Native VLAN on Cisco Switches
I have a question regarding the default native vlan, I have a cisco based environment and I set vlan XXX on a native on trunk links, I also running Multiple Spanning Tree on my switches & create instances for vlan segregation.
My question is here could I put vlan 1 (default) in any of instance or not?
Thanks & Regards,
With MST, it is not running per VLAN spanning tree, it sends all BPDUs via instance 0 which is called the CIST. These frames are sent untagged via the native VLAN. Normally this is VLAN 1 but if you change it to another VLAN then the BPDUs are sent untagged on that native VLAN.
Regarding if to use instance 0 or not, it is often recommended to create as many instances as you need to create the desired topology (usually two) and put your VLANs in those instances. It's a good pratice to map all your VLANs straight away because changing the instance to VLAN mapping makes the MST region become multi region until they all have the same instance to VLAN mapping.
I would keep all VLANs out of instance 0 but it's definitely possible to have VLANs mapped in instance 0 as well.
Daniel Dib
CCIE #37149
Please rate helpful posts.
Similar Messages
-
Native VLAN on Cisco 3750x vs Cisco 2960S
Hi,
I have a scenario where I connect my Cisco switch 2960s with Cisco router 1941 as photo below
My question is when i connect router with cisco 2960s I config interface Gi1/0/1 as a trunk. everything work fine, I can ping from router to switch(172.16.29.2).
But when I changed to cisco 3750x, i config interface Gi1/0/1 as a trunk, it cannot ping from router to switch(172.16.29.2). But after I add native vlan 30 on interface Gi1/0/1 I can ping from router to switch (172.16.29.2)
Any idea why ? is there any different of native vlan on cisco 2960s and 3750x ?
Thank you for your kind answer
JohnHi John
It seems for me that the 3750 is doing what it should do, if the router do not have subinterfaces and dot1q, it will send traffic without dot1q tag, and the 3750 will drop these packets because they arrive without a tag. That's why native vlan fixes the problem.
The 2960 should work the same way that 3750 do, so I wonder if there is some differences in the config between the switches.
Can You share the config for gi0/1 on the router and also the switchportconfig for both switches.
Also a "show interface gi1/0/1 switchport" for both switches.
/Mikael -
How to search/Scan Vlan of cisco switch ports
Can any one tell me how i can scan/search vlans of cisco switch port through any monitoring tool (orion/solarwinds).
Consider this scenario as i have no access to switch and i want to know below things:
1-Vlans created on switch?
2-which switch port belongs to which vlan id?
ThanksHi,
You can do it only with hub in between and also please note that when sniffing with Wireshark on Windows the OS would remove VLAN tag so you may need to use Linux machine.
Regards,
Aleksandra -
Native VLAN on wired switch and wireless AP
On our 3560g switch we have g0/15 set up as a trunk to connect our wireless AP.
Port Mode Encapsulation Status Native vlan
Gi0/15 on 802.1q trunking 35
Port Vlans allowed on trunk
Gi0/15 1-4094
Port Vlans allowed and active in management domain
Gi0/15 1,10-14,18,20,22,30,35
Port Vlans in spanning tree forwarding state and not pruned
Gi0/15 1,10-14,18,20,22,30,35
On my AP I have the native VLAN as 1.
From my reading I found that the AP and the switch port should have the same Native vlan on both ends of the trunk. Well my access point will not work unless the AP trunk is on 1 and the switch is on 35. Any ideas?dot11 ssid guestwifi
vlan 20
authentication open eap eap_methods
authentication network-eap eap_methods
authentication key-management wpa
dot11 ssid nwifi
vlan 35
authentication open eap eap_methods
authentication network-eap eap_methods
authentication key-management wpa
guest-mode
dot11 arp-cache optional
c
bridge irb
interface Dot11Radio0
no ip address
no ip route-cache
encryption mode ciphers aes-ccm tkip
encryption vlan 35 mode ciphers aes-ccm tkip
encryption vlan 1 mode ciphers aes-ccm tkip
encryption vlan 20 mode ciphers aes-ccm tkip
ssid guestwifi
ssid raydonwifi
mbssid
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
channel 2462
station-role root
no dot11 extension aironet
interface Dot11Radio0.1
encapsulation dot1Q 1 native
no ip route-cache
bridge-group 1
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
interface Dot11Radio0.20
encapsulation dot1Q 20
no ip route-cache
bridge-group 20
bridge-group 20 block-unknown-source
no bridge-group 20 source-learning
no bridge-group 20 unicast-flooding
bridge-group 20 spanning-disabled
interface Dot11Radio0.35
encapsulation dot1Q 35
no ip route-cache
bridge-group 35
bridge-group 35 block-unknown-source
no bridge-group 35 source-learning
no bridge-group 35 unicast-flooding
bridge-group 35 spanning-disabled
interface Dot11Radio1
no ip address
no ip route-cache
shutdown
encryption mode ciphers tkip
speed basic-6.0 9.0 basic-12.0 18.0 basic-24.0 36.0 48.0 54.0
channel 5200
station-role root bridge
antenna receive right
antenna transmit right
bridge-group 1
bridge-group 1 spanning-disabled
interface FastEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
interface FastEthernet0.1
encapsulation dot1Q 1 native
no ip route-cache
bridge-group 1
interface FastEthernet0.20
encapsulation dot1Q 20
no ip route-cache
bridge-group 20
bridge-group 20 spanning-disabled
interface FastEthernet0.35
encapsulation dot1Q 35
no ip route-cache
bridge-group 35
bridge-group 35 spanning-disabled
interface BVI1
ip address 192.168.35.12 255.255.255.0
no ip route-cache
ip default-gateway 192.168.35.1
no ip http server
ip http authentication aaa
ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
ip radius source-interface BVI1
access-list 111 permit tcp any any neq telnet
snmp-server community home RO
snmp-server enable traps tty
control-plane
bridge 1 route ip
line con 0
access-class 111 in
transport preferred all
transport output all
line vty 0 4
access-class 111 in
transport preferred all
transport input all
transport output all
line vty 5 15
access-class 111 in
transport preferred all
transport input all
transport output all
end -
Is it possible to configure AAA and EAPFAST on a 3750G switch to use a vlan other than vlan1 for management/native vlan? We are working with RADIUS on Server 2008.
Hi John,
Yes, you can do that.
On 3750 you can take a look at the feature called 802.1x Authentication with VLAN Assignment:
http://www.cisco.com/en/US/partner/docs/switches/lan/catalyst3750/software/release/12.2_52_se/configuration/guide/sw8021x.html#wp1289244.
Basically, you define on the RADIUS server what VLAN each User (or User Group) you want to assign, then when the user connects the PC to the port, it authenticates and the RADIUS server returns the required attributes for VLAN assignament to the switch. The switch interprets them and changes the switchport to the configured VLAN.
The switch will be a simple man-in-the middle during authentication and only processes the RADIUS Reject (if authe fails) or RADIUS Accept (if authe passes).
The authentication methods like EAP-FAST must be agreed between the RADIUS server (AAA Server) and the PC (AAA supplicant).
If you want to authenticate users based on certificates you have to use either EAP-FAST, EAP-TLS or EAP-TTLS.
The most widely spread (which comes by default on WinXP machines) authentication method is PEAP which uses MS-CHAP (username/password) to authenticate users.
HTH,
Tiago
If this helps you and/or answers your question please mark the question as "answered" and/or rate it, so other users can easily find it. -
Creating a private/isolated vlan on Cisco switch
Hello
I have many Cisco switches 65xx, 37xx at my company with a lot of vlans already configured. I need to create a new isolation vlan that will not be able to communicate with my other existing vlans. We are setting up a NAC solution at my company and we want a vlan that we can send ports to if the computer or device is compromised and cannot talk or risk the existing network (other vlans). What is the best method to make this happen?
I have created VLANs in the past but this is my first dealing with private/isolated vlans and would be grateful for any guidance on how I should implement this.So are you saying I should just create a new L2 vlan and not configure the vlan interface (which is at L3) for this new vlan so I cannot communicate with any of my existing vlans therefore isolating the new vlan?
Yes, without an SVI clients in that vlan cannot communicate with anything outside that vlan.
The only thing that wasn't clear was whether these clients should still be able to access the internet even though they couldn't talk to any other internal vlans. If they did need the internet, or any other remote network, then you would need an SVI but it sounds as though you don't want any external communication for these clients ?
Jon -
Configuring VLANs on Cisco switches - help on basics please!
Hi people.
I'm buying Cisco switches to my home lab to practice VLAN and have some doubts, would someone kindly help me?
I'm thinking of buying two 300 series switches for the servers (VMware boxes), configure two separate VLANs for VMs and two other VLANs for desktop computers, in order to simulate a small office with a datacenter and two floors (one VLAN for each floor).
I presume that the connection between each floor switch and the 300 series core switch will be via trunk mode on both, not access port mode, is that correct?
Another question: for the desktop switches, the ports that are going to connect to the desktops (which runs windows with non-vlan tagging aware nic), will be configured with the correct VLAN, and the operating system will just communicate normally as if there was no VLAN tag on the frames?
Since I need inter-vlan routing only on the core switch (the 300 series), for the desktops switches I can purchase some 200 series, right?
And the last question: presuming that I configure a third VLAN and add a third floor switch, but this time a 100 series switch that is not VLAN capable, so connecting this switch to the 300 switch, will it work, or not?
Thank you!Hi! Thanks for the rapid answers!
I have a couple more based on the same questions:
I presume that the connection between each floor switch and the 300 series core switch will be via trunk mode on both, not access port mode, is that correct? - Yes, trunk links are required to carry multiple vlans.
So, I could also use multiple links with LAG/LACP carrying all vlans between switches?
And the last question: presuming that I configure a third VLAN and add a third floor switch, but this time a 100 series switch that is not VLAN capable, so connecting this switch to the 300 switch, will it work, or not? - Yes, bit make sure that link between these two switches should be an access link, i.e must carry only third vlan.
So, If I understand correctly, if having one vlan per floor in an office building, for economical reasons you could deploy simple non-managed and non-vlan capable switches, and in the data center, a core switch with the vlans configured for each floor?
And viewing from a technical perspective, what would be the advantages of deploying in each floor a vlan capable switch configured with the correct vlan?
And which method mentioned above is more common deployed for endpoint floor switches?
Thanks! -
I've 7 accesss switches from which one switch is connected to 2nd switch with RJ 45 Trunk and other switches cascaded with eachother.
My question is ,Is native vlan necessary on all access switches, if yes than ?
Overview:SW1-Trunkport Fa0/1 to SW2-Fa0/13.
SW2-SW3-SW4-SW5-SW6-SW7(Cascading).
SW4-Connected to core switch Trunk port.
Encapsulation type is dotlq and the cascaded switches are in half duplex but the switch that has the RJ45 trunk connectivity with 2nd switch is in Auto duplex and the connectivity for core switch is also in Auto duplex from one of access switch.
Is that affecting speed?Thank you for that.
Last thing I want to know that , can i remove Native Vlans from the uplink and gb ports ,
Is that Necessary to keep in Native Vlan?
If no than why?
interface GigabitEthernet0/1
switchport trunk encapsulation dot1q
switchport trunk native vlan 100******
switchport mode trunk
interface GigabitEthernet0/2
description *** Cascaded to...***
duplex half
switchport trunk encapsulation dot1q
switchport trunk native vlan 100****(Can I remove, if no use?)
switchport mode trunk -
Native Vlan Mismatch on Switch LD connected to
I am running 3 switches each with the same 3 vlans. I also have 2 local directors in failover mode. The primary has interfaces connected to switch one and the secondary has interfaces to switch two. Trunking is disabled on all device ports but enabled on a dedicated fiber connection between the 2 switches
The first vlan is vlan 1 for management
The second is vlan 2 for the gateway side of the local directors
The third is vlan 3 for the server side of the local directors
On the primary switch I am logging CDP messages telling me i have a native vlan mismatch on the 2 local director ports. The secondary switch I dont get these messages.
Any ideas what is going on here and why? Thanks, Art.You mention above " but trunking is enabled on a dedicated fiber connection between the two switches", therefore trunking is enabled.
Because trunked ports need to be assigned to the same native vlan, I would do a "show trunk" and verify that the port used for trunking on each switch, are assigned to the same native vlan, I've seen the mismatch if the are not. That command above is if your switch is using CatalystOS, otherwise, use this command for NativeOS - sh int fast 0/1 switchport and look for the "trunking native mode vlan" number. They must match on each side. To correct the problem, do set vlan 1 4/10 to assign port 4/10 to vlan 1 which, is your management vlan which I assume you've choosen to be your native vlan.
Hope this helps. -
How one Switch identify the Native vlan mismatch
Dear All,
I am using two cisco L2 switches. Both are connected by a trunk link. Unfortunately I configured different native vlan between two switches. Suddenly I got an error that native vlan mismatch. When I changed the configuration Now it's working fine. My question is that how one switch identify that native vlan mismatch(either by Bpdu, cdp or packet). Please mention which of the following used by switch to identify native Vlan mismatch.
Regards,
SanjibSanjib, Karsten,
It's CDP.
Yes, and STP as well if you run a trunk between the two switches. PVST+ and RPVST+ BPDUs have a TLV in their trailer that carries the VLAN number for which the BPDU was originated. If the BPDU is received in a different VLAN (caused by a native VLAN mismatch), the receiving switch will be able to detect it.
Wireshark 1.12.x will be capable of displaying this TLV field in captured PVST+ and RPVST+ BPDUs. Until 1.12.x is released, you may want to try daily builds from:
http://www.wireshark.org/download/automated/
They already incorporate the enhancement.
Best regards,
Peter -
VLAN trunk from switch to router
We have a 2691 cisco router and a Linksys (cisco) 24 port switch.
Each E port is set with a different untagged VLAN ID grouped to G1 uplink port and is tagged
The G1 port then is trunked and is tagged to native VLan 1
One of the router ethernet ports is configued as
interface FastEthernet0/0
description $ETH-LAN$
no ip address
ip flow ingress
duplex auto
speed auto
no cdp enable
interface FastEthernet0/0.1
description $ETH-LAN$
encapsulation dot1Q 1 native
ip address 216.110.213.1 255.255.255.0
ip flow ingress
no snmp trap link-status
no cdp enable
Is this correct ?
Problem is all VLAN E ports on switch cannot get past the router.
Some E ports not with VLAN then default to VLAN 1 and they can function past the router.
The config of the switch was verified with Linksys as being correct which leaves a router config issue
So in short the switch would have 24 VLANs untagged going through trunk which is tagged ending up hitting router and then out WAN ports.
Thanks for any help for cisco and linksys have been no help solving why servers on switch with vlan cannot see past router
JRIs this correct ?
A: The configuration above says that vlan 1 is native vlan, which means the router is expecting a "raw" packet to belong to vlan 1. "raw" packet menas it does not have any vlan id, I do not want to use "tag" coz "tag" might mean something else to Linksys. So, if it's "raw" as in if a PC transmit a packet, it will have no vlan id field.
Problem is all VLAN E ports on switch cannot get past the router.
Some E ports not with VLAN then default to VLAN 1 and they can function past the router.
A: If you mean, they can ping the 216.110.213.1 and beyond 216.110.213.0/24 then that would be expected.
The ports that belongs to other vlans will need a default gateway of their own, they cannot use the vlan 1 gateway because they are in different subnet. from the cofnig above, you only have sub-interface for vlan 1, do you have sub-interface for other vlans? If not, you need it.
The config of the switch was verified with Linksys as being correct which leaves a router config issue
So in short the switch would have 24 VLANs untagged going through trunk which is tagged ending up hitting router and then out WAN ports.
>> This goes back to above, native vlan on cisco router will be the only vlan the router will expect with no vlan id, otherwise, everything the router rx with no vlan id or dot1q encapsulation will be assumed that it belongs to vlan 1. do you have other sub-interfaces on the 2691 for the other 24 vlans?
Please rate all posts. -
Is this considered NATIVE VLAN?
Greetings All I know that the Native VLAN in a switch is VLAN 1
Since my access points needs a native vlan to perform multiple SSID and VLANS etc. If the ACcess pont is sitting on VLAN 20 with an ip address assinged to it from that vlan does that mean VLAN 20 is native?? Sorry for the ignorant question but I am trying to do multiple ssid etcHey Pete,
Have a read of this good doc, here is an excerpt;
The routers and switches that make up the physical infrastructure of a network are managed in a different method than the client PCs that attach to that physical infrastructure. The VLAN these router and switch interfaces are members of is called the Native VLAN (by default, VLAN 1). Client PCs are members of a different VLAN, just as IP telephones are members of yet another VLAN. The administrative interface of the access point or bridge (interface BVI1) are considered and numbered a part of the Native VLAN regardless of what VLANs or SSIDs pass through that wireless device.The switchport config might look like this;
switchport mode trunk
switchport trunk encapsulation dot1q
switchport trunk native vlan 1
switchport trunk allowed vlan 1,10,30
Where vlan 1 is Native and vlan 10 and 30 will be associated with SSID's.
When you use an IEEE 802.1Q trunk port, all frames are tagged except those on the VLAN configured as the "native VLAN" for the port. Frames on the native VLAN are always transmitted untagged and are normally received untagged. Therefore, when an AP is connected to the switchport, the native VLAN configured on the AP must match the native VLAN configured on the switchport.
Note: If there is a mismatch in the native VLANs, the frames are dropped.
This scenario is better explained with an example. If the native VLAN on the switchport is configured as VLAN 12 and on the AP, the native VLAN is configured as VLAN 1, then when the AP sends a frame on its native VLAN to the switch, the switch considers the frame as belonging to VLAN 12 since the frames from the native VLAN of the AP are untagged. This causes confusion in the network and results in connectivity problems. The same happens when the switchport forwards a frame from its native VLAN to the AP.
From this good doc;
Using VLANs with Cisco Aironet Wireless Equipment
http://www.cisco.com/en/US/products/hw/wireless/ps4570/products_configuration_example09186a00801d0815.shtml#vlanap
Hope this helps!
Rob
Please remember to rate helpful posts......... -
Fabric interconnect and Native Vlan
Hi
I just want to ask a simple question
is there any precautions with native vlan between the Switched infrastructure and the Fabric interconnect ?!
I mean can I use any vlan as a native vlan ex.999 "anything but not 1" ?!As a security best practice on trunks carrying multiple VLANs you should not allow the native vlan on the line. When you have a single VLAN going to a device, an end node for example, the port should be configured as an access port with a single data VLAN, and potentially a voice vlan if that will be used.
For example, our N5Ks have a trunk to each of our UCS interconnects. We set the native VLAN on the n5k side to 999. 999 is not in the allowed list for the trunk then, so the native VLAN never makes it to the ucs. On the ucs then, any server that can handle VLANs (esxi for example) we send only tagged VLANs -- no VLAN is marked native, thus accomplishing the same thing as we did for the n5k to FI link.
It is recommended to not leave your native VLAN as 1 as best practice. It's less of a concern if the native VLAN isn't in the allowed list, but to avoid mis configuration issues you should set it to another VLAN. -
Hi,
I cant figure out why this is showing on switches.
Core switch brc-k25-1 is using Native Vlan 1
Access switch c2-k25-5 is using Native Vlan 1
I get the following error message on the access switch:
Jun 27 08:57:40: %SPANTREE-2-RECV_PVID_ERR: Received BPDU with inconsistent peer vlan id 171 on GigabitEthernet1/0/49 VLAN1.
Jun 27 08:57:40: %SPANTREE-2-BLOCK_PVID_PEER: Blocking GigabitEthernet1/0/49 on VLAN0171. Inconsistent peer vlan.
Jun 27 08:57:40: %SPANTREE-2-BLOCK_PVID_LOCAL: Blocking GigabitEthernet1/0/49 on VLAN0001. Inconsistent local vlan.
Jun 27 08:57:40: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan1, changed state to down
Jun 27 08:57:55: %SPANTREE-2-UNBLOCK_CONSIST_PORT: Unblocking GigabitEthernet1/0/49 on VLAN0171. Port consistency restored.
Jun 27 08:57:55: %SPANTREE-2-UNBLOCK_CONSIST_PORT: Unblocking GigabitEthernet1/0/49 on VLAN0001. Port consistency restored.
Jun 27 08:57:55: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan1, changed state to up
Because of the error, I cannot login to the access switch using the native Vlan IP Address.
brc-k25-1 config:
interface GigabitEthernet3/2
description c2-k25-5
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,146,171
switchport mode trunk
logging event link-status
logging event trunk-status
qos trust dscp
tx-queue 1
bandwidth percent 69
tx-queue 2
bandwidth percent 1
tx-queue 3
bandwidth percent 15
priority high
tx-queue 4
bandwidth percent 15
end
brc-k25-1#sh interfaces gigabitEthernet 3/2 switchport
Name: Gi3/2
Switchport: Enabled
Administrative Mode: trunk
Operational Mode: trunk
Administrative Trunking Encapsulation: dot1q
Operational Trunking Encapsulation: dot1q
Negotiation of Trunking: On
Access Mode VLAN: 1 (default)
Trunking Native Mode VLAN: 1 (default)
Administrative Native VLAN tagging: enabled
Voice VLAN: none
Administrative private-vlan host-association: none
Administrative private-vlan mapping: none
Administrative private-vlan trunk native VLAN: none
Administrative private-vlan trunk Native VLAN tagging: enabled
Administrative private-vlan trunk encapsulation: dot1q
Administrative private-vlan trunk normal VLANs: none
Administrative private-vlan trunk associations: none
Administrative private-vlan trunk mappings: none
Operational private-vlan: none
Trunking VLANs Enabled: 1,146,171
Pruning VLANs Enabled: 2-1001
Capture Mode Disabled
Capture VLANs Allowed: ALL
interface Vlan1
ip address 172.27.40.254 255.255.255.02
ip access-group vlan1out out
==================================================
c2-k25-5 config:
c2-k25-5#sh cdp ne
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone,
D - Remote, C - CVTA, M - Two-port Mac Relay
Device ID Local Intrfce Holdtme Capability Platform Port ID
brc-k25-1 Gig 1/0/49 138 R S I WS-C4506 Gig 3/2
interface GigabitEthernet1/0/49
description brc-k25-5
switchport trunk allowed vlan 1,146,171
switchport mode trunk
interface Vlan1
ip address 172.27.40.18 255.255.255.0
interface Vlan146
ip address 172.31.146.1 255.255.255.0
c2-k25-5#sh interfaces gigabitEthernet 1/0/49 switchport
Name: Gi1/0/49
Switchport: Enabled
Administrative Mode: trunk
Operational Mode: trunk
Administrative Trunking Encapsulation: dot1q
Operational Trunking Encapsulation: dot1q
Negotiation of Trunking: On
Access Mode VLAN: 1 (default)
Trunking Native Mode VLAN: 1 (default)
Administrative Native VLAN tagging: enabled
Voice VLAN: none
Administrative private-vlan host-association: none
Administrative private-vlan mapping: none
Administrative private-vlan trunk native VLAN: none
Administrative private-vlan trunk Native VLAN tagging: enabled
Administrative private-vlan trunk encapsulation: dot1q
Administrative private-vlan trunk normal VLANs: none
Administrative private-vlan trunk associations: none
Administrative private-vlan trunk mappings: none
Operational private-vlan: none
Trunking VLANs Enabled: 1,146,171
Pruning VLANs Enabled: 2-1001
Capture Mode Disabled
Capture VLANs Allowed: ALL
Protected: false
Unknown unicast blocked: disabled
Unknown multicast blocked: disabled
Appliance trust: noneThanks for the replies.
I did remove the ACL from the VLAN1 but nothing change. Also the allowed VLAN1 was not included in the trunk allowed before, same result as now.
Jun 30 09:06:40: %SPANTREE-2-RECV_PVID_ERR: Received BPDU with inconsistent peer vlan id 171 on GigabitEthernet1/0/49 VLAN1.
Jun 30 09:06:40: %SPANTREE-2-BLOCK_PVID_PEER: Blocking GigabitEthernet1/0/49 on VLAN0171. Inconsistent peer vlan.
Jun 30 09:06:40: %SPANTREE-2-BLOCK_PVID_LOCAL: Blocking GigabitEthernet1/0/49 on VLAN0001. Inconsistent local vlan.
Jun 30 09:06:41: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan1, changed state to down
Jun 30 09:06:55: %SPANTREE-2-UNBLOCK_CONSIST_PORT: Unblocking GigabitEthernet1/0/49 on VLAN0171. Port consistency restored.
Jun 30 09:06:55: %SPANTREE-2-UNBLOCK_CONSIST_PORT: Unblocking GigabitEthernet1/0/49 on VLAN0001. Port consistency restored.
Jun 30 09:06:56: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan1, changed state to up
We have multiple switches attached to the brc-k25-1 and only 2 switches are affected using VLAN1 management. I had to create another VLAN ID so that I can use that IP Address to SSH. Very weird problem. -
Hi All,
I am connecting 2950 switch port to 6505 switch port, both ports are in trunking mode and allowing only one vlan on the both.
On 6505 switch I set as follows:-
enable> set trunk 2/23 700
enable> set trunk 2/23 nonegotiate dot1q.
On 2950 I set it as follows:
(conf)int f0/23
switchport mode trunk
switchport trunk Native vlan 700
switchport nonegotiate.
when I issue the show logging, I noticed the (Native Vlan missmatch).
when I chang the switch port config on 2950 to the following it doesn't work:-
int f0/23
switchport mode trunk
switchport trunk allowed vlan 700
switchport nonegotiate
when I did the above, the traffic is discarded and subnets 0n the Core 6505 couldn't access subnets on their remote locations.
Could any body tell me the reason of that, and why I am getting Native Message? as well as why it works only if I set 2950 swith port to (trunk Native vlan ,,,, or ,,,, access mode).
thanks...Hi Friend,
On cat6k though you have configured it as trunk and allowed only vlan 700 but still the native vlan is 1 by default.
And you have configured on 2950 native vlan as 700.
So what I will suggest you is to change the native vlan on cat6k switch also to vlan 700
How you can do this on catos is
set vlan 700 2/23
Now what this will do is on cat6k it will make vlan 700 as native on trunk and you can keep the conig on 2950 same
(conf)int f0/23
switchport mode trunk
switchport trunk Native vlan 700
switchport nonegotiate.
or if you just waan a get rid of the error message and keep the config as it was earlier you can also disable CDP on the interface level.
HTH, if yes please rate the post.
Ankur
Maybe you are looking for
-
Balance in vendor recon account is not matching with the balance in subsida
Dear All Balance in vendor recon account is not matching with the balance in subsidary ledger, the recons accounts inthe masters have been changed,how do i reconcile them
-
Hi, I am a pro retoucher, and have looked around for an easy way to put images in some sort of gallery view, but with rollover effects displaying before images and after images if you roll the mouse over them. Any idea if iWeb has any plans in ever p
-
Profile 1 = INACTIVE, Radio power mode = OFF
Hi everyone, I've been struggling this for a moment, and i can't figure it out how to resolve this in turning on the radio power mode. Help pls? Thank you very much. sh cellular 0/0/0 radio Radio power mode = OFF, Reason = Unknown Current Band = None
-
Email set up icon has vanished
I had asked for assistance about my BB 8830 which was no longer re-charging over the weekend. It turned out that the USB port was damaged but because it was under warranty, I received a replacement today. While I was waiting to get home to my PC to "
-
Finding authorization problems in iTunes
Well I was certainly blindsided by this. First, I am the only user on this machine and have never plugged another device into it. I decided to sync my new 3GS to iTunes. At the end of my 5500 song sync I get the message 30 songs could not be transfer