Native vlan query

(CE)--Trunk-port-via.wi-max-device--(PE-Switch)--Trunk port--(PE-Router)
In above scenario suppse CE router is unable to create sub-interface so to communicate with PE router I have used
switchport trunk native vlan 834 and it's working
But when I use
encapsulation dot1Q 834 native on router sub-interface it is not working
##########Working config#################
PE-Switch#
interface FastEthernet1/0/5
switchport trunk encapsulation dot1q
switchport trunk native vlan 834
switchport trunk allowed vlan 503,834
switchport mode trunk
speed 100
duplex full
PE-Router#
interface GigabitEthernet1/0/1.834
bandwidth 128
encapsulation dot1Q 834
ip vrf forwarding ABC
ip address 172.34.63.69 255.255.255.252
end
PE-Router#ping vrf ABC 172.34.63.70
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.34.63.70, timeout is 2 seconds:
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/3/4 ms
##########Non-Working config#################
PE-Switch#
interface FastEthernet1/0/5
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 503,834
switchport mode trunk
speed 100
duplex full
PE-Router#
interface GigabitEthernet1/0/1.834
bandwidth 128
encapsulation dot1Q 834 native
ip vrf forwarding ABC
ip address 172.34.63.69 255.255.255.252
end
PE-Router#ping vrf ABC 172.34.63.70
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.34.63.70, timeout is 2 seconds:
Success rate is 0 percent (0/5)
Thanks & Regards
Mahesh

Hi,
I'm confused with your configuration because the switchport trunk native vlan 834 command is gone in your non-working configuration.
Also is Fas1/0/5 connected to your CE or PE-Router.
Let's say Fas1/0/5 is connected to your CE and 1/0/6 to your PE-Router. A working configuration should be:
PE-Switch#
interface FastEthernet1/0/5
switchport trunk encapsulation dot1q
switchport trunk native vlan 834
switchport trunk allowed vlan 503,834
switchport mode trunk
speed 100
duplex full
interface FastEthernet1/0/6
switchport trunk encapsulation dot1q
switchport trunk native vlan 834
switchport trunk allowed vlan 503,834
switchport mode trunk
speed 100
duplex full
PE-Router#
interface GigabitEthernet1/0/1.834
bandwidth 128
encapsulation dot1Q 834 native
ip vrf forwarding ABC
ip address 172.34.63.69 255.255.255.252
end
Be sure your native VLAN is consistant on all your trunk or you could have traffic leaking between VLAN 1 (default native VLAN) and VLAN 834
HTH
Laurent.

Similar Messages

Changing Default Native VLAN

Hi,
     We are using CISCO 3750-G Switch as Core Switch. VLAN1 is being our Native VLAN since the implementation.
This switch is connected with 10 numbers of CISCO 2960 Switches by trunking ports. IP addresses assigned for L2 Switches from VLAN1 only.
Now I want to change the Default Native VLAN from 1 to some other.
My query is is there any pre-requesties to change Native VLAN or Can I change to Native VLAN ID simply?
Looking forward support.
Regards,
Ramesh Balachandran

HI Ramesh,
Native VLAN will come into picture if you use trunks in your switches. Procedure to change the native VLAN.
1) conf ter
    interface
    switchport trunk native vlan
CAUTION: If you are chaning the native VLAN only one end the spanning-tree for the orginal native vlan and the changed native vlan will go into inconsistency state and will be blocked.
In the below example on the local end(Native VLAN chosen is 2 and the remote end is 1)
3750#sh spanning-tree int gi1/8
Vlan                Role Sts Cost      Prio.Nbr Type
VLAN0001            Desg BKN*4         128.8    P2p *PVID_Inc
VLAN0002            Desg BKN*4         128.8    P2p *PVID_Inc
Thanks & Regards,
Karthick Murugan
CCIE#39285

How to get info over snmp on cisco switch whether native vlan on a port is tagged or not?

Hi!
I want to know which oid(s) should I query to know whether native vlan on trunk port on cisco switch is tagged or not?
I am querying the oid .1.3.6.1.4.1.9.9.46.1.6.3.0 (vlanTrunkPortsDot1qTag) on cisco 3560 (E Series) and I am getting global value. Also, this OID is showing as deprecated. So I query .1.3.6.1.4.1.9.9.246.1.6 (cltcDot1qAllTagged) and its subtree, but no value is returned.
Switch Version is
Cisco IOS Software, C3560E Software (C3560E-UNIVERSALK9-M), Version 12.2(50)SE2

Keep in mind that DHCP is a broadcast packet to start. So the AP can only listen in the subnet that it has an IP address for.
Now, for any other subnet you can use the AP for DHCP but you have to have an IP helper address on your L3 pointing back to the AP.
That being said, I wouldn't use the DHCP server on the AP as it is limited. You'd be better off using a Microsoft server or some other device that is designed for DHCP.
HTH,
Steve

The difference between IEEE802.1Q Native VLAN sub-interface and Physical interface?

Hello
I think the following topologies are supported for Cisco Routers
And the Physical interface also can be using as Native VLAN interface right?
Topology 1.
R1 Gi0.1 ------ IEEE802.1Q Tunneling L2SW ------ Gi0 R2
R1 - configuration
interface GigabitEthernet0.1
encapsulation dot1Q 1 native
ip address 10.0.0.1 255.255.255.0
Topology 2.
R1 Gi0 ------ IEEE802.1Q Tunneling L2SW ------ Gi0 R2
interface GigabitEthernet0
ip address 10.0.0.1 255.255.255.0
And is it ok to use the physical interface and sub-interface with dynamic routing such as EIGRP or OSPF etc?
R1 Gi 0 ---- Point to Multipoint EIGRP or OSPF ---- Gi0 R2 / R3
Gi 0.20--- Point to Point EIGRP or OSPF --- Gi0.10 R4 (same VLAN-ID)
R1 - configuration
interface GigabitEthernet0
ip address 10.0.0.1 255.255.255.0
interface GigabitEthernet8.20
encapsulation dot1Q 20
ip address 20.0.0.1 255.255.255.0
Any information is very appreciated. but if there is any CCO document please let me know.
Thank you very much and regards,
Masanobu Hiyoshi

Hello,
The diagram is helpful.
If I am getting you correctly, you have three routers interconnected by a switch, and you want them to operate in a hub-and-spoke fashion even though the switch is capable of allowing direct communication between any of these routers.
Your first scenario is concerned with all three routers being in the same VLAN, and by using neighbor commands, you force these routers to establish targeted EIGRP adjacencies R1-R2 and R1-R3, with R1 being the hub.
Your second scenario is concerned with creating one VLAN per spoke, having subinterfaces for each spoke VLAN created on R1 as the router, and putting each spoke just in its own VLAN.
Your scenarios are not really concerned with the concept of native VLAN or the way it is configured, to be honest. Whether you use a native VLAN in either of your scenarios, or whether you configure the native VLAN on a subinterface or on the physical interface makes no difference. There is simply no difference to using or not using a native VLAN in any of your scenarios, and there is no difference to the native VLAN configuration being placed on a physical interface or a subinterface. It's as plain as that. Both your scenarios will work.
My personal opinion, though, is that forcing routers on a broadcast multi-access segment such as Ethernet to operate in a hub-and-spoke fashion is somewhat artificial. Why would you want to do this? Both scenarios have drawbacks: in the first scenario, you need to add a neighbor statement for each spoke to the hub, limiting the scalability. In the second scenario, you waste VLANs and IP subnets if there are many spokes. The primary question is, though: why would you want an Ethernet segment to operate as a hub-and-spoke network? Sure, these things are done but they are motivated by specific needs so I would like to know if you have any.
Even if you needed your network to operate in a hub-and-spoke mode, there are more efficient means of achieving that: Cisco switches support so-called protected ports that are prevented from talking to each other. By configuring the switch ports to spokes as protected, you will prevent the spokes from seeing each other. You would not need, then, to configure static neighbors in EIGRP, or to waste VLANs for individual spokes. What you would need to do would be deactivating the split horizon on R1's interface, and using the ip next-hop-self eigrp command on R1 to tweak the next hop information to point to R1 so that the spokes do not attempt to route packets to each other directly but rather route them over R1.
I do not believe I have seen any special CCO documents regarding the use of physical interfaces or subinterfaces for native VLAN or for your scenarios.
Best regards,
Peter

Various questions on uplink profiles, CoS, native VLAN, downlink trunking

I will be using vPC End Host Mode with MAC-pinning. I see I can further configure MAC-Pinning. Is this required or will it automatically forward packets by just turning it on? Is it also best not to enable failover for the vnics in this configuration? See this text from the Cisco 1000V deployment Guide:
Fabric Fail-Over Mode
Within the Cisco UCS M71KR-E, M71KR-Q and M81KR adapter types, the Cisco Unified Computing System can
enable a fabric failover capability in which loss of connectivity on a path in use will cause remapping of traffic
through a redundant path within the Cisco Unified Computing System. It is recommended to allow the Cisco Nexus
1000V redundancy mechanism to provide the redundancy and not to enable fabric fail-over when creating the
network interfaces within the UCS Service Profiles. Figure 3 shows the dialog box. Make sure the Enable Failover
checkbox is not checked."
What is the 1000V redundancy?? I didn't know it has redundancy. Is it the MAC-Pinning set up in the 1000V? Is it Network State Tracking?
The 1000V has redundancy and we can even pin VLANs to whatever vNIC we want. See Cisco's Best Practices for Nexus 1000V and UCS.
Nexus1000V management VLAN. Can I use the same VLAN for this and for ESX-management and for Switch management? E.g VLan 3 for everything.
According to the below text (1000V Deployment Guide), I can have them all in the same vlan:
There are no best practices that specify whether the VSM
and the VMware ESX management interface should be on the same VLAN. If the management VLAN for
network devices is a different VLAN than that used for server management, the VSM management
interface should be on the management VLAN used for the network devices. Otherwise, the VSM and the
VMware ESX management interfaces should share the same VLAN.
I will also be using CoS and Qos to prioritize the traffic. The CoS can either be set in the 1000V (Host control Full) or per virtual adapter (Host control none) in UCS. Since I don't know how to configure CoS on the 1000V, I wonder if I can just set it in UCS (per adapter) as before when using the 1000V, ie. we have 2 choices.
Yes, you can still manage CoS using QoS on the vnics when using 1000V:
The recommended action in the Cisco Nexus 1000V Series is to assign a class of service (CoS) of 6 to the VMware service console and VMkernel flows and to honor these QoS markings on the data center switch to which the Cisco UCS 6100 Series Fabric Interconnect connects. Marking of QoS values can be performed on the Cisco Nexus 1000V Series Switch in all cases, or it can be performed on a per-VIF basis on the Cisco UCS M81KR or P81E within the Cisco Unified Computing System with or without the Cisco Nexus 1000V Series Switch.
Something else: Native VLANs
Is it important to have the same native VLAN on the UCS and the Cisco switch? And not to use the default native VLAN 1? I read somewhere that the native VLAN is used for communication between the switches and CDP amongst others. I know the native VLAN is for all untagged traffic. I see many people set the ESXi management VLAN as native also, and in the above article the native VLAN (default 1) is setup. Why? I have been advised to leave out the native VLAN.
Example:Will I be able to access a VM set with VLAN 0 (native) if the native VLAN is the same in UCS and the Cisco switch (Eg. VLAN 2)? Can I just configure a access port with the same VLAN ID as the native VLAN, i.e 2 and connect to it with a PC using the same IP network address?
And is it important to trunk this native VLAN? I see in a Netapp Flexpod config they state this: "This configuration also leverages the native VLAN on the trunk ports to discard untagged packets, by setting the native VLAN on the port channel, but not including this VLAN in the allowed VLANs on the port channel". But I don't understand it...
What about the downlinks from the FI to the chassis. Do you configure this as a port channel also in UCS? Or is this not possible with the setup described here with 1000V and MAC-pinning.
No, port channel should not be configured when MAC-pinning is configured.
[Robert] The VSM doesn't participate in STP so it will never send BPDU's. However, since VMs can act like bridges & routers these days, we advise to add two commands to your upstream VEM uplinks - PortFast and BPDUFilter. PortFast so the interface is FWD faster (since there's no STP on the VSM anyway) and BPDUFilter to ignore any received BPDU's from VMs. I prefer to ignore them then using BPDU Gaurd - which will shutdown the interface if BPDU's are received.
-Are you thinking of the upstream switch here (Nexus, Catalyst) or the N1kV uplink profile config?
Edit: 26 July 14:23. Found answers to many of my many questions...

Answers inline.
Atle Dale wrote:
Something else: Native VLANsIs it important to have the same native VLAN on the UCS and the Cisco switch? And not to use the default native VLAN 1? I read somewhere that the native VLAN is used for communication between the switches and CDP amongst others. I know the native VLAN is for all untagged traffic. I see many people set the ESXi management VLAN as native also, and in the above article the native VLAN (default 1) is setup. Why? I have been advised to leave out the native VLAN.[Robert] The native VLAN is assigned per hop. This means between the 1000v Uplinks port profile and your UCS vNIC definition, the native VLAN should be the same. If you're not using a native VLAN, the "default" VLAN will be used for control traffic communication. The native VLAN and default VLAN are not necessarily the same. Native refers to VLAN traffic without an 802.1q header and can be assigned or not. A default VLAN is mandatory. This happens to start as VLAN 1 in UCS but can be changed. The default VLAN will be used for control traffic communication. If you look at any switch (including the 1000v or Fabric Interconnects) and do a "show int trunk" from the NXOS CLI, you'll see there's always one VLAN allowed on every interface (by default VLAN 1) - This is your default VLAN.Example:Will I be able to access a VM set with VLAN 0 (native) if the native VLAN is the same in UCS and the Cisco switch (Eg. VLAN 2)? Can I just configure a access port with the same VLAN ID as the native VLAN, i.e 2 and connect to it with a PC using the same IP network address?[Robert] There's no VLAN 0. An access port doesn't use a native VLAN - as its assigned to only to a single VLAN. A trunk on the other hand carries multiple VLANs and can have a native vlan assigned. Remember your native vlan usage must be matched between each hop. Most network admins setup the native vlan to be the same throughout their network for simplicity. In your example, you wouldn't set your VM's port profile to be in VLAN 0 (doens't exist), but rather VLAN 2 as an access port. If VLAN 2 also happens to be your Native VLAN northbound of UCS, then you would configured VLAN 2 as the Native VLAN on your UCS ethernet uplinks. On switch northbound of the UCS Interconnects you'll want to ensure on the receiving trunk interface VLAN 2 is set as the native vlan also. Summary:1000v - VM vEthernet port profile set as access port VLAN 21000v - Ethernet Uplink Port profile set as trunk with Native VLAN 2UCS - vNIC in Service Profile allowing all required VLANs, and VLAN 2 set as NativeUCS - Uplink Interface(s) or Port Channel set as trunk with VLAN 2 as Native VLANUpstream Switch from UCS - Set as trunk interface with Native VLAN 2From this example, your VM will be reachable on VLAN 2 from any device - assuming you have L3/routing configured correctly also.And is it important to trunk this native VLAN? I see in a Netapp Flexpod config they state this: "This configuration also leverages the native VLAN on the trunk ports to discard untagged packets, by setting the native VLAN on the port channel, but not including this VLAN in the allowed VLANs on the port channel". But I don't understand it...[Robert] This statement recommends "not" to use a native VLAN. This is a practice by some people. Rather than using a native VLAN throughout their network, they tag everything. This doesn't change the operation or reachability of any VLAN or device - it's simply a design descision. The reason some people opt not to use a native VLAN is that almost all switches use VLAN 1 as the native by default. So if you're using the native VLAN 1 for management access to all your devices, and someone connects in (without your knowing) another switch and simply plug into it - they'd land on the same VLAN as your management devices and potentially do harm.What about the downlinks from the FI to the chassis. Do you configure this as a port channel also in UCS? Or is this not possible with the setup descrived here with 1000V and MAC-pinning.[Robert] On the first generation hardware (6100 FI and 2104 IOM) port channeling is not possible. With the latest HW (6200 and 2200) you can create port channels with all the IOM - FI server links. This is not configurable. You either tell the system to use Port Channel or Individual Links. The major bonus of using a Port Channel is losing a link doesn't impact any pinned interfaces - as it would with individual server interfaces. To fix a failed link when configured as "Individual" you must re-ack the Chassis to re-pinn the virtual interfaces to the remaining server uplinks. In regards to 1000v uplinks - the only supported port channeling method is "Mac Pinning". This is because you can't port channel physical interfaces going to separate Fabrics (one to A and one to B). Mac Pinning gets around this by using pinning so all uplinks can be utilized at the same time.--[Robert] The VSM doesn't participate in STP so it will never send BPDU's. However, since VMs can act like bridges & routers these days, we advise to add two commands to your upstream VEM uplinks - PortFast and BPDUFilter. PortFast so the interface is FWD faster (since there's no STP on the VSM anyway) and BPDUFilter to ignore any received BPDU's from VMs. I prefer to ignore them then using BPDU Gaurd - which will shutdown the interface if BPDU's are received.-Are you thinking of the upstream switch here (Nexus, Catalyst) or the N1kV uplink profile config?[Robert] The two STP commands would be used only when the VEM (ESX host) is directly connected to an upstream switch. For UCS these two commands to NOT apply.

QoS / Native VLAN Issue - Please HELP! :)

I've purchased 10 Cisco Aironet 2600 AP’s (AIR-SAP2602I-E-K9 standalone rather than controller based).
I’ve configured the WAP’s (or the first WAP I’m going to configure and then pull the configuration from and push to the others) with 2 SSID’s. One providing access to our DATA VLAN (1000 – which I’ve set as native on the WAP) and one providing access to guest VLAN (1234). I’ve configured the connecting DELL switchport as a trunk and set the native VLAN to 1000 (DATA) and allowed trunk traffic for VLAN’s 1000 and 1234. Everything works fine, when connecting to the DATA SSID you get a DATA IP and when you connect to the GUEST SSID you lease a GUEST IP.
The problem starts when I create a QoS policy on the WAP (for Lync traffic DSCP 40 / CS5) and try to attach it to my VLAN’s. It won’t let me attach the policy to VLAN 1000 as it’s the native VLAN. If I change VLAN 1000 on the WAP to NOT be the native VLAN I can attach the policies however wireless clients can no longer attach to either SSID properly as they fail to lease an IP address and instead get a 169.x.x.x address.
I'm sure I'm missing something basic here so please forgive my ignorance.
This is driving me insane!
Thanks to anyone that provides assistance. Running config below and example of the error...
User Access Verification
Username: admin
Password:
LATHQWAP01#show run
Building configuration...
Current configuration : 3621 bytes
! Last configuration change at 02:37:59 UTC Mon Mar 1 1993 by admin
version 15.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
hostname LATHQWAP01
logging rate-limit console 9
aaa new-model
aaa authentication login default local
aaa authorization exec default local
aaa session-id common
no ip routing
dot11 syslog
dot11 vlan-name Data vlan 1000
dot11 vlan-name Guest vlan 1234
dot11 ssid LatitudeCorp
   vlan 1000
   authentication open
   authentication key-management wpa version 2
   wpa-psk ascii
dot11 ssid LatitudeGuest
   vlan 1234
   authentication open
   authentication key-management wpa version 2
   guest-mode
   wpa-psk ascii
crypto pki token default removal timeout 0
username admin privilege 15 password!
class-map match-all _class_Lync0
match ip dscp cs5
policy-map Lync
class _class_Lync0
set cos 6
bridge irb
interface Dot11Radio0
no ip address
no ip route-cache
encryption vlan 1234 mode ciphers aes-ccm
encryption vlan 1000 mode ciphers aes-ccm
ssid LatitudeCorp
ssid LatitudeGuest
antenna gain 0
stbc
station-role root
interface Dot11Radio0.1000
encapsulation dot1Q 1000 native
no ip route-cache
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
interface Dot11Radio0.1234
encapsulation dot1Q 1234
no ip route-cache
bridge-group 255
bridge-group 255 subscriber-loop-control
bridge-group 255 spanning-disabled
bridge-group 255 block-unknown-source
no bridge-group 255 source-learning
no bridge-group 255 unicast-flooding
service-policy input Lync
service-policy output Lync
interface Dot11Radio1
no ip address
no ip route-cache
encryption vlan 1234 mode ciphers aes-ccm
encryption vlan 1000 mode ciphers aes-ccm
ssid LatitudeCorp
ssid LatitudeGuest
antenna gain 0
no dfs band block
stbc
channel dfs
station-role root
interface Dot11Radio1.1000
encapsulation dot1Q 1000 native
no ip route-cache
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
interface Dot11Radio1.1234
encapsulation dot1Q 1234
no ip route-cache
bridge-group 255
bridge-group 255 subscriber-loop-control
bridge-group 255 spanning-disabled
bridge-group 255 block-unknown-source
no bridge-group 255 source-learning
no bridge-group 255 unicast-flooding
service-policy input Lync
service-policy output Lync
interface GigabitEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
interface GigabitEthernet0.1000
encapsulation dot1Q 1000 native
no ip route-cache
bridge-group 1
bridge-group 1 spanning-disabled
no bridge-group 1 source-learning
interface GigabitEthernet0.1234
encapsulation dot1Q 1234
no ip route-cache
bridge-group 255
bridge-group 255 spanning-disabled
no bridge-group 255 source-learning
service-policy input Lync
service-policy output Lync
interface BVI1
ip address 10.10.1.190 255.255.254.0
no ip route-cache
ip default-gateway 10.10.1.202
ip http server
ip http authentication aaa
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
bridge 1 route ip
line con 0
line vty 0 4
transport input all
end
LATHQWAP01#conf
Configuring from terminal, memory, or network [terminal]? t
Enter configuration commands, one per line. End with CNTL/Z.
LATHQWAP01(config)#int dot11radio1.1000
LATHQWAP01(config-subif)#ser
LATHQWAP01(config-subif)#service-policy in
LATHQWAP01(config-subif)#service-policy input Lync
set cos is not supported on native vlan interface
LATHQWAP01(config-subif)#

Hey Scott,
Thank you (again) for your assistance.
So I' ve done as instructed and reconfigured the WAP. I've added an additional VLAN (1200 our VOIP VLAN) and made this the native VLAN - so 1000 and 1234 are now tagged. I've configure the BVI interface with a VOIP IP address for management and can connect quite happily. I've configured the connecting Dell switchport as a trunk and to allow trunk vlans 1000 (my DATA SSID), 1200(native) and 1234 (MY GUEST SSID). I'm now back to the issue where when a wireless client attempts to connect to either of my SSID's (Guest or DATA) they are not getting a IP address / cannot connect.
Any ideas guys? Forgive my ignorance - this is a learning curve and one i'm enjoying.
LATHQWAP01#show run
Building configuration...
Current configuration : 4426 bytes
! Last configuration change at 20:33:19 UTC Mon Mar 1 1993 by Cisco
version 15.3
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
hostname LATHQWAP01
logging rate-limit console 9
enable secret 5
no aaa new-model
no ip source-route
no ip cef
dot11 syslog
dot11 vlan-name DATA vlan 1000
dot11 vlan-name GUEST vlan 1234
dot11 vlan-name VOICE vlan 1200
dot11 ssid LatitudeCorp
   vlan 1000
   authentication open
   authentication key-management wpa version 2
   mobility network-id 1000
   wpa-psk ascii
dot11 ssid LatitudeGuest
   vlan 1234
   authentication open
   authentication key-management wpa version 2
   mbssid guest-mode
   mobility network-id 1234
   wpa-psk ascii
   no ids mfp client
dot11 phone
username CISCO password
class-map match-all _class_Lync0
match ip dscp cs5
policy-map Lync
class _class_Lync0
set cos 6
bridge irb
interface Dot11Radio0
no ip address
encryption vlan 1000 mode ciphers aes-ccm
encryption vlan 1234 mode ciphers aes-ccm
ssid LatitudeCorp
ssid LatitudeGuest
antenna gain 0
stbc
mbssid
station-role root
interface Dot11Radio0.1000
encapsulation dot1Q 1000
bridge-group 255
bridge-group 255 subscriber-loop-control
bridge-group 255 spanning-disabled
bridge-group 255 block-unknown-source
no bridge-group 255 source-learning
no bridge-group 255 unicast-flooding
service-policy input Lync
service-policy output Lync
interface Dot11Radio0.1200
encapsulation dot1Q 1200 native
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
interface Dot11Radio0.1234
encapsulation dot1Q 1234
bridge-group 254
bridge-group 254 subscriber-loop-control
bridge-group 254 spanning-disabled
bridge-group 254 block-unknown-source
no bridge-group 254 source-learning
no bridge-group 254 unicast-flooding
service-policy input Lync
service-policy output Lync
interface Dot11Radio1
no ip address
encryption vlan 1000 mode ciphers aes-ccm
encryption vlan 1234 mode ciphers aes-ccm
ssid LatitudeCorp
ssid LatitudeGuest
antenna gain 0
peakdetect
no dfs band block
stbc
mbssid
channel dfs
station-role root
interface Dot11Radio1.1000
encapsulation dot1Q 1000
bridge-group 255
bridge-group 255 subscriber-loop-control
bridge-group 255 spanning-disabled
bridge-group 255 block-unknown-source
no bridge-group 255 source-learning
no bridge-group 255 unicast-flooding
service-policy input Lync
service-policy output Lync
interface Dot11Radio1.1200
encapsulation dot1Q 1200 native
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
interface Dot11Radio1.1234
encapsulation dot1Q 1234
bridge-group 254
bridge-group 254 subscriber-loop-control
bridge-group 254 spanning-disabled
bridge-group 254 block-unknown-source
no bridge-group 254 source-learning
no bridge-group 254 unicast-flooding
service-policy input Lync
service-policy output Lync
interface GigabitEthernet0
no ip address
duplex full
speed auto
interface GigabitEthernet0.1000
encapsulation dot1Q 1000
bridge-group 255
bridge-group 255 spanning-disabled
no bridge-group 255 source-learning
service-policy input Lync
service-policy output Lync
interface GigabitEthernet0.1200
encapsulation dot1Q 1200 native
bridge-group 1
bridge-group 1 spanning-disabled
no bridge-group 1 source-learning
interface GigabitEthernet0.1234
encapsulation dot1Q 1234
bridge-group 254
bridge-group 254 spanning-disabled
no bridge-group 254 source-learning
service-policy input Lync
service-policy output Lync
interface BVI1
mac-address 881d.fc46.c865
ip address 10.10. 255.255.254.0
ip default-gateway 10.10.
ip forward-protocol nd
ip http server
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
bridge 1 route ip
line con 0
line vty 0 4
login local
transport input all
sntp server ntp2c.mcc.ac.uk
sntp broadcast client
end
LATHQWAP01#

Need help in understanding native VLAN or PVID concent

Hi: I am fairly new to VLANs. I can't seem to understand how native VLAN or PVID concept works. I found descriptions for native VLAN. But what I donot understand is the following scenario:
Letz say a port is a member of VLANs 1 and 2. The PVID for the port is 1. A normal PC is attached to this port. If an untagged frame arrives on this port from the PC attached, based on native VLAN definition, the frame will be assigned to VLAN 1. But what if the source wanted this untagged frame to go to a server in VLAN 2 since the port is a member of both VLAN 1 and 2?
Thanks in Advance.
Ravi

leonvd79: thanks for your response. I was thinking a port to which a user is attached (access port) can be member of multiple VLANs if it needs to communicate with entities in multiple VLANs. Could you please clarify.
So in a network where there are two servers, server2 in VLAN 2 and server3 in VLAN 3. So I will make PVID=2 for access port server2 is attached and PVID=3 for access port to which server3 is attached.
I have user2 who will need to talk to only server2. So I make the PVID for the access port to which user2 is attached as 2. If I have user23 who needs to communicate with both server2 and server3, what will be the PVID for the port to which user23 is attached: 2 or 3?
Thanks
Ravi

Executing Native SQL query for oracle

Hi,
I want to run following native sql query but it is giving me error ora:933,
DATA: BEGIN OF WA,
      TSP_NAME(255) TYPE C,
      PER_USAGE(10) TYPE C,
      END OF WA.
EXEC SQL PERFORMING loop_output.
select t.tablespace_name,'(' || TO_CHAR(ROUND(100*(NVL(b.bytes,0)/NVL(a
.bytes,0)))) || '%)' "TSUsed%" from dba_tablespaces t,
( select tablespace_name, sum(bytes)/1024/1024 bytes
from dba_data_files group by tablespace_name) a,
( select e.tablespace_name, sum(e.bytes)/1024/1024 bytes
from dba_extents e group by e.tablespace_name ) b,
( select f.tablespace_name, sum(f.bytes)/1024/1024 bytes
from dba_free_space f group by f.tablespace_name ) c
where t.tablespace_name = a.tablespace_name(+) and
t.tablespace_name = b.tablespace_name(+) and
t.tablespace_name = c.tablespace_name(+) into :wa.
ENDEXEC.
Please provide me the soln
Regards,
Bharat Mistry

ORA-00933: SQL command not properly ended.
Try:
EXEC SQL PERFORMING loop_output.
select
into :wa
ENDEXEC.
(No "." at the end). If that doesn't work, try ending it with a ";"
Rob

Mapping Problem with Native SQL query

My application uses a native SQL query to locate certain entities. It looks like this:
SELECT UPLOADATTEMPTREF, STUDENTNUMBER, USERID, WORKITEMCODE, WORKITEMINSTURN, WORKITEMTITLE, MODULERUNCODE, STUDENTNAME, SUBMISSIONDEADLINE, UPLOADATTEMPTSERVERDATE, FILENAME, UPLOADCOMPLETESERVERDATE, NEWFILENAME, FILESIZE, FILEPATH, DOWNLOADSERVERDATE, MODULECODE, MODULETITLE
FROM Submission_Attempt WHERE UPLOADATTEMPTREF IN (
SELECT uploadAttemptRef FROM (" + "SELECT MAX(uploadAttemptRef) AS uploadAttemptRef, UserID, workItemInstUrn, " + "workItemCode FROM Submission_Attempt where workiteminsturn = ?1 " + "GROUP BY UserID, workItemInstUrn, workItemCode) Table1 ) " + "and uploadCompleteServerDate is not null;" 
My expectation was that EclipseLink would be able to handle the mapping of the results to the entity quite happily. However, I get a NonSynchronizedVector of Objects - each Object representing one field of data.
I need help with either:
Converting the above SQL into JPQL so that I (hopefully) don't have to worry about the SQL or
Understanding why this isn't working properly...
Anyone able to help?
Edited by: phunnimonkey on Nov 6, 2008 3:33 AM

Never mind - the problem was to do with not specifying a class when creating the native query.

Performance of native sql query detoriates

Dear Experts,
The performance of my native SQL query is bad. On the database the query takes less than 5 seconds to process. From my abap program I get a session timeout dump after 10 minutes. What might be the possible reason.
Warm Regards,
Abdullah

I am not a DBA, but this is a wild guess.
I have a native SQL query. It was running fine all morning(transported it to production today). By afternoon the report was not giving any output.
I went to the MS SQL query analyzer and executed the query, it returned the results in less than 5 seconds. The same query when I was executing from SAP using native SQL took more than 10 minutes and gave a dump(time exceeded).
My database guy asked me to execute the following on the database. Dbcc dbreindex('tablename')
The report is running fine since then. I am still not satisfied if this is the reason the performance is back on track, but yeah the report is running fine again. There seems to be some problem with the indexes.
I am using standard classes provided by SAP to execute my query and after execution the resultset reference object is being closed, I am closing the connection.
the code is as below.
 PERFORM:
 connect USING con_name con_ref,
 select_into_table USING con_ref,
 disconnect USING con_ref.
* FORM connect
* Connects to the database specified by the logical connection name
* P_CON_NAME which is expected to be specified in table DBCON. In case
* of success the form returns in P_CON_REF a reference to a connection
* object of class CL_SQL_CONNECTION.
* --> P_CON_NAME logical connection name
* <-- P_CON_REF reference to a CL_SQL_CONNECTION object
FORM connect USING p_con_name TYPE dbcon-con_name
 p_con_ref TYPE REF TO cl_sql_connection
 RAISING cx_sql_exception.
* if CON_NAME is not initial then try to open the connection, otherwise
* create a connection object representing the default connection.
IF p_con_name IS INITIAL.
 CREATE OBJECT p_con_ref.
ELSE.
 p_con_ref = cl_sql_connection=>get_connection( p_con_name ).
ENDIF.
ENDFORM. " connect
* FORM select_into_table
* Selects some rows from the test table and fetches the result rows
* into an internal table whose row structure corresponds to the
* queries select list columns.
FORM select_into_table
USING p_con_ref TYPE REF TO cl_sql_connection
RAISING cx_sql_exception.
DATA:
 l_stmt TYPE string,
 l_stmt_ref TYPE REF TO cl_sql_statement,
 l_dref TYPE REF TO data,
 l_res_ref TYPE REF TO cl_sql_result_set,
*Data related query
 l_itab TYPE TABLE OF t_pricing_report,
 l_row_cnt TYPE i.
* create the query string
CONCATENATE
 'select A.SEQ,A.CONDTABLE,A.CONDNAME,A.VKORG,A.VTWEG,A.MATKL,A.MATNR,B.MTEXT,A.VKGRP,A.SGRPNAME,'
 'A.VKBUR,A.SOFFNAME,A.ZSALES,A.SCNTNAME,A.KUNNR,A.SCSTNAME,A.PRBATCH,A.INCO1,'
 'A.INCO2,A.DATAB,A.DATBI,A.KBETR,A.KONWA,A.KOSRT,B.MTART,B.GROES,B.VOLUM,B.EXTWG,B.WRKST,'
 'A.MXWRT,A.GKWRT,'
 'B.PATTERN,B.RIM,B.SERIES,B.SPDINDEX,B.LDINDX,B.MGROUP,B.APPLN,B.SDWALL,B.MGRPTXT'
 'FROM Z_PRICELIST A,Z_MATERIALVIEW B'
 'WHERE A.MANDT = ? AND'
 'B.MANDT = A.MANDT AND'
 'A.MATNR = B.MATNR AND'
 'A.KSCHL = ? AND'
 'A.CONDTABLE LIKE ? AND'
 'A.VKORG LIKE ? AND'
 'A.VTWEG LIKE ? AND'
 'A.MATKL >= ? AND A.MATKL <= ? AND'
 'A.MATNR >= ? AND A.MATNR <= ? AND'
 'A.INCO1 LIKE ? AND'
 'A.INCO2 LIKE ? AND'
 'A.ZSALES >= ? AND A.ZSALES <= ? AND'
 'A.KUNNR >= ? AND A.KUNNR <= ? AND'
 'A.PRBATCH >= ? AND A.PRBATCH <= ? AND'
 'A.VKBUR >= ? AND A.VKBUR <= ? AND'
 'A.VKGRP >= ? AND A.VKGRP <= ? AND'
 'B.WRKST >= ? AND B.WRKST <= ? AND'
 'B.MTART >= ? AND B.MTART <= ? AND'
 '? BETWEEN A.DATAB AND A.DATBI AND'
 'B.GROES LIKE ? AND'
 'B.LDINDX LIKE ? AND'
 'B.SPDINDEX LIKE ? AND'
 'B.RIM LIKE ? AND'
 'B.SERIES LIKE ? AND'
 'B.PATTERN LIKE ? AND'
 'B.MGROUP LIKE ?'
 'order by A.MATNR'
 INTO l_stmt SEPARATED BY space. "#EC NOTEXT
* create a statement object
l_stmt_ref = p_con_ref->create_statement( ).
* bind input variables
GET REFERENCE OF l_col1 INTO l_dref.
l_stmt_ref->set_param( l_dref ).
*binding other references here
GET REFERENCE OF l_col33 INTO l_dref.
l_stmt_ref->set_param( l_dref ).
* set the input values and execute the query
l_col1 = sy-mandt.
*..Assigning values here
l_col33 = p_mgroup.
* PERFORM trace_2 USING 'EXECUTE_QUERY' l_stmt l_col1 l_col2.
l_res_ref = l_stmt_ref->execute_query( l_stmt ).
* set output table
GET REFERENCE OF l_itab INTO l_dref.
l_res_ref->set_param_table( l_dref ).
* get the complete result set
l_row_cnt = l_res_ref->next_package( ).
* display the contents of the output table
* PERFORM trace_next_package USING l_itab.
* PERFORM trace_result USING l_row_cnt 'rows fetched'.
pricing_report[] = l_itab[].
free l_itab.
* don't forget to close the result set object in order to free
* resources on the database
l_res_ref->close( ).
ENDFORM. "select_into_table
* FORM disconnect
* Disconnect from the given connection. In case of the default
* connection this can be omitted.
FORM disconnect
USING p_con_ref TYPE REF TO cl_sql_connection
RAISING cx_sql_exception.
DATA: l_con_name TYPE dbcon-con_name.
l_con_name = p_con_ref->get_con_name( ).
CHECK l_con_name <> cl_sql_connection=>c_default_connection.
* PERFORM trace_0 USING 'CLOSE CONNECTION' l_con_name.
p_con_ref->close( ).
* PERFORM trace_result USING l_con_name 'closed'.
ENDFORM. "disconnect
* FORM handle_sql_exception
* Write appropriate error messages when a SQL exception has occured
* --> P_SQLERR_REF reference to a CX_SQL_EXCEPTION object
FORM handle_sql_exception
USING p_sqlerr_ref TYPE REF TO cx_sql_exception.
FORMAT COLOR COL_NEGATIVE.
IF p_sqlerr_ref->db_error = 'X'.
 WRITE: / 'SQL error occured:', p_sqlerr_ref->sql_code,
 / p_sqlerr_ref->sql_message. "#EC NOTEXT
ELSE.
 WRITE:
 / 'Error from DBI (details in dev-trace):',
 p_sqlerr_ref->internal_error. "#EC NOTEXT
ENDIF.
ENDFORM. "handle_sql_exception

WLC 7.4.110.0 where native vlan and SSID vlan is the same vlan

Hi
We have app. 1500 accespoints in app. 500 locations. WLCs are WiSM2s running 7.4.110.0. The AP are 1131LAPs.In a FlexConnect configuration we use vlan 410 as native vlan and the ssid (LAN) also in vlan 410. This works fine, never had any problems with this.
Now we have started use 1602 APs and the client connection on ssid LAN becomes unstable.
If we configure an different ssid, using vlan 420 and native vlan as 410, everything works fine.
I can't find any recommandations regarding the use of native vlan/ssid vlan
Is there anyone experiencing similar problems? Is this a problem with my configuration or is it a bug wittin 1602 accespoints?
Regards,
Lars Christian

It is the recomended design to put FlexConnect AP mgt into native vlan & user traffic to a tagged vlan.
From the QoS perspective if you want to enforce WLC QoS profile values, you have to tag SSID traffic to a vlan (other than native vlan) & trust CoS on the switch port connected to FlexConnect AP (usually configured as trunk port)
HTH
Rasika
**** Pls rate all useful responses ****

Does the dot1q native VLAN need to be defined on the switch?

I understand the issues with using VLAN 1 as the native VLAN on a dot1q trunk. I follow best practices and change the native VLAN to a VLAN that does not carry any other traffic (switchport trunk native vlan x). I usually go a step further and do not define the VLAN in the switch configuration. This way if traffic bleeds into the native VLAN because it is untagged then it cannot go anywhere. So if I use VLAN 999 as the native VLAN, I do not create VLAN 999 on the switch. I’m curious if anyone else does this or if there are any thoughts on whether this is a good or bad practice?

If you are tagging your native VLAN but do not have that VLAN in the vlan database - it makes no difference if the VLAN exists or not in my opinion. All the vlans on your trunks would be tagged anyway.
It seems like a clever idea, but not sure if it provides any benefit.

Wireless AP native vlan and switch trunk

Hi,
I am unable to ping my ap, i think it is due to the multiple vlan issues, can provide some advise, my config for the ap and switch is as below
AP Config
version 15.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
hostname hostname
logging rate-limit console 9
enable secret 5 $1$ZxN/$eYOf/ngj7vVixlj.wjG2G0
no aaa new-model
ip cef
dot11 syslog
dot11 ssid Personal
   vlan 2
   authentication open
   authentication key-management wpa version 2
   guest-mode
   wpa-psk ascii 7 070E26451F5A17113741595D
crypto pki token default removal timeout 0
username Cisco password 7 1531021F0725
bridge irb
interface Dot11Radio0
no ip address
encryption vlan 2 mode ciphers aes-ccm tkip
ssid Personal
antenna gain 0
stbc
beamform ofdm
station-role root
no dot11 extension aironet
interface Dot11Radio0.2
encapsulation dot1Q 2
bridge-group 2
bridge-group 2 subscriber-loop-control
bridge-group 2 spanning-disabled
bridge-group 2 block-unknown-source
no bridge-group 2 source-learning
no bridge-group 2 unicast-flooding
interface Dot11Radio0.100
encapsulation dot1Q 100 native
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
interface Dot11Radio1
no ip address
encryption vlan 2 mode ciphers aes-ccm tkip
ssid Personal
antenna gain 0
no dfs band block
stbc
beamform ofdm
channel dfs
station-role root
interface Dot11Radio1.2
encapsulation dot1Q 2
bridge-group 2
bridge-group 2 subscriber-loop-control
bridge-group 2 spanning-disabled
bridge-group 2 block-unknown-source
no bridge-group 2 source-learning
no bridge-group 2 unicast-flooding
interface Dot11Radio1.100
encapsulation dot1Q 100 native
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
interface GigabitEthernet0
no ip address
duplex auto
speed auto
interface GigabitEthernet0.2
encapsulation dot1Q 2
bridge-group 2
bridge-group 2 spanning-disabled
no bridge-group 2 source-learning
interface GigabitEthernet0.100
encapsulation dot1Q 100 native
bridge-group 1
bridge-group 1 spanning-disabled
no bridge-group 1 source-learning
interface BVI1
ip address 192.168.1.100 255.255.255.0
ip default-gateway 192.168.1.1
ip forward-protocol nd
ip http server
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
bridge 1 route ip
line con 0
line vty 0 4
password 7 01181101521F
login
transport input all
end
Switch Port config
interface FastEthernet1/0/10
switchport trunk native vlan 100
switchport mode trunk

I will re-check the routing again but could it be some bridging issues ?
interface GigabitEthernet0
no ip address
duplex auto
speed auto
**** unable to put up this command on the giga port
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
I try to put this command on the gigaethernet port but it does not allow me, could this be the bridging issue ?

Fetch join with Native SQL Query?

Hello all,
I am using the J2EE 5.0 persistence api with the SUN appserver v9. As the java persistence api does not yet support spatial queries ("... where contains(polygon, point)") I have to use native SQL queries for that purpose.
Now my question is how can I "join fetch" my ManyToOne-related entities when using a native SQL query? Is this somehow possible using the SqlResultSetMapping annotation?

Never mind - the problem was to do with not specifying a class when creating the native query.

How set native vlan on a VM in vSphere when using the 1000V?

Using the vSphere Distr Switch, we set native VLAN per VM by setting the VLAN d to 0.
How do we set the native VLAN for a VM if the VM is connected to a 1000V? I heard we no longer can use VLAN ID 0?

Same way you would on any Cisco switch.
Add this command to your Uplink port profile:
switchport trunk native vlan X
Keep in mind there is no VLAN 0. VLAN "0" is just how vmware designates the untagged VLAN. Valid ranges are 1-4095 according to the standard.
Regards,
Robert

Native vlan query

Similar Messages

Maybe you are looking for