Native VLAN on switchport trunk

Is i possible to set more than ONE native vlan on a switchport trunk.
Thanks

Hi there,
Just to clarify, the native vlan is set in the trunk configuration. This means that you can set this per trunk.
You can only have 1 per trunk. If you had more than 1, which one would it send it to??
Hope that clarifys,
LH
Please rate all posts

Similar Messages

Wireless AP native vlan and switch trunk

Hi,
I am unable to ping my ap, i think it is due to the multiple vlan issues, can provide some advise, my config for the ap and switch is as below
AP Config
version 15.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
hostname hostname
logging rate-limit console 9
enable secret 5 $1$ZxN/$eYOf/ngj7vVixlj.wjG2G0
no aaa new-model
ip cef
dot11 syslog
dot11 ssid Personal
   vlan 2
   authentication open
   authentication key-management wpa version 2
   guest-mode
   wpa-psk ascii 7 070E26451F5A17113741595D
crypto pki token default removal timeout 0
username Cisco password 7 1531021F0725
bridge irb
interface Dot11Radio0
no ip address
encryption vlan 2 mode ciphers aes-ccm tkip
ssid Personal
antenna gain 0
stbc
beamform ofdm
station-role root
no dot11 extension aironet
interface Dot11Radio0.2
encapsulation dot1Q 2
bridge-group 2
bridge-group 2 subscriber-loop-control
bridge-group 2 spanning-disabled
bridge-group 2 block-unknown-source
no bridge-group 2 source-learning
no bridge-group 2 unicast-flooding
interface Dot11Radio0.100
encapsulation dot1Q 100 native
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
interface Dot11Radio1
no ip address
encryption vlan 2 mode ciphers aes-ccm tkip
ssid Personal
antenna gain 0
no dfs band block
stbc
beamform ofdm
channel dfs
station-role root
interface Dot11Radio1.2
encapsulation dot1Q 2
bridge-group 2
bridge-group 2 subscriber-loop-control
bridge-group 2 spanning-disabled
bridge-group 2 block-unknown-source
no bridge-group 2 source-learning
no bridge-group 2 unicast-flooding
interface Dot11Radio1.100
encapsulation dot1Q 100 native
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
interface GigabitEthernet0
no ip address
duplex auto
speed auto
interface GigabitEthernet0.2
encapsulation dot1Q 2
bridge-group 2
bridge-group 2 spanning-disabled
no bridge-group 2 source-learning
interface GigabitEthernet0.100
encapsulation dot1Q 100 native
bridge-group 1
bridge-group 1 spanning-disabled
no bridge-group 1 source-learning
interface BVI1
ip address 192.168.1.100 255.255.255.0
ip default-gateway 192.168.1.1
ip forward-protocol nd
ip http server
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
bridge 1 route ip
line con 0
line vty 0 4
password 7 01181101521F
login
transport input all
end
Switch Port config
interface FastEthernet1/0/10
switchport trunk native vlan 100
switchport mode trunk

I will re-check the routing again but could it be some bridging issues ?
interface GigabitEthernet0
no ip address
duplex auto
speed auto
**** unable to put up this command on the giga port
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
I try to put this command on the gigaethernet port but it does not allow me, could this be the bridging issue ?

VLAN DOT1Q, SWITCHPORT TRUNK NATIVE VLAN, and VLAN1

Hi All,
L2 security documents suggest to avoid using vlan1 and tagging all frames with vlan IDs using the global configuration of vlan dot1q. Other Cisco non-security documents suggest using the switchport trunk native vlan # which removes any vlan tagging. It seems to me that the global vlan dot1q command and the interface switchport trunk native vlan # are contradictory; therefore, both should not be used. Furthermore, my understanding is to avoid using vlan 1 to tighten L2 security. When vlan 1 is removed from all trunked uplinks, user access ports are other than vlan 1, and no spanning-tree vlan 1 operations exists, what is the native vlan 1 actually used for?. The output of show interface gi0/1 trunk shows the native vlan as 1.
Thanks,
HC

Hi HC,
the command "switchport trunk native vlan" is used to define the native (untagged vlan) on a dot1q link. The default is 1, but you can change it to anyting you like. But it does only change the native vlan, all the others vlan on the trunk are of course tagged (and it only applies to dot1q, as ISL "taggs/encapsulates" all the vlans). The command "vlan dot1q tag native" is mostly used in dot1qindot1q tunnels, where you tunnel a dot1q trunk within a dot1q trunk. Thats something mostly service Providers offer to there customers. There it is important that there is no untagged traffic, as that would not work with dot1qindot1q. This command tagges the native vlan traffic, and drops all traffic which is not tagged.
Whatfor is the native VLAN? Switches send control PDU such as STP,CDP or VTP over the native VLAN.
If you don't happen to be a service Provider for L2 metropolitan Ethernet, you wan't need the "vlan dot1q tag native" command. For my part I'm trying not to use vlan 1 everywhere in my campus, because it gives a huge spanningtree topology and if you ever get a switch to blow a heavy load of traffic into it, you have your whole campus network degradet. I try to keep Vlan's a small as possible and to have as much L3 separaton as possible, that's good for the stability!
Simon

Switchport trunk native vlan & switchport access vlan dual configuration

I've discovered this dual configuration on a 3500xl switch while troubleshooting an incrementing runts issue. Could the config of this port be related to the issue at hand?
port configuration:
interface FastEthernet0/3
duplex full
speed 100
switchport access vlan 203
switchport trunk encapsulation dot1q
switchport trunk native vlan 203
switchport trunk allowed vlan 1,203,204,220,1002-1005
switchport mode trunk
spanning-tree portfast

Hi,
The 'switchport access vlan' command will have no effect on the configuration you have on this port. The port will operate as a trunk and will dis-regard any config that pertains to an access port.
Hope that helps ...
Paresh

ASA5585-X Switchport Trunk ask security expert

Hi, I have ASA5585-X version 9.1 and asdm version 7.1
have alot of diffrent vlans on the asr router. asr router have a subif with vlans. asa 5585 are behind to asr router. want to setting up asa 5585 switch ports trunk mode. is it possible?
Topology are below.
ISP -> Cisco ASR with bgp and subif and gateway for the vlans -> ASA5585 all ip addresses security configrations -> Cisco 6500 aggregations switch -> Cisco 2960 cabinets switchs -> Servers

I can't speak to the ASR router configuration, but you can definitely have trunk ports on the ASA side. What has worked for me between 3750 switches and assorted generations of ASA hardware and software is configurations like:
On the switch you set it to mode trunk with negotiation off:
interface GigabitEthernet1/0/38
switchport trunk encapsulation dot1q
switchport trunk native vlan 400
switchport trunk allowed vlan 1,430-435,543-545
switchport mode trunk
switchport nonegotiate
On the ASA you put the parent physical interface into "no shutdown" state and then set up subinterfaces with vlan tags:
interface GigabitEthernet0/3
description trunk port
no nameif
no security-level
no ip address
interface GigabitEthernet0/3.543
description first subinterface
vlan 543
nameif whatever
security-level 80
ip address 192.0.2.1 255.255.255.0
-- Jim Leinweber, WI State Lab of Hygiene

Does it need add the native vlan to allowed vlan list ?

If I confiured the port like this "
switchport trunk native vlan 10
switchport trunk allowed vlan 11,12"
does the vlan 10 allowed passing ? or it still need add vlan 10 to the allowed vlan list like "
switchport trunk native vlan 10
switchport trunk allowed vlan 10,11,12"
Thanks

Yes you can remove the native VLAN from the list, and it does prevent the native VLAN from traversing the trunk. That is, if you look at the Spanning Tree for the native VLAN, the trunk will be absent from the list of ports on the VLAN.
The question of untagged frames is a different one. There are some control protocols, particularly link-local ones, that are sent untagged, and these will traverse the trunk regardless. However, they are not considered as part of the native VLAN Spanning Tree as such.
But beware: there is a bug in earlier IOS and in all CatOS switches! If you use a non-1 VLAN as your trunk native VLAN, and you disallow it from the trunks, and there are no other ports carrying that native VLAN, then the Spanning Tree for that VLAN shut down. That is fair enough. But the bug is that the Spanning Tree for VLAN 1 also breaks down, sending your network into meltdown.
Kevin Dorrell
Luxembourg

SG-300 52p POE and the case of Native vlan forgotten on a Port-channel

Hi
We have recently changed our access switched to Cisco Small Business SG-300 52p on which is working firmware
SW version 1.3.5.58
We found out a very annoying problem on Port-channel and default vlan topic.
Our switch have a default vlan diffrent to the vlan 1 that depends on the floor they are, and this native vlan is at first defined on the portchannel of our central switch, a Cisco 3750
Example of a central switch port-channel with a define native vlan:
interface Port-channel2
description TO 1F
switchport trunk encapsulation dot1q
switchport trunk native vlan 6
switchport trunk allowed vlan 4-6,11,13
switchport mode trunk
on the SG300 side the configuration is this:
interface Port-channel2
description 1F
switchport trunk allowed vlan add 4-5,11,13
!next command is internal.
macro auto smartport dynamic_type switch
As you can see there is no "switchport trunk native vlan 6" simply because the SG300 once i write it on the command line, it accepts the command but the command sentence is not written on the conf (why?!)
the result is that everytime the SG300 is restarted on the port-channel i got two AUTO CREATED commands on the configuration "
switchport trunk native vlan 1
switchport default-vlan tagged
that let not work the network on that floor until i manually write on the SG300
no switchport default-vlan tagged
switchport trunk native vlan 6
These command, as said, works once i write them but are not viewed on a "sh run" and so saved on the conf so every time SG 300 is restarted i need to re-write them.
Is this a bug?
have i made some mistake?
Please let me know
regards
Pietro

Figure out!
the problem was on macro i have to write this:
macro auto processing type switch disabled
and then everything starts going as it should be
Regards
Pietro

FIP and Native VLAN

Hello,
according to documentation, FIP uses native vlan for FCoE VLAN discovery. Is it necessary to trunk native VLAN on the CNA port of a switch facing a server? For example if e1/1 is connected to a host and I'm using VLAN10 for data and VLAN100 for storage, and my native vlan is VLAN1, should the configuration be:
interface Ethernet1/1
switchport mode trunk
switchport trunk native vlan 1
switchport trunk allowed vlan 1,10,100
spanning-tree port type edge trunk
OR is it sufficient to have:
interface Ethernet1/1
switchport mode trunk
switchport trunk allowed vlan 10,100
spanning-tree port type edge trunk
Another alternative, which takes into account that host may not tag it's data traffic:
interface Ethernet1/1
switchport mode trunk
switchport trunk native vlan 10
switchport trunk allowed vlan 10,100
spanning-tree port type edge trunk
Is it really a must to trunk native VLAN? In my lab it works either way.

FIP VLAN Discovery
FIP VLAN discovery discovers the FCoE VLAN that will be used by all other FIP protocols as well as by the FCoE encapsulation for Fibre Channel payloads on the established virtual link. One of the goals of FC-BB-5 was to be as nonintrusive as possible on initiators and targets, and therefore FIP VLAN discovery occurs in the native VLAN used by the initiator or target to exchange Ethernet traffic. The FIP VLAN discovery protocol is the only FIP protocol running on the native VLAN; all other FIP protocols run on the discovered FCoE VLANs.
The ENode sends a FIP VLAN discovery request to a multicast MAC address called All-FCF-MACs, which is a multicast MAC address to which all FCFs listen. All FCFs that can be reached in the native VLAN of the ENode are expected to respond on the same VLAN with a response that lists one or more FCoE VLANs that are available for the ENode's VN_Port login. This protocol has the sole purpose of allowing the ENode to discover all the available FCoE VLANs, and it does not cause the ENode to select an FCF.

Native vlan query

(CE)--Trunk-port-via.wi-max-device--(PE-Switch)--Trunk port--(PE-Router)
In above scenario suppse CE router is unable to create sub-interface so to communicate with PE router I have used
switchport trunk native vlan 834 and it's working
But when I use
encapsulation dot1Q 834 native on router sub-interface it is not working
##########Working config#################
PE-Switch#
interface FastEthernet1/0/5
switchport trunk encapsulation dot1q
switchport trunk native vlan 834
switchport trunk allowed vlan 503,834
switchport mode trunk
speed 100
duplex full
PE-Router#
interface GigabitEthernet1/0/1.834
bandwidth 128
encapsulation dot1Q 834
ip vrf forwarding ABC
ip address 172.34.63.69 255.255.255.252
end
PE-Router#ping vrf ABC 172.34.63.70
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.34.63.70, timeout is 2 seconds:
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/3/4 ms
##########Non-Working config#################
PE-Switch#
interface FastEthernet1/0/5
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 503,834
switchport mode trunk
speed 100
duplex full
PE-Router#
interface GigabitEthernet1/0/1.834
bandwidth 128
encapsulation dot1Q 834 native
ip vrf forwarding ABC
ip address 172.34.63.69 255.255.255.252
end
PE-Router#ping vrf ABC 172.34.63.70
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.34.63.70, timeout is 2 seconds:
Success rate is 0 percent (0/5)
Thanks & Regards
Mahesh

Hi,
I'm confused with your configuration because the switchport trunk native vlan 834 command is gone in your non-working configuration.
Also is Fas1/0/5 connected to your CE or PE-Router.
Let's say Fas1/0/5 is connected to your CE and 1/0/6 to your PE-Router. A working configuration should be:
PE-Switch#
interface FastEthernet1/0/5
switchport trunk encapsulation dot1q
switchport trunk native vlan 834
switchport trunk allowed vlan 503,834
switchport mode trunk
speed 100
duplex full
interface FastEthernet1/0/6
switchport trunk encapsulation dot1q
switchport trunk native vlan 834
switchport trunk allowed vlan 503,834
switchport mode trunk
speed 100
duplex full
PE-Router#
interface GigabitEthernet1/0/1.834
bandwidth 128
encapsulation dot1Q 834 native
ip vrf forwarding ABC
ip address 172.34.63.69 255.255.255.252
end
Be sure your native VLAN is consistant on all your trunk or you could have traffic leaking between VLAN 1 (default native VLAN) and VLAN 834
HTH
Laurent.

1200: Native VLAN & Management VLAN

I want to keep the management VLAN and native VLAN seperate. Is this the correct setup when using VLAN 999 as the native VLAN and VLAN 100 for the management VLAN.
Management VLAN 100 (10.100.0.0/24)
### Trunk SW ###
description "AP"
switchport trunk encapsulation dot1q
switchport trunk native vlan 999
switchport trunk allowed vlan
switchport mode trunk
switchport nonegotiate
speed 100
duplex full
### AP ###
interface Dot11Radio0
no ip address
no ip route-cache
encryption vlan 99 key 1 size 128bit 7 3831CB248113D952741376BEC352 transmit-key
encryption vlan 99 mode wep mandatory
encryption vlan 11 mode ciphers tkip
ssid xoxoxo
vlan 11
authentication open eap eap_methods
authentication network-eap eap_methods
authentication key-management wpa
ssid xxx
vlan 99
authentication network-eap eap_methods
speed basic-1.0 basic-2.0 basic-5.5 basic-11.0
rts threshold 2312
station-role root
interface Dot11Radio0.11
encapsulation dot1Q 11
no ip route-cache
bridge-group 11
bridge-group 11 subscriber-loop-control
bridge-group 11 block-unknown-source
no bridge-group 11 source-learning
no bridge-group 11 unicast-flooding
bridge-group 11 spanning-disabled
interface Dot11Radio0.99
encapsulation dot1Q 99
no ip route-cache
bridge-group 99
bridge-group 99 subscriber-loop-control
bridge-group 99 block-unknown-source
no bridge-group 99 source-learning
no bridge-group 99 unicast-flooding
bridge-group 99 spanning-disabled
interface dot11radio 0.999
encapsulation dot1q 999 native
interface dot11radio 0.100
encapsulation dot1q 100
interface FastEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
ntp broadcast client
interface FastEthernet0.11
encapsulation dot1Q 11
no ip route-cache
bridge-group 11
no bridge-group 11 source-learning
bridge-group 11 spanning-disabled
interface FastEthernet0.99
encapsulation dot1Q 99
no ip route-cache
bridge-group 99
no bridge-group 99 source-learning
bridge-group 99 spanning-disabled
interface fastethernet 0.999
encapsulation dot1q 999 native
interface fastethernet 0.100
encapsulation dot1q 100
interface BVI100
ip address 10.100.0.110 255.255.255.0
no ip route-cache
ip default-gateway 10.100.0.1

This looks correct to me. Do you have a non_root bridge on their other side?
Are you able to trunk all 4 VLANS with this config?

1240 AP does not honor native vlan diffent then 1

Hi,
I stumple with a cracy issue and hope someone have an idea what is going wrong.
I have an older 1240 Autonomous AP where I cannot figure out why the device is using vlan1 instead the required vlan 1616 for management traffic.
Anyway clients can connect, getting IP adresses and traffic is routed but the ap can be managed only via serial console cable or temp. by configuring
the port on the 3750 from trunk to an access port.
1240 config.
version 12.4
hostname ap
dot11 mbssid
dot11 ssid vlan1621
   vlan 1621
dot11 ssid vlan1630
   vlan 1630
bridge irb
interface Dot11Radio0
no ip address
no ip route-cache
encryption vlan 1621 mode ciphers aes-ccm
encryption vlan 1630 mode ciphers aes-ccm tkip
ssid vlan1621
ssid vlan1630
station-role root
no cdp enable
interface Dot11Radio0.21
encapsulation dot1Q 1621
no ip route-cache
bridge-group 21
interface Dot11Radio0.30
encapsulation dot1Q 1630
no ip route-cache
bridge-group 30
interface FastEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
interface FastEthernet0.16
encapsulation dot1Q 1616 native
no ip route-cache
bridge-group 1
interface FastEthernet0.21
encapsulation dot1Q 1621
no ip route-cache
bridge-group 21
interface FastEthernet0.30
encapsulation dot1Q 1630
no ip route-cache
bridge-group 30
interface BVI1
ip address 192.168.16.11 255.255.255.0
ip helper-address 192.168.18.20
no ip route-cache
ip default-gateway 192.168.16.1
bridge 1 route ip
3750g config:
interface GigabitEthernet1/0/39
switchport trunk encapsulation dot1q
switchport trunk native vlan 1616
switchport trunk allowed vlan 1616-1630
switchport mode trunk
switchport nonegotiate
Changing the bridge-group on the fa0.16 subinterface from 1 to anything different was also without success.
tested 1240 firmware: c1240-k9w7- 123-8.JA2 / 124-25d.JA1 / 124-25d.JA2

Hi
I have applied your config onto 1252 AP directly connect to 3560 switch as shown below & config works as expected.
+++++++ Switch Config ++++++
vlan 1616,1621,1630
interface GigabitEthernet0/1
switchport trunk encapsulation dot1q
switchport trunk native vlan 1616
switchport trunk allowed vlan 1616-1630
switchport mode trunk
interface Vlan1616
ip address 192.168.16.1 255.255.255.0
++++++++++ AP Config ++++++++++
dot11 ssid vlan1621
vlan 1621
dot11 ssid vlan1630
vlan 1630
interface Dot11Radio0
encryption vlan 1621 mode ciphers aes-ccm
encryption vlan 1630 mode ciphers aes-ccm tkip
ssid vlan1621
ssid vlan1630
interface Dot11Radio0.21
encapsulation dot1Q 1621
bridge-group 21
interface Dot11Radio0.30
encapsulation dot1Q 1630
bridge-group 30
interface GigabitEthernet0.16
encapsulation dot1Q 1616 native
bridge-group 1
interface GigabitEthernet0.21
encapsulation dot1Q 1621
bridge-group 21
interface GigabitEthernet0.30
encapsulation dot1Q 1630
bridge-group 30
interface BVI1
ip address 192.168.16.11 255.255.255.0
ip default-gateway 192.168.16.1
AAP1#ping 192.168.16.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.16.1, timeout is 2 seconds:
If it does not work for you, I would check vlan 1616 is available in all your switches upto where SVI for vlan 1616 defined.
In your case interface vlan 1616 defined on AP directly connected switch ?
HTH
Rasika
**** Pls rate all useful resposnes ****

Is this considered NATIVE VLAN?

Greetings All I know that the Native VLAN in a switch is VLAN 1
Since my access points needs a native vlan to perform multiple SSID and VLANS etc. If the ACcess pont is sitting on VLAN 20 with an ip address assinged to it from that vlan does that mean VLAN 20 is native?? Sorry for the ignorant question but I am trying to do multiple ssid etc

Hey Pete,
Have a read of this good doc, here is an excerpt;
The routers and switches that make up the physical infrastructure of a network are managed in a different method than the client PCs that attach to that physical infrastructure. The VLAN these router and switch interfaces are members of is called the Native VLAN (by default, VLAN 1). Client PCs are members of a different VLAN, just as IP telephones are members of yet another VLAN. The administrative interface of the access point or bridge (interface BVI1) are considered and numbered a part of the Native VLAN regardless of what VLANs or SSIDs pass through that wireless device.The switchport config might look like this;
switchport mode trunk
switchport trunk encapsulation dot1q
switchport trunk native vlan 1
switchport trunk allowed vlan 1,10,30
Where vlan 1 is Native and vlan 10 and 30 will be associated with SSID's.
When you use an IEEE 802.1Q trunk port, all frames are tagged except those on the VLAN configured as the "native VLAN" for the port. Frames on the native VLAN are always transmitted untagged and are normally received untagged. Therefore, when an AP is connected to the switchport, the native VLAN configured on the AP must match the native VLAN configured on the switchport.
Note: If there is a mismatch in the native VLANs, the frames are dropped.
This scenario is better explained with an example. If the native VLAN on the switchport is configured as VLAN 12 and on the AP, the native VLAN is configured as VLAN 1, then when the AP sends a frame on its native VLAN to the switch, the switch considers the frame as belonging to VLAN 12 since the frames from the native VLAN of the AP are untagged. This causes confusion in the network and results in connectivity problems. The same happens when the switchport forwards a frame from its native VLAN to the AP.
From this good doc;
Using VLANs with Cisco Aironet Wireless Equipment
http://www.cisco.com/en/US/products/hw/wireless/ps4570/products_configuration_example09186a00801d0815.shtml#vlanap
Hope this helps!
Rob
Please remember to rate helpful posts.........

H-REAP Issues: Clients get dropped onto Native VLAN on one AP

Hi,
I have a wireless deployment consisting of 2 WLC's centrally located in two data centres, with WCS managing the WLC's. There are currently two sites with wireless. Each site is it's own AP Group with different SSIDs at both sites.
The site where I am having an issue with H-REAP has 48 AP's installed across a number of floors.
The problem I am experiencing is that when clients get associated to one specific AP, they will successfully connect to the SSID, but are getting dropped into the native VLAN (VLAN 23) instead of the VLAN (VLAN 22) that is mapped to the SSID. The clients get an IP address from the native VLAN and can access the corporate network, but due to firewall rules they cannot get access to some key corporate assets, as the native VLAN (VLAN 23) is not included in a specific firewall group for wireless clients. Clients connected to the same SSID but on a different AP are getting dropped into the correct VLAN (VLAN 22).
The switchport configuration for the one AP that is having issues is specifically below:
interface GigabitEthernet5/47
description *** Wireless AP ***
switchport access vlan 23
switchport trunk native vlan 23
switchport trunk allowed vlan 22,23
switchport mode trunk
spanning-tree portfast trunk
spanning-tree bpduguard enable
spanning-tree guard root
However, this configuration is the same across all AP connected switchports. The switchport is trunking correctly:
show int gi5/47 trunk
Port        Mode             Encapsulation Status        Native vlan
Gi5/47      on               802.1q         trunking      23
Port        Vlans allowed on trunk
Gi5/47      22-23
Port        Vlans allowed and active in management domain
Gi5/47      22-23
Port        Vlans in spanning tree forwarding state and not pruned
Gi5/47      22-23
I have attached a screenshot of the AP configuration from WCS. As can be seen, the AP is configured for H-REAP, with the Native VLAN set, and the SSID-to-VLAN mappings also set.
I have tried doing a configuration reset on this AP and re-configuring it from scratch, but it still exhibits the same behaviour.
Does anyone have any ideas on what I can do to resolve this problem?
Thanks in advance.

I have built an interface of the 2106 for VLAN5 and the interfaces for the 2106 and the bridges are built as trunks and all vlans are allowed. If I plug in a laptop on the 3560 in the new building, and the port is assigned to VLAN5, I get an address and can surf out just fine. I will scrub the 2106 & 3750 configs and try and upload them. To further test I moved the DHCP scope onto the 2106 and my wireless client is able to get an address from the 2106, I can ping the interface on the 2106 (192.168.5.2) I just cant connect to the 3750 switch.

Native VLAN question

I asked this in another forum, but was hoping for some other explanations...
switchport mode trunk
switchport native vlan 80
switchport trunk allowed vlan 50, 80
Can someone provide a line by line explanation of whats being done?
If I understand correctly, the first line lets ALL vlans through this port. The second line lets all untagged traffic that comes from VLAN 80 through. Line three perplexes me, because if we are trunking the port (letting all VLANs through) why explicitly let these two VLANs through when they are already allowed.
Thank you.

Hi
"switchport mode trunk" means configure the link as a trunk link ie. a link that can carry traffic for multiple vlans. By default it will allow all vlans.
"switchport native vlan 80" means the vlan on the trunnk link that will not be tagged will be vlan 80. So all other vlan traffic is tagged but not this vlan.
"switchport trunk allowed vlan 50, 80" means only allow vlan 50 and vlan 80 traffic across this link. There a number of reasons you may want to do this. Perhaps at the other end of the link you know that the switch only has ports in vlan 50 and vlan 80 so there is no need to forward traffic for any other vlan. By not allowing those vlans across the trunk you not only stop broadcast traffic from going across the trunk (which can be achieved with the "vtp pruning" command) but you also stop STP for any other vlans than 50 & 80 across the link.
HTH
Jon

FCoE Native VLAN Configuration

Hi
One question about FCoE Configuration
Is better to permit the Native VLAN (FIP VLAN) in the allowed trunk vlans or just left it in the native vlan configuration
Here the two choices showing my doubt
VLAN 1197
name FIP_VLAN
VLAN 1198
name FCOE_VLAN
fcoe vsan XX
01)
interface EthernetX/X
switchport
switchport mode trunk
switchport trunk native vlan 1197
switchport trunk allowed vlan 1197,1198
spanning-tree port type edge trunk
or
02)
interface EthernetX/X
switchport
switchport mode trunk
switchport trunk native vlan 1197
switchport trunk allowed vlan 1198
spanning-tree port type edge trunk

Hi,
Usually when you add it to the trunk as native, you don't to add again. So, option-2
HTH

Native VLAN on switchport trunk

Similar Messages

Maybe you are looking for