Vlan mismatch on a non-trunk port?
I have a 6500, running CatOS 7.6(2), directly connected to a 3500xl (running IOS 12.0(5)) with Cat5. I am *not* trunking between them. Each port is running under a different native VLANs, which I wouldn't think was an issue since they aren't trunking. The connection works fine, and packets flow between them as expected, but my 6500 complains about a native VLAN mismatch on that port. Is this a bug on the CatOS side? The 3500xl doesn't seem to complain about the native vlans being different.
Yes, these are CDP messages:
%CDP-4-NVLANMISMATCH:Native vlan mismatch detected on port 4/39
I am sure the port is not trunking:
Commons_6506_1> show trunk 4/39
Port Mode Encapsulation Status Native vlan
4/39 off dot1q not-trunking 54
Each port is in a different access VLAN. I just thought it odd that the 6500 cared about the native vlans since there was no trunking, and thus, no native vlan (just the active vlan).
Similar Messages
-
How can i disable cdp vlan mismatch message?
Hello,
I have some trouble with vlan mismatch using cdp message. because, port of main siwch configured vlan 100, but port of access switch configured vlan1. thus vlan mismatch message displayed using cdp message.
At this time, I'm usally try to change some value both of switches. for examlple, chaning vtp domain or disabling cdp or adjusting vlan information both of swiches.
Is there any other method to troubleshooting these issue?
regards,
John.Hi joh,
Changing the vtp domain and all will not help you,It is clear that there is mismatch in the allowing vlan in the connected ports of both sitches.
Try to configure both ports in the same vlan, or else leave the port of the access switch in trunk mode without specifiying any vlan if it doesn't affect your traffic.
Rgs, -
Unable to add allowed VLANs to TenGig trunk port
Hi,
I've got a ten gig interface on a 6509 running 12.2(33) configured as a trunk, but I've not been able to add any allowed VLANs as I've done before on other ten gig ports on different 6509 chassis. Am I missing something obvious?
I'm assuming that the reason I'm unable to set the encapsulation to dot1q is because the new hardware doens't support ISL, hence no need. The command to add the VLANs however doesn't get rejected, it just doesn't appear to do anything.
I've tried adding single VLANs and multiples, but no joy. Any ideas?
Here's what I've done:
SWITCH_1631(config)#default int t4/1
Interface TenGigabitEthernet4/1 set to default configuration
SWITCH_1631#sh ru int t4/12
Building configuration...
Current configuration : 65 bytes
interface TenGigabitEthernet4/12
no ip address
shutdown
end
SWITCH_1631(config)#int t4/1
SWITCH_1631(config-if)#switchport
SWITCH_1631(config-if)#switchport mode trunk
SWITCH_1631(config-if)#switchport trunk allowed vlan ?
WORD VLAN IDs of the allowed VLANs when this port is in trunking mode
add add VLANs to the current list
all all VLANs
except all VLANs except the following
none no VLANs
remove remove VLANs from the current list
SWITCH_1631(config-if)#switchport trunk allowed vlan add 700
SWITCH_1631(config-if)#
SWITCH_1631#sh vlan id 700
VLAN Name Status Ports
700 VLAN_NAME active <snip>
SWITCH_1631#sh ru int t4/1
Building configuration...
Current configuration : 74 bytes
interface TenGigabitEthernet4/1
switchport
switchport mode trunk
endSteve,
Thanks for getting back to me. You're right that it is by default a dot1q trunk allowing all VLANs, therefore it should work for what I want to do.
Port Mode Encapsulation Status Native vlan
Gi3/39 on 802.1q trunking 1
Te4/1 on 802.1q trunking 1
Po1 on 802.1q trunking 50
Po2 on 802.1q trunking 50
Po3 on 802.1q trunking 50
Po4 on 802.1q trunking 50
Po5 on 802.1q trunking 50
Port Vlans allowed on trunk
Gi3/39 15-16,20-23,30,401,608
Te4/1 1-4094
Po1 10,13,20-21,25,30,50,52,61,70,600,700-701,950
Po2 10,20,30,50,52,61,70,600,700-701,950
Po3 10,20,30,50,61,70,600,700-701,950
Po4 10,20,30,50,61,70,600,700-701,950
Po5 2-3,10-23,25-26,30,35-36,40,50-53,56,58,61,65,70,77,101-102,145-146,155-158,401-402,600-602,608,700-701,800,950
The problem was that I've always been advised that best practise is to only allow the VLANs that are actually required on a trunk to avoid broadcasting traffic unnecessarily. I worked out what the issue was though, and it was a pretty simple one!
Once I saw that 1-4094 was allowed I tried "switchport trunk allowed vlan remove 700" which worked and left me with 1-699,701-4094.
Then I realised what the problem was trying to use the "add" command when all possible VLANs had already been added. As soon as I got rid of it and used "switchport trunk allowed vlan 700" followed by "switchport trunk allowed vlan add 701" I was back in business.
So it was a very simple issue, but thank you Steve for pointing me in the right direction and confirming that all the VLANs were already allowed! -
Link Trunk / Non Trunk Mismatch & Trunk negotiation accross VTP boundaries
Hello,
i'm getting the following two discrepancies in my LMS Prime which i can't explain.
Trunk negotiation accross VTP boundaries
[FX-CH-SW10,GigabitEthernet0/14],[nos-sw01,GigabitEthernet0/14],[FX-CH-SW14.GigabitEthernet0/48
it's really odd, because the switches FX-CH-SW10 and nos-sw01 are on different sites with an WAN in between.
the same for Link Trunk / Non Trunk Mismatch
FX-CH-SW15,GigabitEthernet0/48],[nos-ch-sw01,GigabitEthernet0/15],[FX-CH-SW10,GigabitEthernet0/15]
even in the topology view of the fx-ch-sw10 i see the nos-sw01.
can anybody explain why this happens?
regards
AlexThis looks also fine, no nos-xx switch in there
The following is a SNMP walk of device 172.16.9.46 starting from .1.3.6.1.4.1.9.9.23.1.2.1.1
SNMP Walk Output
.1.3.6.1.4.1.9.9.23.1.2.1.1
cdpCacheAddressType.10101.16 = INTEGER : 1
cdpCacheAddressType.10117.1 = INTEGER : 1
cdpCacheAddressType.10120.2 = INTEGER : 1
cdpCacheAddressType.10126.24 = INTEGER : 1
cdpCacheAddressType.10143.22 = INTEGER : 1
cdpCacheAddressType.10148.6 = INTEGER : 1
cdpCacheAddress.10101.16 = STRING :
6
cdpCacheAddress.10117.1 = STRING :
cdpCacheAddress.10120.2 = STRING :
cdpCacheAddress.10126.24 = STRING :
2
cdpCacheAddress.10143.22 = STRING :
4
cdpCacheAddress.10148.6 = STRING :
cdpCacheVersion.10101.16 = STRING : 8.6.1.0
cdpCacheVersion.10117.1 = STRING : SIP45.9-2-1S
cdpCacheVersion.10120.2 = STRING : SIP45.9-2-1S
cdpCacheVersion.10126.24 = STRING : 8.6.1.0
cdpCacheVersion.10143.22 = STRING : Linux 2.4.21-47.ELsmp #1 SMP Wed Jul 5 20:38:41 EDT 2006 CCM:6.1.1.2000-3
cdpCacheVersion.10148.6 = STRING : Cisco IOS Software, C3560E Software (C3560E-UNIVERSALK9-M), Version 12.2(55)SE1, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2010 by Cisco Systems, Inc.
Compiled Thu 02-Dec-10 06:44 by prod_rel_team
cdpCacheDeviceId.10101.16 = STRING : SEP0011856110B2
cdpCacheDeviceId.10117.1 = STRING : SEP6C504DDB7AC0
cdpCacheDeviceId.10120.2 = STRING : SEPF025727881B1
cdpCacheDeviceId.10126.24 = STRING : cipc-mknuchel
cdpCacheDeviceId.10143.22 = STRING : ccm-sdk.fxwl.lan
cdpCacheDeviceId.10148.6 = STRING : FX-CH-SW10.frox.com
cdpCacheDevicePort.10101.16 = STRING : Ethernet10
cdpCacheDevicePort.10117.1 = STRING : Port 1
cdpCacheDevicePort.10120.2 = STRING : Port 1
cdpCacheDevicePort.10126.24 = STRING : Ethernet14
cdpCacheDevicePort.10143.22 = STRING : eth0
cdpCacheDevicePort.10148.6 = STRING : GigabitEthernet0/14
cdpCachePlatform.10101.16 = STRING : Communicator (Windows 7)
cdpCachePlatform.10117.1 = STRING : Cisco IP Phone 7945
cdpCachePlatform.10120.2 = STRING : Cisco IP Phone 7945
cdpCachePlatform.10126.24 = STRING : Communicator (Windows 7)
cdpCachePlatform.10143.22 = STRING : none found
cdpCachePlatform.10148.6 = STRING : cisco WS-C3560X-24
cdpCacheCapabilities.10101.16 = STRING : ?
cdpCacheCapabilities.10117.1 = STRING : ?
cdpCacheCapabilities.10120.2 = STRING : ?
cdpCacheCapabilities.10126.24 = STRING : ?
cdpCacheCapabilities.10143.22 = STRING :
cdpCacheCapabilities.10148.6 = STRING : )
cdpCacheVTPMgmtDomain.10148.6 = STRING : FX-CH
cdpCacheNativeVLAN.10101.16 = INTEGER : 0
cdpCacheNativeVLAN.10117.1 = INTEGER : 0
cdpCacheNativeVLAN.10120.2 = INTEGER : 0
cdpCacheNativeVLAN.10126.24 = INTEGER : 0
cdpCacheNativeVLAN.10143.22 = INTEGER : 0
cdpCacheNativeVLAN.10148.6 = INTEGER : 914
cdpCacheDuplex.10101.16 = INTEGER : 1
cdpCacheDuplex.10117.1 = INTEGER : 3
cdpCacheDuplex.10120.2 = INTEGER : 3
cdpCacheDuplex.10126.24 = INTEGER : 1
cdpCacheDuplex.10143.22 = INTEGER : 1
cdpCacheDuplex.10148.6 = INTEGER : 3
cdpCacheLastChange.10101.16 = Timeticks : 94 days 16:30:40
cdpCacheLastChange.10117.1 = Timeticks : 94 days 16:26:28
cdpCacheLastChange.10120.2 = Timeticks : 94 days 16:26:54
cdpCacheLastChange.10126.24 = Timeticks : 94 days 16:24:25
cdpCacheLastChange.10143.22 = Timeticks : 94 days 16:29:31
cdpCacheLastChange.10148.6 = Timeticks : 94 days 16:31:10 -
LMS4.1 wrong shown Trunk VLAN mismatch Discrepancies
shown Trunk VLAN mismatch Discrepancies are wrong:
C3650G-12S 12.2(46)SE IPService-K9
C2960-24TC-L 12.2(35)SE5 LANBase-M
As asked from CLI (sh int trunk, sh vlan) VLAN-Indexes and VLAN-Names are excactly the same at both sites.
Same as with duplex false positives, its hard to pick up the fiew real Trunk Vlan missmatches if you see much more false positives in that category.
Trunk VLANs Mismatch
Severity Medium
First Found 13 Oct 2011, 04:01:32 CEST
Description [PDMSW020012,GigabitEthernet1/0/10], [PDMTK_SWITCH_3,GigabitEthernet0/1]
Detail This Trunk Link has ports with mismatching active VLAN sets.
Port GigabitEthernet1/0/10 on device PDMSW020012 trunks following VLANs:Device type and OS version of PDMSW020012:
Cisco IOS Software, C3750 Software (C3750-IPSERVICESK9-M), Version 12.2(46)SE, RELEASE SOFTWARE (fc2)VLAN_ZEIT present in VTP domain NULL_x(T) and having index 51
VLAN_GMA present in VTP domain NULL_x(T) and having index 55
VLAN_TK present in VTP domain NULL_x(T) and having index 50
default present in VTP domain NULL_x(T) and having index 1
Port GigabitEthernet0/1 on device PDMTK_SWITCH_3 trunks following VLANs:Device type and OS version of PDMTK_SWITCH_3:
Cisco IOS Software, C2960 Software (C2960-LANBASE-M), Version 12.2(35)SE5, RELEASE SOFTWARE (fc1)
Port GigabitEthernet0/1 on device PDMTK_SWITCH_3 does not trunk the following VLAN indices:Device type and OS version of PDMTK_SWITCH_3:
Cisco IOS Software, C2960 Software (C2960-LANBASE-M), Version 12.2(35)SE5, RELEASE SOFTWARE (fc1)Index:55
Index:1
Index:50
Index:51Note: This discrepancy does not hold good if devices on either end of the trunk support different number of vlans.Hi Afroz,
i tried this, but it didn´t help.
i also have connected a 3750x in the same way to the N7K´s, there is no issue.
the only difference of the configuration is, that i have to enter "switchport trunk encapsulation dot1q" for the Uplink Ports / Portchannel.
for the same switch (2960s) and the same ports i have also the discrepancy "Trunk negotiation across VTP boundary"
anyhow, vtp is turned off:
VTP Version capable : 1 to 3
VTP version running : 3
VTP Domain Name : Access-XYZ
VTP Pruning Mode : Disabled
VTP Traps Generation : Disabled
Device ID : 1ce6.c788.e400
Feature VLAN:
VTP Operating Mode : Off
Number of existing VLANs : 11
Number of existing extended VLANs : 0
Maximum VLANs supported locally : 255
Feature MST:
VTP Operating Mode : Transparent
Feature UNKNOWN:
VTP Operating Mode : Transparent
is there really a configuration issue, or that are only wrong messages from LMS?
kind regards,
Michael -
Hi,
Is posible to configure a Switchport like dynamic vlan port and in the same time to be trunk port?Hi,
Static ports that are trunking cannot become dynamic ports. You must turn off trunking on the trunk port before changing it from static to dynamic.
You can find more info here.
http://www.cisco.com/en/US/products/hw/switches/ps708/products_configuration_guide_chapter09186a008007f2ec.html
HTH,
Sundar -
Private VLAN Promiscuous Trunk Port - Switches which support this function
Can anyone confirm if the "Private VLAN Promiscuous Trunk Port" feature is supported in any lower end switches such as Nexus 5548/5672 or 4500X? According to the feature navigator support seems to be restricted to the Catalyst 4500 range (excluding the 4500X) as shown below. If the feature is going to be supported in the Cat 3850 this would be good to know, thanks
4500x Yes
http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst4500/release/note/OL_26674-01.html
Nexus 5k Yes
http://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus5000/sw/layer2/521_n1_3/b_5k_Layer2_Config_521N13/b_5k_Layer2_Config_521N13_chapter_0100.html
3850s
They dont support pvs at all yet
http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3850/software/release/3se/vlan/configuration_guide/b_vlan_3se_3850_cg/b_vlan_3se_3850_cg_chapter_0100.html
Restrictions for VLANs
The following are restrictions for VLANs:
The switch supports per-VLAN spanning-tree plus (PVST+) or rapid PVST+ with a maximum of 128 spanning-tree instances. One spanning-tree instance is allowed per VLAN.
The switch supports IEEE 802.1Q trunking methods for sending VLAN traffic over Ethernet ports.
Configuring an interface VLAN router's MAC address is not supported. The interface VLAN already has an MAC address assigned by default.
Private VLANs are not supported on the switch.
You cannot have a switch stack containing a mix of Catalyst 3850 and Catalyst 3650 switches. -
Authenticating Trunk Ports - VLAN list
I have a requirement to authenticate trunk ports to wireless access-points on our Cisco switch, By default all ports are access ports and we run MAB authentication. I have managed to change the port to a trunk using Cisco-av-pair attribute in ACS (cisco-av-pair = deivce-traffic-class=switch)
My problem now is that I need to add a VLAN allowed list on the port once it has changed to a trunk port (switchport trunk allowed vlan x,y,z). ideally we would not want to statically assign the VLAN's on each port as an AP could be on any port and may wish to authenticate other trunk ports using different VLAN's in the future. Below is the configuration used on the ports.
cisp enable
interface FastEthernet0/2
description *** Client Device ***
switchport access vlan 2
switchport mode access
no logging event link-status
authentication event fail action next-method
authentication event server dead action reinitialize vlan 3
authentication event server alive action reinitialize
authentication order mab dot1x webauth
authentication priority mab dot1x webauth
authentication port-control auto
authentication fallback GUEST_FALLBACK
mab eap
dot1x pae authenticator
dot1x timeout tx-period 3
dot1x timeout supp-timeout 10
dot1x max-reauth-req 1
dot1x timeout auth-period 600
no cdp enable
spanning-tree portfast
Any help will be greatly appreciated.
Thanks
JohnHello
I would suggest the following:
>> Arrange for some physical enclosure (locked) or any other physical security control to ensure authorized access to the device. Any technical work-around or band-aid solution should only be temporary. What is someone just switches of your switches? DOS attack!! This could also be done by mistake, resulting in an unstructred threat.
>> Enable monitoring for these switches (ICMP,SNMP) so that you are alerted when they are unplugged.
>> Change the NATIVE VLAN from the default (VLAN 1)
>> Disable Trunk negotiation (ON mode)
Regards
Farrukh -
Maybe there's an obvious answer, but I have this strange thing;
Switchport config
interface GigabitEthernet0/2
description Trunk to CORE02
switchport mode trunk
shutdown
srr-queue bandwidth share 10 10 60 20
queue-set 2
priority-queue out
mls qos trust cos
auto qos voip trust
sh vlan brie
VLAN Name Status Ports
1 default active Gi0/2
Why is it that this port, which is configured as a trunk port, shows up as active in vlan1? Also when I do a show interfaces trunk, this specific port is not listed as a trunked port. By the way I had to shutdown the port because it was causing issues. It's a redundant link, when enabled I would expect spanning tree to do it's magic, but somehow it does not and instead causes half of our lan to become unreachable. Not sure why.in my switch I can not delete it
Switch Ports Model SW Version SW Image
* 1 52 WS-C2960S-48TS-L 12.2(58)SE2 C2960S-UNIVERSALK9-M
interface GigabitEthernet1/0/41
description 2960_24_POE_5_24
switchport mode trunk
spanning-tree portfast
_Cat_2960s_5_1#sh vla br
VLAN Name Status Ports
1 default active Gi1/0/41,
_Cat_2960s_5_1#
_Cat_2960s_5_1#sh runn all | b interface GigabitEthernet1/0/41
interface GigabitEthernet1/0/41
description 2960_24_POE_5_24
switchport
switchport access vlan 1
switchport private-vlan trunk encapsulation dot1q
switchport private-vlan trunk native vlan tag
switchport mode trunk
no switchport nonegotiate
no switchport protected
no switchport block multicast
no switchport block unicast
switchport port-security maximum 1
no switchport port-security
_Cat_2960s_5_1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
_Cat_2960s_5_1(config)#interface GigabitEthernet1/0/41
_Cat_2960s_5_1(config-if)#no switchport access vlan 1
_Cat_2960s_5_1(config-if)#^Z
_Cat_2960s_5_1#
_Cat_2960s_5_1#
_Cat_2960s_5_1#
_Cat_2960s_5_1#
_Cat_2960s_5_1#
_Cat_2960s_5_1#
_Cat_2960s_5_1#sh runn all | b interface GigabitEthernet1/0/41
interface GigabitEthernet1/0/41
description 2960_24_POE_5_24
switchport
switchport access vlan 1
switchport private-vlan trunk encapsulation dot1q
switchport private-vlan trunk native vlan tag
switchport mode trunk
another trunk port with native vlan configured is not in vlan 1 -
Dedicated VLAN ID's on trunk ports
I was reading the SAFE:Security Blueprint for Enterprise Networks. This document addresses in its "Switches are targets" section on Page 6 that "Always use a dedicated VLAN ID for all trunk ports"...
I am trying to understand this concept fully.
If I consider my trunk ports, most are physical fiber "links" that interconnect the switches. Some trunk links connect Distribution L to Access L; some Distribution to Core.
Where do I put the VLAN ID on thes?? Should I translate this to mean that on Gig0/0 on SW.1 i place this interface in VLAN 23 and on the switch on the other end of the link I also place the Gig0/0 in VLAN 23 as well??
Also I am not sure why this helps secure the switch. Can someone pls assist. I am grateful.Hi,
This is not actually the VLAN pruning.This is just specifically allowing some vlans on the trunk ports and removing other unwanted vlans.
Prunning works in a diff way and it will save the bandwidth on the trunk links by prunning the unwanted broadcast on the trunks for a particular vlan if no host is active on that vlan on a particular switch. I.e If you dont have any active host on a vlan on a particular switch and if there is a broadcast on that vlan which will come over the trunk so if no host is active that broadcast is prunned on the trunk where no host is active on the switch.
HTH,
-amit singh -
Hello! I have a network in with a i have a switch stack configured for voice and data. Particularly, both are configured to pass over the same port.
I want to add a temporary switch (different model) to the network and configure it the same way. In particular, I want to see that I can set up the voice/data VLAN's on this new switch and test to confirm all is working. I need an uplink though back to the original switches so that this new switch can get a proper connection.
When I connect the new switch in, I can't seem to get an IP and the CLI keeps showing a "Native VLAN mismatch error" and shows the hostname of the original switch.
So my questions are:
How can I add this temporary switch to the existing switch to get a connection, not as another stacked switch?
How can I configure the voice/data VLAN's on the switch so as to be able to test the voice/data traffic over the same port?Hi! Yes I did change the native vlan for that particular port on "Sw2" (New switch) to match "Sw1" (existing switch). The Sw2 port shows native vlan inactive though.
Below is an output from them on that port.
(SW1)
Name: Gi3/0/5
Switchport: Enabled
Administrative Mode: trunk
Operational Mode: trunk
Administrative Trunking Encapsulation: dot1q
Operational Trunking Encapsulation: dot1q
Negotiation of Trunking: On
Access Mode VLAN: 1 (default)
Trunking Native Mode VLAN: 100 (VLAN0100)
Administrative Native VLAN tagging: enabled
Voice VLAN: 10 (VLAN0010)
Administrative private-vlan host-association: none
Administrative private-vlan mapping: none
Administrative private-vlan trunk native VLAN: none
Administrative private-vlan trunk Native VLAN tagging: enabled
Administrative private-vlan trunk encapsulation: dot1q
Administrative private-vlan trunk normal VLANs: none
Administrative private-vlan trunk private VLANs: none
Operational private-vlan: none
Trunking VLANs Enabled: ALL
Pruning VLANs Enabled: 2-1001
Capture Mode Disabled
Capture VLANs Allowed: ALL
Protected: false
Unknown unicast blocked: disabled
Unknown multicast blocked: disabled
Appliance trust: none
SW2
Name: Gi3/0/5
Switchport: Enabled
Administrative Mode: trunk
Operational Mode: trunk
Administrative Trunking Encapsulation: dot1q
Operational Trunking Encapsulation: dot1q
Negotiation of Trunking: On
Access Mode VLAN: 1 (default)
Trunking Native Mode VLAN: 100 (Inactive)
Administrative Native VLAN tagging: enabled
Voice VLAN: 10 (Voice)
Administrative private-vlan host-association: none
Administrative private-vlan mapping: none
Administrative private-vlan trunk native VLAN: none
Administrative private-vlan trunk Native VLAN tagging: enabled
Administrative private-vlan trunk encapsulation: dot1q
Administrative private-vlan trunk normal VLANs: none
Administrative private-vlan trunk private VLANs: none
Operational private-vlan: none
Trunking VLANs Enabled: ALL
Pruning VLANs Enabled: 2-1001
Capture Mode Disabled
Capture VLANs Allowed: ALL
Protected: false
Unknown unicast blocked: disabled
Unknown multicast blocked: disabled
Appliance trust: none -
Service instance and trunk ports
hi I have the following configuration:
interface Port-channel1
description SHN-AX1-1-2-CNRY
switchport trunk allowed vlan none
switchport mode trunk
load-interval 30
no keepalive
service instance 1 ethernet
encapsulation untagged
l2protocol peer lacp
bridge-domain 1
service instance 2 ethernet
description IDP_VLAN_2
encapsulation dot1q 2
bridge-domain 3998
service instance 3 ethernet
description BBR_VLAN
encapsulation dot1q 420
bridge-domain 3998
service instance 4 ethernet
description MGMT_VLAN
encapsulation dot1q 95
bridge-domain 3998
service instance 5 ethernet
description STATIC_VLAN
encapsulation dot1q 3641,3644,3777,3291
bridge-domain 3998
service instance 6 ethernet
description SME_VLAN
encapsulation dot1q 2098,2339
bridge-domain 3998
interface Port-channel1
description SHN-AX1-1-2-CNRY
switchport trunk allowed vlan none
switchport mode trunk
load-interval 30
no keepalive
service instance 1 ethernet
encapsulation untagged
l2protocol peer lacp
bridge-domain 1
service instance 2 ethernet
description IDP_VLAN_2
encapsulation dot1q 2
bridge-domain 3998
service instance 3 ethernet
description BBR_VLAN
encapsulation dot1q 420
bridge-domain 3998
service instance 4 ethernet
description MGMT_VLAN
encapsulation dot1q 95
bridge-domain 3998
service instance 5 ethernet
description STATIC_VLAN
encapsulation dot1q 3641,3644,3777,3291
bridge-domain 3998
service instance 6 ethernet
description SME_VLAN
encapsulation dot1q 2098,2339
bridge-domain 3998
interface GigabitEthernet0/1
switchport trunk allowed vlan none
switchport mode trunk
channel-group 1 mode on
interface GigabitEthernet0/2
switchport trunk allowed vlan none
switchport mode trunk
channel-group 1 mode on
interface Port-channel12
description SHN-AGG-BX1
switchport trunk allowed vlan 34,50,76,3998
switchport mode trunk
mtu 9000
interface GigabitEthernet0/23
switchport trunk allowed vlan 34,3998
switchport mode trunk
mtu 9000
channel-group 12 mode active
interface GigabitEthernet0/24
switchport trunk allowed vlan 34,3998
switchport mode trunk
mtu 9000
channel-group 12 mode active
the input interfaces are gigEth0/1 and gigEth0/2 and the output interfaces are gigEth0/23 and gigEth0/24.
the ingress traffic at the input port has a single tag and the ingress traffic at the output port has two tags.
please explain me, where tags would be pushed/popped and why??
thank you.Hello.
You might have confused service instance configuration and usual switchport mode trunk.
Please refer figure 11-10 in the document http://www.cisco.com/c/en/us/td/docs/switches/metro/me3600x_3800x/software/release/12-2_52_ey/configuration/guide/3800x3600xscg/swevc.html
>But there is a typo - per description it should be "enc doat1q 20" under service instance 9on the picture).
Also under Figure 11-2 we have following example:
QinQ is also supported when sending packets between an EFP and a switchport trunk, because the switchport trunk is implicitly defined as rewrite ingress tag pop 1 symmetric. The same external behavior as Method 1 can be achieved with this configuration:
Switch (config)# interface gigabitethernet0/1
Switch (config-if)# service instance 1 Ethernet
Switch (config-if-srv)# encapsulation dot1q 1-100
Switch (config-if-srv)# bridge-domain 30
Switch (config)# interface gigabitethernet0/2
Switch (config-if)# switchport mode trunk
Again, service instance 1 on Gigabit Ethernet port 0/1 is configured with the VLAN encapsulations used by the customer: C-VLANs 1-100. These are forwarded on bridge-domain 30. The service provider facing port is configured as a trunk port. The trunk port implicitly pushes a tag matching the bridge-domain that the packet is forwarded on (in this case S-VLAN 30). -
Hi,
My setup is:
switcha(vlan 1) <-> router <-> switchb(vlan2)
Switcha and switchb are on different subnets. Why do I get a vlan mismatch in this case? The vlan assigned to the connecting ports are irrelevant because these switches are in different subnets.HI
Are this switches connected with each other.if they are then i think they are configured as trunk ports.so the native vlan should be same on both the swithes.
Thanks
Mahmood -
Etherchannel Non-adjacent Ports
I am trying to create an etherchannel between non adjacent ports on a 6509 running catos and a 4507 running ios. The switches are configured as follows:
Cisco 6509 running CatOS ver 8.4(5)
set trunk 1/1 on dot1q 1-4094
set port channel 1/1 mode on
set trunk 7/1 on dot1q 1-4094
set port channel 7/1 mode on
Catalyst 4500 running IOS ver 12.2(31)SG
interface Port-channel9
switchport
switchport trunk encapsulation dot1q
switchport mode trunk
switchport nonegotiate
interface GigabitEthernet3/12
switchport trunk encapsulation dot1q
switchport mode trunk
switchport nonegotiate
channel-group 9 mode on
interface GigabitEthernet4/12
switchport trunk encapsulation dot1q
switchport mode trunk
switchport nonegotiate
channel-group 9 mode on
I disable all the ports involved, deliver the configuration and when I reenable the ports one line connects and the other line goes errdisabled and no channel is formed. What am I doing wrong?
Thanks in advancedthere should be no problem with channeling between a catos box and a ios box . Have you looked in the logs , usually it will give you an idea why it err-disabled a port . The other thing to check seeing that you are trunking also is to make sure both ends are using the same native vlan for all ports involved. On the catos side it will just be whatever the ports will fall back to if the channel fails, this is set by the set vlan X slot/port command . On the IOS side you need to add the switchport trunk native vlan X" command . The way it is now it is assuming that everything is in vlan 1 which I don't know if its true or not . What vlan are the ports on the catos side set into ? you also just use the following after verify the native vlan is the same on both sides . Use channel-group X mode desirable non-silent and on the catos side use "set port channel slot/port mode desirable non-silent .
-
Native Vlan Mismatch on Switch LD connected to
I am running 3 switches each with the same 3 vlans. I also have 2 local directors in failover mode. The primary has interfaces connected to switch one and the secondary has interfaces to switch two. Trunking is disabled on all device ports but enabled on a dedicated fiber connection between the 2 switches
The first vlan is vlan 1 for management
The second is vlan 2 for the gateway side of the local directors
The third is vlan 3 for the server side of the local directors
On the primary switch I am logging CDP messages telling me i have a native vlan mismatch on the 2 local director ports. The secondary switch I dont get these messages.
Any ideas what is going on here and why? Thanks, Art.You mention above " but trunking is enabled on a dedicated fiber connection between the two switches", therefore trunking is enabled.
Because trunked ports need to be assigned to the same native vlan, I would do a "show trunk" and verify that the port used for trunking on each switch, are assigned to the same native vlan, I've seen the mismatch if the are not. That command above is if your switch is using CatalystOS, otherwise, use this command for NativeOS - sh int fast 0/1 switchport and look for the "trunking native mode vlan" number. They must match on each side. To correct the problem, do set vlan 1 4/10 to assign port 4/10 to vlan 1 which, is your management vlan which I assume you've choosen to be your native vlan.
Hope this helps.
Maybe you are looking for
-
Moving from one screen to another
Hi all, I have developed an ALV program, i have used 2 screens. when i double on one value the 2nd screen with more details should be displayed. till this point it is fine. But when i press back button it is coming to 1st screen but the screen is emp
-
Message Monitor Doesn't Display All Errors
Hi, I have a strange problem with PI Message Monitor. There are some error messages on Message Status Overview tab (let's say 100). When I click on the number of errors, PI switches to Database tab and should display these 100 errors. However sometim
-
Invalid credential error in SCC for all users
Hi, None of the users, including the admin user, are able to enter the SCC. The SCC portal opens, but when the users try to enter their credentials the system prompts them with 'Invalid Credentials'. Please help me on this and let me know you require
-
HP6940 power interupted...now prints lots of boxes across printed page
HPDeskjet 6940 I've owned 3 of these and love the printer but think I just scrambled the printer's motherboard!? i was printing a 3 page Word document when i accidentally disconnected the cord between the printer and the pc. I immediately reconnected
-
File attachment translation between .mac and .me
Why does a .xls, .doc, etc. sent to mac.com change to a 'winmail.dat' file but when I send it to me.com it displays correctly? Is there a resolution?