 100% battery it will only charge to 99%. Please help!
-
Can I adjust the video image I receive when making a Skype call?
I have made my first Skype call and the video image I see on my computer is very dark and I am wondering if there is some way to make adjustments? Do I need to get some specific software for viewing? I don't really understand the whole thing but I su
-
Local Referance tag in Sun one server
Hi All, In my ejb-jar.xml file have one ejb in that i have local Ejb. How i can spacify in the sun-ejb-jar.xml.when i trying to lookup the local ejb i got name not found exception .where as jboss we have one tag i.e. <local-jndi-name> like wise we ha
-
can any body tell me what is the exact purpose of chain & endchain. Can we use it in normal reports apart from dialog programing , give with one example if possible.