Native VLAN on Cisco Switches

I have a question regarding the default native  vlan, I have a cisco based environment and I set vlan XXX on a native on  trunk links, I also running Multiple Spanning Tree on my switches &  create instances for vlan segregation.
My question is here could I put vlan 1 (default) in any of instance or not?
Thanks & Regards,

With MST, it is not running per VLAN spanning tree, it sends all BPDUs via instance 0 which is called the CIST. These frames are sent untagged via the native VLAN. Normally this is VLAN 1 but if you change it to another VLAN then the BPDUs are sent untagged on that native VLAN.
Regarding if to use instance 0 or not, it is often recommended to create as many instances as you need to create the desired topology (usually two) and put your VLANs in those instances. It's a good pratice to map all your VLANs straight away because changing the instance to VLAN mapping makes the MST region become multi region until they all have the same instance to VLAN mapping.
I would keep all VLANs out of instance 0 but it's definitely possible to have VLANs mapped in instance 0 as well.
Daniel Dib
CCIE #37149
Please rate helpful posts.

Similar Messages

  • Native VLAN on Cisco 3750x vs Cisco 2960S

    Hi,
    I have a scenario where I connect my Cisco switch 2960s with Cisco router 1941 as photo below
    My question is when i connect router with cisco 2960s I config interface Gi1/0/1 as a trunk. everything work fine, I can ping from router to switch(172.16.29.2).
    But when I changed to cisco 3750x, i config interface Gi1/0/1 as a trunk, it cannot ping from router to switch(172.16.29.2). But after I add native vlan 30 on interface Gi1/0/1 I can ping from router to switch (172.16.29.2)
    Any idea why ? is there any different of native vlan on cisco 2960s and 3750x ?
    Thank you for your kind answer
    John

    Hi John
    It seems for me that the 3750 is doing what it should do, if the router do not have subinterfaces and dot1q, it will send traffic without dot1q tag, and the 3750 will drop these packets because they arrive without a tag. That's why native vlan fixes the problem.
    The 2960 should work the same way that 3750 do, so I wonder if there is some differences in the config between the switches.
    Can You share the config for gi0/1 on the router and also the switchportconfig for both switches.
    Also a "show interface gi1/0/1 switchport" for both switches.
    /Mikael

  • How to search/Scan Vlan of cisco switch ports

    Can any one tell me how i can scan/search vlans of cisco switch port through any monitoring tool (orion/solarwinds).
    Consider this scenario as i have no access to switch and i want to know below things:
    1-Vlans created on switch?
    2-which switch port belongs to which vlan id?
    Thanks

    Hi,
    You can do it only with hub in between and also please note that when sniffing with Wireshark on Windows the OS would remove VLAN tag so you may need to use Linux machine.
    Regards,
    Aleksandra

  • Native VLAN on wired switch and wireless AP

    On our 3560g switch we have g0/15 set up as a trunk to connect our wireless AP.
    Port Mode Encapsulation Status Native vlan
    Gi0/15 on 802.1q trunking 35
    Port Vlans allowed on trunk
    Gi0/15 1-4094
    Port Vlans allowed and active in management domain
    Gi0/15 1,10-14,18,20,22,30,35
    Port Vlans in spanning tree forwarding state and not pruned
    Gi0/15 1,10-14,18,20,22,30,35
    On my AP I have the native VLAN as 1.
    From my reading I found that the AP and the switch port should have the same Native vlan on both ends of the trunk. Well my access point will not work unless the AP trunk is on 1 and the switch is on 35. Any ideas?

    dot11 ssid guestwifi
    vlan 20
    authentication open eap eap_methods
    authentication network-eap eap_methods
    authentication key-management wpa
    dot11 ssid nwifi
    vlan 35
    authentication open eap eap_methods
    authentication network-eap eap_methods
    authentication key-management wpa
    guest-mode
    dot11 arp-cache optional
    c
    bridge irb
    interface Dot11Radio0
    no ip address
    no ip route-cache
    encryption mode ciphers aes-ccm tkip
    encryption vlan 35 mode ciphers aes-ccm tkip
    encryption vlan 1 mode ciphers aes-ccm tkip
    encryption vlan 20 mode ciphers aes-ccm tkip
    ssid guestwifi
    ssid raydonwifi
    mbssid
    speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
    channel 2462
    station-role root
    no dot11 extension aironet
    interface Dot11Radio0.1
    encapsulation dot1Q 1 native
    no ip route-cache
    bridge-group 1
    bridge-group 1 block-unknown-source
    no bridge-group 1 source-learning
    no bridge-group 1 unicast-flooding
    bridge-group 1 spanning-disabled
    interface Dot11Radio0.20
    encapsulation dot1Q 20
    no ip route-cache
    bridge-group 20
    bridge-group 20 block-unknown-source
    no bridge-group 20 source-learning
    no bridge-group 20 unicast-flooding
    bridge-group 20 spanning-disabled
    interface Dot11Radio0.35
    encapsulation dot1Q 35
    no ip route-cache
    bridge-group 35
    bridge-group 35 block-unknown-source
    no bridge-group 35 source-learning
    no bridge-group 35 unicast-flooding
    bridge-group 35 spanning-disabled
    interface Dot11Radio1
    no ip address
    no ip route-cache
    shutdown
    encryption mode ciphers tkip
    speed basic-6.0 9.0 basic-12.0 18.0 basic-24.0 36.0 48.0 54.0
    channel 5200
    station-role root bridge
    antenna receive right
    antenna transmit right
    bridge-group 1
    bridge-group 1 spanning-disabled
    interface FastEthernet0
    no ip address
    no ip route-cache
    duplex auto
    speed auto
    interface FastEthernet0.1
    encapsulation dot1Q 1 native
    no ip route-cache
    bridge-group 1
    interface FastEthernet0.20
    encapsulation dot1Q 20
    no ip route-cache
    bridge-group 20
    bridge-group 20 spanning-disabled
    interface FastEthernet0.35
    encapsulation dot1Q 35
    no ip route-cache
    bridge-group 35
    bridge-group 35 spanning-disabled
    interface BVI1
    ip address 192.168.35.12 255.255.255.0
    no ip route-cache
    ip default-gateway 192.168.35.1
    no ip http server
    ip http authentication aaa
    ip http secure-server
    ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
    ip radius source-interface BVI1
    access-list 111 permit tcp any any neq telnet
    snmp-server community home RO
    snmp-server enable traps tty
    control-plane
    bridge 1 route ip
    line con 0
    access-class 111 in
    transport preferred all
    transport output all
    line vty 0 4
    access-class 111 in
    transport preferred all
    transport input all
    transport output all
    line vty 5 15
    access-class 111 in
    transport preferred all
    transport input all
    transport output all
    end

  • Native vlan on 3750 switch

    Is it possible to configure AAA and EAPFAST on a 3750G switch to use a vlan other than vlan1 for management/native vlan?  We are working with RADIUS on Server 2008.

    Hi John,
    Yes, you can do that.
    On 3750 you can take a look at the feature called 802.1x Authentication with VLAN Assignment:
    http://www.cisco.com/en/US/partner/docs/switches/lan/catalyst3750/software/release/12.2_52_se/configuration/guide/sw8021x.html#wp1289244.
    Basically, you define on the RADIUS server what VLAN each User (or User Group) you want to assign, then when the user connects the PC to the port, it authenticates and the RADIUS server returns the required attributes for VLAN assignament to the switch. The switch interprets them and changes the switchport to the configured VLAN.
    The switch will be a simple man-in-the middle during authentication and only processes the RADIUS Reject (if authe fails) or RADIUS Accept (if authe passes).
    The authentication methods like EAP-FAST must be agreed between the RADIUS server (AAA Server) and the PC (AAA supplicant).
    If you want to authenticate users based on certificates you have to use either EAP-FAST, EAP-TLS or EAP-TTLS.
    The most widely spread (which comes by default on WinXP machines) authentication method is PEAP which uses MS-CHAP (username/password) to authenticate users.
    HTH,
    Tiago
    If  this helps you and/or answers your question please mark the question as  "answered" and/or rate it, so other users can easily find it.

  • Creating a private/isolated vlan on Cisco switch

    Hello
    I have many Cisco switches 65xx, 37xx at my company with a lot of vlans already configured.  I need to create a new isolation vlan that will not be able to communicate with my other existing vlans.  We are setting up a NAC solution at my company and we want a vlan that we can send ports to if the computer or device is compromised and cannot talk or risk the existing network (other vlans).  What is the best method to make this happen?
    I have created VLANs in the past but this is my first dealing with private/isolated vlans and would be grateful for any guidance on how I should implement this.

    So are you saying I should just create a new L2 vlan and not configure the vlan interface (which is at L3) for this new vlan so I cannot communicate with any of my existing vlans therefore isolating the new vlan?
    Yes, without an SVI clients in that vlan cannot communicate with anything outside that vlan.
    The only thing that wasn't clear was whether these clients should still be able to access the internet even though they couldn't talk to any other internal vlans. If they did need the internet, or any other remote network, then you would need an SVI but it sounds as though you don't want any external communication for these clients ?
    Jon

  • Configuring VLANs on Cisco switches - help on basics please!

    Hi people.
    I'm buying Cisco switches to my home lab to practice VLAN and have some doubts, would someone kindly help me?
    I'm thinking of buying two 300 series switches for the servers (VMware boxes), configure two separate VLANs for VMs and two other VLANs for desktop computers, in order to simulate a small office with a datacenter and two floors (one VLAN for each floor).
    I presume that the connection between each floor switch and the 300 series core switch will be via trunk mode on both, not access port mode, is that correct?
    Another question: for the desktop switches, the ports that are going to connect to the desktops (which runs windows with non-vlan tagging aware nic), will be configured with the correct VLAN, and the operating system will just communicate normally as if there was no VLAN tag on the frames?
    Since I need inter-vlan routing only on the core switch (the 300 series), for the desktops switches I can purchase some 200 series, right?
    And the last question: presuming that I configure a third VLAN and add a third floor switch, but this time a 100 series switch that is not VLAN capable, so connecting this switch to the 300 switch, will it work, or not?
    Thank you!

    Hi! Thanks for the rapid answers!
    I have a couple more based on the same questions:
    I presume that the connection between each floor switch and the 300 series core switch will be via trunk mode on both, not access port mode, is that correct? - Yes, trunk links are required to carry multiple vlans.
    So, I could also use multiple links with LAG/LACP carrying all vlans between switches?
    And the last question: presuming that I configure a third VLAN and add a third floor switch, but this time a 100 series switch that is not VLAN capable, so connecting this switch to the 300 switch, will it work, or not? - Yes, bit make sure that link between these two switches should be an access link, i.e must carry only third vlan.
    So, If I understand correctly, if having one vlan per floor in an office building, for economical reasons you could deploy simple non-managed and non-vlan capable switches, and in the data center, a core switch with the vlans configured for each floor?
    And viewing from a technical perspective, what would be the advantages of deploying in each floor a vlan capable switch configured with the correct vlan?
    And which method mentioned above is more common deployed for endpoint floor switches?
    Thanks!

  • Native VLan on acess switch

    I've 7 accesss switches from which one switch is connected to 2nd switch with RJ 45 Trunk and other switches cascaded with eachother.
    My question is ,Is native vlan necessary on all access switches, if yes than ?
    Overview:SW1-Trunkport Fa0/1 to SW2-Fa0/13.
    SW2-SW3-SW4-SW5-SW6-SW7(Cascading).
    SW4-Connected to core switch Trunk port.
    Encapsulation type is dotlq and the cascaded switches are in half duplex but the switch that has the RJ45 trunk connectivity with 2nd switch is in Auto duplex and the connectivity for core switch is also in Auto duplex from one of access switch.
    Is that affecting speed?

    Thank you for that.
    Last thing I want to know that , can i remove Native Vlans from the uplink and gb ports ,
    Is that Necessary to keep in Native Vlan?
    If no than why?
    interface GigabitEthernet0/1
    switchport trunk encapsulation dot1q
    switchport trunk native vlan 100******
    switchport mode trunk
    interface GigabitEthernet0/2
    description *** Cascaded to...***
    duplex half
    switchport trunk encapsulation dot1q
    switchport trunk native vlan 100****(Can I remove, if no use?)
    switchport mode trunk

  • Native Vlan Mismatch on Switch LD connected to

    I am running 3 switches each with the same 3 vlans. I also have 2 local directors in failover mode. The primary has interfaces connected to switch one and the secondary has interfaces to switch two. Trunking is disabled on all device ports but enabled on a dedicated fiber connection between the 2 switches
    The first vlan is vlan 1 for management
    The second is vlan 2 for the gateway side of the local directors
    The third is vlan 3 for the server side of the local directors
    On the primary switch I am logging CDP messages telling me i have a native vlan mismatch on the 2 local director ports. The secondary switch I dont get these messages.
    Any ideas what is going on here and why? Thanks, Art.

    You mention above " but trunking is enabled on a dedicated fiber connection between the two switches", therefore trunking is enabled.
    Because trunked ports need to be assigned to the same native vlan, I would do a "show trunk" and verify that the port used for trunking on each switch, are assigned to the same native vlan, I've seen the mismatch if the are not. That command above is if your switch is using CatalystOS, otherwise, use this command for NativeOS - sh int fast 0/1 switchport and look for the "trunking native mode vlan" number. They must match on each side. To correct the problem, do set vlan 1 4/10 to assign port 4/10 to vlan 1 which, is your management vlan which I assume you've choosen to be your native vlan.
    Hope this helps.

  • How one Switch identify the Native vlan mismatch

    Dear All,
    I am using two cisco L2 switches. Both are connected by a trunk link. Unfortunately I configured different native vlan between two switches. Suddenly I got an error that native vlan mismatch. When I changed the configuration Now it's working fine. My question is that how one switch identify that native vlan mismatch(either by Bpdu, cdp or packet). Please mention which of the following used by switch to identify native Vlan mismatch.
    Regards,
    Sanjib

    Sanjib, Karsten,
    It's CDP.
    Yes, and STP as well if you run a trunk between the two switches. PVST+ and RPVST+ BPDUs have a TLV in their trailer that carries the VLAN number for which the BPDU was originated. If the BPDU is received in a different VLAN (caused by a native VLAN mismatch), the receiving switch will be able to detect it.
    Wireshark 1.12.x will be capable of displaying this TLV field in captured PVST+ and RPVST+ BPDUs. Until 1.12.x is released, you may want to try daily builds from:
    http://www.wireshark.org/download/automated/
    They already incorporate the enhancement.
    Best regards,
    Peter

  • VLAN trunk from switch to router

    We have a 2691 cisco router and a Linksys (cisco) 24 port switch.
    Each E port is set with a different untagged VLAN ID grouped to G1 uplink port and is tagged
    The G1 port then is trunked and is tagged to native VLan 1
    One of the router ethernet ports is configued as
    interface FastEthernet0/0
    description $ETH-LAN$
    no ip address
    ip flow ingress
    duplex auto
    speed auto
    no cdp enable
    interface FastEthernet0/0.1
    description $ETH-LAN$
    encapsulation dot1Q 1 native
    ip address 216.110.213.1 255.255.255.0
    ip flow ingress
    no snmp trap link-status
    no cdp enable
    Is this correct ?
    Problem is all VLAN E ports on switch cannot get past the router.
    Some E ports not with VLAN then default to VLAN 1 and they can function past the router.
    The config of the switch was verified with Linksys as being correct which leaves a router config issue
    So in short the switch would have 24 VLANs untagged going through trunk which is tagged ending up hitting router and then out WAN ports.
    Thanks for any help for cisco and linksys have been no help solving why servers on switch with vlan cannot see past router
    JR

    Is this correct ?
    A: The configuration above says that vlan 1 is native vlan, which means the router is expecting a "raw" packet to belong to vlan 1. "raw" packet menas it does not have any vlan id, I do not want to use "tag" coz "tag" might mean something else to Linksys. So, if it's "raw" as in if a PC transmit a packet, it will have no vlan id field.
    Problem is all VLAN E ports on switch cannot get past the router.
    Some E ports not with VLAN then default to VLAN 1 and they can function past the router.
    A: If you mean, they can ping the 216.110.213.1 and beyond 216.110.213.0/24 then that would be expected.
    The ports that belongs to other vlans will need a default gateway of their own, they cannot use the vlan 1 gateway because they are in different subnet. from the cofnig above, you only have sub-interface for vlan 1, do you have sub-interface for other vlans? If not, you need it.
    The config of the switch was verified with Linksys as being correct which leaves a router config issue
    So in short the switch would have 24 VLANs untagged going through trunk which is tagged ending up hitting router and then out WAN ports.
    >> This goes back to above, native vlan on cisco router will be the only vlan the router will expect with no vlan id, otherwise, everything the router rx with no vlan id or dot1q encapsulation will be assumed that it belongs to vlan 1. do you have other sub-interfaces on the 2691 for the other 24 vlans?
    Please rate all posts.

  • Is this considered NATIVE VLAN?

    Greetings All I know that the Native VLAN in a switch is VLAN 1
    Since my access points needs a native vlan to perform multiple SSID and VLANS etc. If the ACcess pont is sitting on VLAN 20 with an ip address assinged to it from that vlan does that mean VLAN 20 is native?? Sorry for the ignorant question but I am trying to do multiple ssid etc

    Hey Pete,
    Have a read of this good doc, here is an excerpt;
    The routers and switches that make up the physical infrastructure of a network are managed in a different method than the client PCs that attach to that physical infrastructure. The VLAN these router and switch interfaces are members of is called the Native VLAN (by default, VLAN 1). Client PCs are members of a different VLAN, just as IP telephones are members of yet another VLAN. The administrative interface of the access point or bridge (interface BVI1) are considered and numbered a part of the Native VLAN regardless of what VLANs or SSIDs pass through that wireless device.The switchport config might look like this;
    switchport mode trunk
    switchport trunk encapsulation dot1q
    switchport trunk native vlan 1
    switchport trunk allowed vlan 1,10,30
    Where vlan 1 is Native and vlan 10 and 30 will be associated with SSID's.
    When you use an IEEE 802.1Q trunk port, all frames are tagged except those on the VLAN configured as the "native VLAN" for the port. Frames on the native VLAN are always transmitted untagged and are normally received untagged. Therefore, when an AP is connected to the switchport, the native VLAN configured on the AP must match the native VLAN configured on the switchport.
    Note: If there is a mismatch in the native VLANs, the frames are dropped.
    This scenario is better explained with an example. If the native VLAN on the switchport is configured as VLAN 12 and on the AP, the native VLAN is configured as VLAN 1, then when the AP sends a frame on its native VLAN to the switch, the switch considers the frame as belonging to VLAN 12 since the frames from the native VLAN of the AP are untagged. This causes confusion in the network and results in connectivity problems. The same happens when the switchport forwards a frame from its native VLAN to the AP.
    From this good doc;
    Using VLANs with Cisco Aironet Wireless Equipment
    http://www.cisco.com/en/US/products/hw/wireless/ps4570/products_configuration_example09186a00801d0815.shtml#vlanap
    Hope this helps!
    Rob
    Please remember to rate helpful posts.........

  • Fabric interconnect and Native Vlan

    Hi
    I just want to ask a simple question
    is there any precautions with native vlan between the Switched infrastructure and the Fabric interconnect ?! 
    I mean can I use any vlan as a native vlan ex.999 "anything but not 1" ?! 

    As a security best practice on trunks carrying multiple VLANs you should not allow the native vlan on the line.  When you have a single VLAN going to a device, an end node for example, the port should be configured as an access port with a single data VLAN, and potentially a voice vlan if that will be used.  
    For example, our N5Ks have a trunk to each of our UCS interconnects.  We set the native VLAN on the n5k side to 999. 999 is not in the allowed list for the trunk then, so the native VLAN never makes it to the ucs.  On the ucs then, any server that can handle VLANs (esxi for example) we send only tagged VLANs -- no VLAN is marked native, thus accomplishing the same thing as we did for the n5k to FI link.
    It is recommended to not leave your native VLAN as 1 as best practice.  It's less of a concern if the native VLAN isn't in the allowed list, but to avoid mis configuration issues you should set it to another VLAN. 

  • SPT Inconsistent Native Vlan

    Hi,
    I cant figure out why this is showing on switches.
    Core switch brc-k25-1 is using Native Vlan 1
    Access switch c2-k25-5 is using Native Vlan 1
    I get the following error message on the access switch:
    Jun 27 08:57:40: %SPANTREE-2-RECV_PVID_ERR: Received BPDU with inconsistent peer vlan id 171 on GigabitEthernet1/0/49 VLAN1.
    Jun 27 08:57:40: %SPANTREE-2-BLOCK_PVID_PEER: Blocking GigabitEthernet1/0/49 on VLAN0171. Inconsistent peer vlan.
    Jun 27 08:57:40: %SPANTREE-2-BLOCK_PVID_LOCAL: Blocking GigabitEthernet1/0/49 on VLAN0001. Inconsistent local vlan.
    Jun 27 08:57:40: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan1, changed state to down
    Jun 27 08:57:55: %SPANTREE-2-UNBLOCK_CONSIST_PORT: Unblocking GigabitEthernet1/0/49 on VLAN0171. Port consistency restored.
    Jun 27 08:57:55: %SPANTREE-2-UNBLOCK_CONSIST_PORT: Unblocking GigabitEthernet1/0/49 on VLAN0001. Port consistency restored.
    Jun 27 08:57:55: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan1, changed state to up
    Because of the error, I cannot login to the access switch using the native Vlan IP Address.
    brc-k25-1 config:
    interface GigabitEthernet3/2
     description c2-k25-5
     switchport trunk encapsulation dot1q
     switchport trunk allowed vlan 1,146,171
     switchport mode trunk
     logging event link-status
     logging event trunk-status
     qos trust dscp
     tx-queue 1
       bandwidth percent 69
     tx-queue 2
       bandwidth percent 1
     tx-queue 3
       bandwidth percent 15
       priority high
     tx-queue 4
       bandwidth percent 15
    end
    brc-k25-1#sh interfaces gigabitEthernet 3/2 switchport
    Name: Gi3/2
    Switchport: Enabled
    Administrative Mode: trunk
    Operational Mode: trunk
    Administrative Trunking Encapsulation: dot1q
    Operational Trunking Encapsulation: dot1q
    Negotiation of Trunking: On
    Access Mode VLAN: 1 (default)
    Trunking Native Mode VLAN: 1 (default)
    Administrative Native VLAN tagging: enabled
    Voice VLAN: none
    Administrative private-vlan host-association: none
    Administrative private-vlan mapping: none
    Administrative private-vlan trunk native VLAN: none
    Administrative private-vlan trunk Native VLAN tagging: enabled
    Administrative private-vlan trunk encapsulation: dot1q
    Administrative private-vlan trunk normal VLANs: none
    Administrative private-vlan trunk associations: none
    Administrative private-vlan trunk mappings: none
    Operational private-vlan: none
    Trunking VLANs Enabled: 1,146,171
    Pruning VLANs Enabled: 2-1001
    Capture Mode Disabled
    Capture VLANs Allowed: ALL
    interface Vlan1
     ip address 172.27.40.254 255.255.255.02
     ip access-group vlan1out out
    ==================================================
    c2-k25-5 config:
    c2-k25-5#sh cdp ne
    Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
                      S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone,
                      D - Remote, C - CVTA, M - Two-port Mac Relay
    Device ID        Local Intrfce     Holdtme    Capability  Platform  Port ID
    brc-k25-1        Gig 1/0/49        138             R S I  WS-C4506  Gig 3/2
    interface GigabitEthernet1/0/49
     description brc-k25-5
     switchport trunk allowed vlan 1,146,171
     switchport mode trunk
    interface Vlan1
     ip address 172.27.40.18 255.255.255.0
    interface Vlan146
     ip address 172.31.146.1 255.255.255.0
    c2-k25-5#sh interfaces gigabitEthernet 1/0/49 switchport
    Name: Gi1/0/49
    Switchport: Enabled
    Administrative Mode: trunk
    Operational Mode: trunk
    Administrative Trunking Encapsulation: dot1q
    Operational Trunking Encapsulation: dot1q
    Negotiation of Trunking: On
    Access Mode VLAN: 1 (default)
    Trunking Native Mode VLAN: 1 (default)
    Administrative Native VLAN tagging: enabled
    Voice VLAN: none
    Administrative private-vlan host-association: none
    Administrative private-vlan mapping: none
    Administrative private-vlan trunk native VLAN: none
    Administrative private-vlan trunk Native VLAN tagging: enabled
    Administrative private-vlan trunk encapsulation: dot1q
    Administrative private-vlan trunk normal VLANs: none
    Administrative private-vlan trunk associations: none
    Administrative private-vlan trunk mappings: none
    Operational private-vlan: none
    Trunking VLANs Enabled: 1,146,171
    Pruning VLANs Enabled: 2-1001
    Capture Mode Disabled
    Capture VLANs Allowed: ALL
    Protected: false
    Unknown unicast blocked: disabled
    Unknown multicast blocked: disabled
    Appliance trust: none

    Thanks for the replies.
    I did remove the ACL from the VLAN1 but nothing change. Also the allowed VLAN1 was not included in the trunk allowed before, same result as now.
    Jun 30 09:06:40: %SPANTREE-2-RECV_PVID_ERR: Received BPDU with inconsistent peer vlan id 171 on GigabitEthernet1/0/49 VLAN1.
    Jun 30 09:06:40: %SPANTREE-2-BLOCK_PVID_PEER: Blocking GigabitEthernet1/0/49 on VLAN0171. Inconsistent peer vlan.
    Jun 30 09:06:40: %SPANTREE-2-BLOCK_PVID_LOCAL: Blocking GigabitEthernet1/0/49 on VLAN0001. Inconsistent local vlan.
    Jun 30 09:06:41: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan1, changed state to down
    Jun 30 09:06:55: %SPANTREE-2-UNBLOCK_CONSIST_PORT: Unblocking GigabitEthernet1/0/49 on VLAN0171. Port consistency restored.
    Jun 30 09:06:55: %SPANTREE-2-UNBLOCK_CONSIST_PORT: Unblocking GigabitEthernet1/0/49 on VLAN0001. Port consistency restored.
    Jun 30 09:06:56: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan1, changed state to up
    We have multiple switches attached to the brc-k25-1 and only 2 switches are affected using VLAN1 management. I had to create another VLAN ID so that I can use that IP Address to SSH. Very weird problem.

  • Native Vlan Missmatch message

    Hi All,
    I am connecting 2950 switch port to 6505 switch port, both ports are in trunking mode and allowing only one vlan on the both.
    On 6505 switch I set as follows:-
    enable> set trunk 2/23 700
    enable> set trunk 2/23 nonegotiate dot1q.
    On 2950 I set it as follows:
    (conf)int f0/23
    switchport mode trunk
    switchport trunk Native vlan 700
    switchport nonegotiate.
    when I issue the show logging, I noticed the (Native Vlan missmatch).
    when I chang the switch port config on 2950 to the following it doesn't work:-
    int f0/23
    switchport mode trunk
    switchport trunk allowed vlan 700
    switchport nonegotiate
    when I did the above, the traffic is discarded and subnets 0n the Core 6505 couldn't access subnets on their remote locations.
    Could any body tell me the reason of that, and why I am getting Native Message? as well as why it works only if I set 2950 swith port to (trunk Native vlan ,,,, or ,,,, access mode).
    thanks...

    Hi Friend,
    On cat6k though you have configured it as trunk and allowed only vlan 700 but still the native vlan is 1 by default.
    And you have configured on 2950 native vlan as 700.
    So what I will suggest you is to change the native vlan on cat6k switch also to vlan 700
    How you can do this on catos is
    set vlan 700 2/23
    Now what this will do is on cat6k it will make vlan 700 as native on trunk and you can keep the conig on 2950 same
    (conf)int f0/23
    switchport mode trunk
    switchport trunk Native vlan 700
    switchport nonegotiate.
    or if you just waan a get rid of the error message and keep the config as it was earlier you can also disable CDP on the interface level.
    HTH, if yes please rate the post.
    Ankur

Maybe you are looking for

  • Balance in vendor recon account is not matching with the balance in subsida

    Dear All Balance in vendor recon account is not matching with the balance in subsidary ledger, the recons accounts inthe masters have been changed,how do i reconcile them

  • Rollovers in iWeb?

    Hi, I am a pro retoucher, and have looked around for an easy way to put images in some sort of gallery view, but with rollover effects displaying before images and after images if you roll the mouse over them. Any idea if iWeb has any plans in ever p

  • Profile 1 = INACTIVE, Radio power mode = OFF

    Hi everyone, I've been struggling this for a moment, and i can't figure it out how to resolve this in turning on the radio power mode. Help pls? Thank you very much. sh cellular 0/0/0 radio Radio power mode = OFF, Reason = Unknown Current Band = None

  • Email set up icon has vanished

    I had asked for assistance about my BB 8830 which was no longer re-charging over the weekend. It turned out that the USB port was damaged but because it was under warranty, I received a replacement today. While I was waiting to get home to my PC to "

  • Finding authorization problems in iTunes

    Well I was certainly blindsided by this. First, I am the only user on this machine and have never plugged another device into it. I decided to sync my new 3GS to iTunes. At the end of my 5500 song sync I get the message 30 songs could not be transfer