Vlan mismatch on a non-trunk port?

I have a 6500, running CatOS 7.6(2), directly connected to a 3500xl (running IOS 12.0(5)) with Cat5. I am *not* trunking between them. Each port is running under a different native VLANs, which I wouldn't think was an issue since they aren't trunking. The connection works fine, and packets flow between them as expected, but my 6500 complains about a native VLAN mismatch on that port. Is this a bug on the CatOS side? The 3500xl doesn't seem to complain about the native vlans being different.

Yes, these are CDP messages:
%CDP-4-NVLANMISMATCH:Native vlan mismatch detected on port 4/39
I am sure the port is not trunking:
Commons_6506_1> show trunk 4/39
Port Mode Encapsulation Status Native vlan
4/39 off dot1q not-trunking 54
Each port is in a different access VLAN. I just thought it odd that the 6500 cared about the native vlans since there was no trunking, and thus, no native vlan (just the active vlan).

Similar Messages

  • How can i disable cdp vlan mismatch message?

    Hello,
    I have some trouble with vlan mismatch using cdp message. because, port of main siwch configured vlan 100, but port of access switch configured vlan1. thus vlan mismatch message displayed using cdp message.
    At this time, I'm usally try to change some value both of switches. for examlple, chaning vtp domain or disabling cdp or adjusting vlan information both of swiches.
    Is there any other method to troubleshooting these issue?
    regards,
    John.

    Hi joh,
    Changing the vtp domain and all will not help you,It is clear that there is mismatch in the allowing vlan in the connected ports of both sitches.
    Try to configure both ports in the same vlan, or else leave the port of the access switch in trunk mode without specifiying any vlan if it doesn't affect your traffic.
    Rgs,

  • Unable to add allowed VLANs to TenGig trunk port

    Hi,
    I've got a ten gig interface on a 6509 running 12.2(33) configured as a trunk, but I've not been able to add any allowed VLANs as I've done before on other ten gig ports on different 6509 chassis. Am I missing something obvious?
    I'm assuming that the reason I'm unable to set the encapsulation to dot1q is because the new hardware doens't support ISL, hence no need. The command to add the VLANs however doesn't get rejected, it just doesn't appear to do anything.
    I've tried adding single VLANs and multiples, but no joy. Any ideas?
    Here's what I've done:
    SWITCH_1631(config)#default int t4/1
    Interface TenGigabitEthernet4/1 set to default configuration
    SWITCH_1631#sh ru int t4/12
    Building configuration...
    Current configuration : 65 bytes
    interface TenGigabitEthernet4/12
     no ip address
     shutdown
    end
    SWITCH_1631(config)#int t4/1
    SWITCH_1631(config-if)#switchport
    SWITCH_1631(config-if)#switchport mode trunk
    SWITCH_1631(config-if)#switchport trunk allowed vlan ?
      WORD    VLAN IDs of the allowed VLANs when this port is in trunking mode
      add     add VLANs to the current list
      all     all VLANs
      except  all VLANs except the following
      none    no VLANs
      remove  remove VLANs from the current list
    SWITCH_1631(config-if)#switchport trunk allowed vlan add 700
    SWITCH_1631(config-if)#
    SWITCH_1631#sh vlan id 700
    VLAN Name                             Status    Ports
    700  VLAN_NAME                        active    <snip>
    SWITCH_1631#sh ru int t4/1
    Building configuration...
    Current configuration : 74 bytes
    interface TenGigabitEthernet4/1
     switchport
     switchport mode trunk
    end

    Steve,
    Thanks for getting back to me. You're right that it is by default a dot1q trunk allowing all VLANs, therefore it should work for what I want to do.
    Port                Mode         Encapsulation  Status        Native vlan
    Gi3/39              on           802.1q         trunking      1
    Te4/1               on           802.1q         trunking      1
    Po1                 on           802.1q         trunking      50
    Po2                 on           802.1q         trunking      50
    Po3                 on           802.1q         trunking      50
    Po4                 on           802.1q         trunking      50
    Po5                 on           802.1q         trunking      50
    Port                Vlans allowed on trunk
    Gi3/39              15-16,20-23,30,401,608
    Te4/1               1-4094
    Po1                 10,13,20-21,25,30,50,52,61,70,600,700-701,950
    Po2                 10,20,30,50,52,61,70,600,700-701,950
    Po3                 10,20,30,50,61,70,600,700-701,950
    Po4                 10,20,30,50,61,70,600,700-701,950
    Po5                 2-3,10-23,25-26,30,35-36,40,50-53,56,58,61,65,70,77,101-102,145-146,155-158,401-402,600-602,608,700-701,800,950
    The problem was that I've always been advised that best practise is to only allow the VLANs that are actually required on a trunk to avoid broadcasting traffic unnecessarily. I worked out what the issue was though, and it was a pretty simple one!
    Once I saw that 1-4094 was allowed I tried "switchport trunk allowed vlan remove 700" which worked and left me with 1-699,701-4094.
    Then I realised what the problem was  trying to use the "add" command when all possible VLANs had already been added. As soon as I got rid of it and used "switchport trunk allowed vlan 700" followed by "switchport trunk allowed vlan add 701" I was back in business.
    So it was a very simple issue, but thank you Steve for pointing me in the right direction and confirming that all the VLANs were already allowed!

  • Link Trunk / Non Trunk Mismatch & Trunk negotiation accross VTP boundaries

    Hello,
    i'm getting the following two discrepancies in my LMS Prime which i can't explain.
    Trunk negotiation accross VTP boundaries
    [FX-CH-SW10,GigabitEthernet0/14],[nos-sw01,GigabitEthernet0/14],[FX-CH-SW14.GigabitEthernet0/48
    it's really odd, because the switches FX-CH-SW10 and nos-sw01 are on different sites with an WAN in between.
    the same for Link Trunk / Non Trunk Mismatch
    FX-CH-SW15,GigabitEthernet0/48],[nos-ch-sw01,GigabitEthernet0/15],[FX-CH-SW10,GigabitEthernet0/15]
    even in the topology view of the fx-ch-sw10 i see the nos-sw01.
    can anybody explain why this happens?
    regards
    Alex

    This looks also fine, no nos-xx switch in there
    The following is a SNMP walk of device 172.16.9.46 starting from .1.3.6.1.4.1.9.9.23.1.2.1.1
    SNMP Walk Output
    .1.3.6.1.4.1.9.9.23.1.2.1.1
    cdpCacheAddressType.10101.16 = INTEGER : 1
    cdpCacheAddressType.10117.1 = INTEGER : 1
    cdpCacheAddressType.10120.2 = INTEGER : 1
    cdpCacheAddressType.10126.24 = INTEGER : 1
    cdpCacheAddressType.10143.22 = INTEGER : 1
    cdpCacheAddressType.10148.6 = INTEGER : 1
    cdpCacheAddress.10101.16 = STRING :
    6
    cdpCacheAddress.10117.1 = STRING :
    cdpCacheAddress.10120.2 = STRING :
    cdpCacheAddress.10126.24 = STRING :
    2
    cdpCacheAddress.10143.22 = STRING :
    4
    cdpCacheAddress.10148.6 = STRING :
    cdpCacheVersion.10101.16 = STRING : 8.6.1.0
    cdpCacheVersion.10117.1 = STRING : SIP45.9-2-1S
    cdpCacheVersion.10120.2 = STRING : SIP45.9-2-1S
    cdpCacheVersion.10126.24 = STRING : 8.6.1.0
    cdpCacheVersion.10143.22 = STRING : Linux 2.4.21-47.ELsmp #1 SMP Wed Jul 5 20:38:41 EDT 2006 CCM:6.1.1.2000-3
    cdpCacheVersion.10148.6 = STRING : Cisco IOS Software, C3560E Software (C3560E-UNIVERSALK9-M), Version 12.2(55)SE1, RELEASE SOFTWARE (fc1)
    Technical Support: http://www.cisco.com/techsupport
    Copyright (c) 1986-2010 by Cisco Systems, Inc.
    Compiled Thu 02-Dec-10 06:44 by prod_rel_team
    cdpCacheDeviceId.10101.16 = STRING : SEP0011856110B2
    cdpCacheDeviceId.10117.1 = STRING : SEP6C504DDB7AC0
    cdpCacheDeviceId.10120.2 = STRING : SEPF025727881B1
    cdpCacheDeviceId.10126.24 = STRING : cipc-mknuchel
    cdpCacheDeviceId.10143.22 = STRING : ccm-sdk.fxwl.lan
    cdpCacheDeviceId.10148.6 = STRING : FX-CH-SW10.frox.com
    cdpCacheDevicePort.10101.16 = STRING : Ethernet10
    cdpCacheDevicePort.10117.1 = STRING : Port 1
    cdpCacheDevicePort.10120.2 = STRING : Port 1
    cdpCacheDevicePort.10126.24 = STRING : Ethernet14
    cdpCacheDevicePort.10143.22 = STRING : eth0
    cdpCacheDevicePort.10148.6 = STRING : GigabitEthernet0/14
    cdpCachePlatform.10101.16 = STRING : Communicator (Windows 7)
    cdpCachePlatform.10117.1 = STRING : Cisco IP Phone 7945
    cdpCachePlatform.10120.2 = STRING : Cisco IP Phone 7945
    cdpCachePlatform.10126.24 = STRING : Communicator (Windows 7)
    cdpCachePlatform.10143.22 = STRING : none found
    cdpCachePlatform.10148.6 = STRING : cisco WS-C3560X-24
    cdpCacheCapabilities.10101.16 = STRING : ?
    cdpCacheCapabilities.10117.1 = STRING :  ?
    cdpCacheCapabilities.10120.2 = STRING :  ?
    cdpCacheCapabilities.10126.24 = STRING : ?
    cdpCacheCapabilities.10143.22 = STRING : 
    cdpCacheCapabilities.10148.6 = STRING : )
    cdpCacheVTPMgmtDomain.10148.6 = STRING : FX-CH
    cdpCacheNativeVLAN.10101.16 = INTEGER : 0
    cdpCacheNativeVLAN.10117.1 = INTEGER : 0
    cdpCacheNativeVLAN.10120.2 = INTEGER : 0
    cdpCacheNativeVLAN.10126.24 = INTEGER : 0
    cdpCacheNativeVLAN.10143.22 = INTEGER : 0
    cdpCacheNativeVLAN.10148.6 = INTEGER : 914
    cdpCacheDuplex.10101.16 = INTEGER : 1
    cdpCacheDuplex.10117.1 = INTEGER : 3
    cdpCacheDuplex.10120.2 = INTEGER : 3
    cdpCacheDuplex.10126.24 = INTEGER : 1
    cdpCacheDuplex.10143.22 = INTEGER : 1
    cdpCacheDuplex.10148.6 = INTEGER : 3
    cdpCacheLastChange.10101.16 = Timeticks : 94 days 16:30:40
    cdpCacheLastChange.10117.1 = Timeticks : 94 days 16:26:28
    cdpCacheLastChange.10120.2 = Timeticks : 94 days 16:26:54
    cdpCacheLastChange.10126.24 = Timeticks : 94 days 16:24:25
    cdpCacheLastChange.10143.22 = Timeticks : 94 days 16:29:31
    cdpCacheLastChange.10148.6 = Timeticks : 94 days 16:31:10

  • LMS4.1 wrong shown Trunk VLAN mismatch Discrepancies

    shown Trunk VLAN mismatch Discrepancies are wrong:
    C3650G-12S 12.2(46)SE IPService-K9
    C2960-24TC-L 12.2(35)SE5 LANBase-M
    As asked from CLI (sh int trunk, sh vlan) VLAN-Indexes and VLAN-Names are excactly the same at both sites.
    Same as with duplex false positives, its hard to pick up the fiew real Trunk Vlan missmatches if you see much more false positives in that category.
    Trunk VLANs Mismatch
    Severity  Medium
    First Found  13 Oct 2011, 04:01:32 CEST
    Description  [PDMSW020012,GigabitEthernet1/0/10], [PDMTK_SWITCH_3,GigabitEthernet0/1]
    Detail  This Trunk Link has ports with mismatching active VLAN sets.
    Port GigabitEthernet1/0/10 on device PDMSW020012 trunks following VLANs:Device type and OS version of PDMSW020012:
    Cisco IOS Software, C3750 Software (C3750-IPSERVICESK9-M), Version 12.2(46)SE, RELEASE SOFTWARE (fc2)VLAN_ZEIT present in VTP domain NULL_x(T) and having index 51
    VLAN_GMA present in VTP domain NULL_x(T) and having index 55
    VLAN_TK present in VTP domain NULL_x(T) and having index 50
    default present in VTP domain NULL_x(T) and having index 1
    Port GigabitEthernet0/1 on device PDMTK_SWITCH_3 trunks following VLANs:Device type and OS version of PDMTK_SWITCH_3:
    Cisco IOS Software, C2960 Software (C2960-LANBASE-M), Version 12.2(35)SE5, RELEASE SOFTWARE (fc1)
    Port GigabitEthernet0/1 on device PDMTK_SWITCH_3 does not trunk the following VLAN indices:Device type and OS version of PDMTK_SWITCH_3:
    Cisco IOS Software, C2960 Software (C2960-LANBASE-M), Version 12.2(35)SE5, RELEASE SOFTWARE (fc1)Index:55
    Index:1
    Index:50
    Index:51Note: This discrepancy does not hold good if devices on either end of the trunk support different number of vlans.

    Hi Afroz,
    i tried this, but it didn´t help.
    i also have connected a 3750x in the same way to the N7K´s, there is no issue.
    the only difference of the configuration is, that i have to enter "switchport trunk encapsulation dot1q" for the Uplink Ports / Portchannel.
    for the same switch (2960s) and the same ports i have also the discrepancy "Trunk  negotiation across VTP boundary"
    anyhow, vtp is turned off:
    VTP Version capable             : 1 to 3
    VTP version running             : 3
    VTP Domain Name                 : Access-XYZ
    VTP Pruning Mode                : Disabled
    VTP Traps Generation            : Disabled
    Device ID                       : 1ce6.c788.e400
    Feature VLAN:
    VTP Operating Mode                : Off
    Number of existing VLANs          : 11
    Number of existing extended VLANs : 0
    Maximum VLANs supported locally   : 255
    Feature MST:
    VTP Operating Mode                : Transparent
    Feature UNKNOWN:
    VTP Operating Mode                : Transparent
    is there really a configuration issue, or that are only wrong messages from LMS?
    kind regards,
    Michael

  • Dynamic Vlan-Trunk port

    Hi,
    Is posible to configure a Switchport like dynamic vlan port and in the same time to be trunk port?

    Hi,
    Static ports that are trunking cannot become dynamic ports. You must turn off trunking on the trunk port before changing it from static to dynamic.
    You can find more info here.
    http://www.cisco.com/en/US/products/hw/switches/ps708/products_configuration_guide_chapter09186a008007f2ec.html
    HTH,
    Sundar

  • Private VLAN Promiscuous Trunk Port - Switches which support this function

    Can anyone confirm if the "Private VLAN Promiscuous Trunk Port" feature is supported in any lower end switches such as Nexus 5548/5672 or 4500X? According to the feature navigator support seems to be restricted to the Catalyst 4500 range (excluding the 4500X) as shown below. If the feature is going to be supported in the Cat 3850 this would be good to know, thanks

    4500x Yes
    http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst4500/release/note/OL_26674-01.html
    Nexus 5k Yes
    http://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus5000/sw/layer2/521_n1_3/b_5k_Layer2_Config_521N13/b_5k_Layer2_Config_521N13_chapter_0100.html
    3850s
    They dont support pvs at all yet
    http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3850/software/release/3se/vlan/configuration_guide/b_vlan_3se_3850_cg/b_vlan_3se_3850_cg_chapter_0100.html
    Restrictions for VLANs
    The following are restrictions for VLANs:
    The switch supports per-VLAN spanning-tree plus (PVST+) or rapid PVST+ with a maximum of 128 spanning-tree instances. One spanning-tree instance is allowed per VLAN.
    The switch supports IEEE 802.1Q trunking methods for sending VLAN traffic over Ethernet ports.
    Configuring an interface VLAN router's MAC address is not supported. The interface VLAN already has an MAC address assigned by default.
    Private VLANs are not supported on the switch.
    You cannot have a switch stack containing a mix of Catalyst 3850 and Catalyst 3650 switches.

  • Authenticating Trunk Ports - VLAN list

    I have a requirement to authenticate trunk ports to wireless access-points on our Cisco switch, By default all ports are access ports and we run MAB authentication. I have managed to change the port to a trunk using Cisco-av-pair attribute in ACS (cisco-av-pair = deivce-traffic-class=switch)
    My problem now is that I need to add a VLAN allowed list on the port once it has changed to a trunk port (switchport trunk allowed vlan x,y,z). ideally we would not want to statically assign the VLAN's on each port as an AP could be on any port and may wish to authenticate other trunk ports using different VLAN's in the future. Below is the configuration used on the ports.
    cisp enable
    interface FastEthernet0/2
     description *** Client Device ***
     switchport access vlan 2
     switchport mode access
     no logging event link-status
     authentication event fail action next-method
     authentication event server dead action reinitialize vlan 3
     authentication event server alive action reinitialize
     authentication order mab dot1x webauth
     authentication priority mab dot1x webauth
     authentication port-control auto
     authentication fallback GUEST_FALLBACK
     mab eap
     dot1x pae authenticator
     dot1x timeout tx-period 3
     dot1x timeout supp-timeout 10
     dot1x max-reauth-req 1
     dot1x timeout auth-period 600
     no cdp enable
     spanning-tree portfast
    Any help will be greatly appreciated. 
    Thanks
    John

    Hello
    I would suggest the following:
    >> Arrange for some physical enclosure (locked) or  any other physical security control to ensure authorized access to the device. Any technical work-around or band-aid solution should only be temporary. What is someone just switches of your switches? DOS attack!! This could also be done by mistake, resulting in an unstructred threat.
    >> Enable monitoring for these switches (ICMP,SNMP) so that you are alerted when they are unplugged.
    >> Change the NATIVE VLAN from the default (VLAN 1)
    >> Disable Trunk negotiation (ON mode)
    Regards
    Farrukh

  • Trunked port active in vlan

    Maybe there's an obvious answer, but I have this strange thing;
    Switchport config
    interface GigabitEthernet0/2
     description Trunk to CORE02
     switchport mode trunk
     shutdown
     srr-queue bandwidth share 10 10 60 20
     queue-set 2
     priority-queue out
     mls qos trust cos
     auto qos voip trust
    sh vlan brie
    VLAN Name                             Status    Ports
    1    default                          active    Gi0/2
    Why is it that this port, which is configured as a trunk port, shows up as active in vlan1? Also when I do a show interfaces trunk, this specific port is not listed as a trunked port. By the way I had to shutdown the port because it was causing issues. It's a redundant link, when enabled I would expect spanning tree to do it's magic, but somehow it does not and instead causes half of our lan to become unreachable. Not sure why.

    in my switch I can not delete it
    Switch Ports Model              SW Version            SW Image                 
    *    1 52    WS-C2960S-48TS-L   12.2(58)SE2           C2960S-UNIVERSALK9-M     
    interface GigabitEthernet1/0/41
     description 2960_24_POE_5_24
     switchport mode trunk
     spanning-tree portfast
    _Cat_2960s_5_1#sh vla br
    VLAN Name                             Status    Ports
    1    default                          active    Gi1/0/41, 
    _Cat_2960s_5_1#
    _Cat_2960s_5_1#sh runn all | b interface GigabitEthernet1/0/41
    interface GigabitEthernet1/0/41
     description 2960_24_POE_5_24
     switchport
     switchport access vlan 1
     switchport private-vlan trunk encapsulation dot1q
     switchport private-vlan trunk native vlan tag
     switchport mode trunk
     no switchport nonegotiate
     no switchport protected
     no switchport block multicast
     no switchport block unicast
     switchport port-security maximum 1
     no switchport port-security
    _Cat_2960s_5_1#conf t
    Enter configuration commands, one per line.  End with CNTL/Z.
    _Cat_2960s_5_1(config)#interface GigabitEthernet1/0/41
    _Cat_2960s_5_1(config-if)#no switchport access vlan 1
    _Cat_2960s_5_1(config-if)#^Z
    _Cat_2960s_5_1#
    _Cat_2960s_5_1#
    _Cat_2960s_5_1#
    _Cat_2960s_5_1#
    _Cat_2960s_5_1#
    _Cat_2960s_5_1#
    _Cat_2960s_5_1#sh runn all | b interface GigabitEthernet1/0/41
    interface GigabitEthernet1/0/41
     description 2960_24_POE_5_24
     switchport
     switchport access vlan 1
     switchport private-vlan trunk encapsulation dot1q
     switchport private-vlan trunk native vlan tag
     switchport mode trunk
    another trunk port with native vlan configured is not in vlan 1

  • Dedicated VLAN ID's on trunk ports

    I was reading the SAFE:Security Blueprint for Enterprise Networks. This document addresses in its "Switches are targets" section on Page 6 that "Always use a dedicated VLAN ID for all trunk ports"...
    I am trying to understand this concept fully.
    If I consider my trunk ports, most are physical fiber "links" that interconnect the switches. Some trunk links connect Distribution L to Access L; some Distribution to Core.
    Where do I put the VLAN ID on thes?? Should I translate this to mean that on Gig0/0 on SW.1 i place this interface in VLAN 23 and on the switch on the other end of the link I also place the Gig0/0 in VLAN 23 as well??
    Also I am not sure why this helps secure the switch. Can someone pls assist. I am grateful.

    Hi,
    This is not actually the VLAN pruning.This is just specifically allowing some vlans on the trunk ports and removing other unwanted vlans.
    Prunning works in a diff way and it will save the bandwidth on the trunk links by prunning the unwanted broadcast on the trunks for a particular vlan if no host is active on that vlan on a particular switch. I.e If you dont have any active host on a vlan on a particular switch and if there is a broadcast on that vlan which will come over the trunk so if no host is active that broadcast is prunned on the trunk where no host is active on the switch.
    HTH,
    -amit singh

  • Connect additional switch to existing switch, receiving vlan mismatch, also want to configure same VLAN's

    Hello! I have a network in with a i have a switch stack configured for voice and data. Particularly, both are configured to pass over the same port.
    I want to add a temporary switch (different model) to the network and configure it the same way. In particular, I want to see that I can set up the voice/data VLAN's on this new switch and test to confirm all is working. I need an uplink though back to the original switches so that this new switch can get a proper connection. 
    When I connect the new switch in, I can't seem to get an IP and the CLI keeps showing a "Native VLAN mismatch error" and shows the hostname of the original switch. 
    So my questions are:
    How can I add this temporary switch to the existing switch to get a connection, not as another stacked switch?
    How can I configure the voice/data VLAN's on the switch so as to be able to test the voice/data traffic over the same port? 

    Hi! Yes I did change the native vlan for that particular port on "Sw2" (New switch) to match "Sw1" (existing switch). The Sw2 port shows native vlan inactive though.
    Below is an output from them on that port. 
    (SW1)
    Name: Gi3/0/5
    Switchport: Enabled
    Administrative Mode: trunk
    Operational Mode: trunk
    Administrative Trunking Encapsulation: dot1q
    Operational Trunking Encapsulation: dot1q
    Negotiation of Trunking: On
    Access Mode VLAN: 1 (default)
    Trunking Native Mode VLAN: 100 (VLAN0100)
    Administrative Native VLAN tagging: enabled
    Voice VLAN: 10 (VLAN0010)
    Administrative private-vlan host-association: none
    Administrative private-vlan mapping: none
    Administrative private-vlan trunk native VLAN: none
    Administrative private-vlan trunk Native VLAN tagging: enabled
    Administrative private-vlan trunk encapsulation: dot1q
    Administrative private-vlan trunk normal VLANs: none
    Administrative private-vlan trunk private VLANs: none
    Operational private-vlan: none
    Trunking VLANs Enabled: ALL
    Pruning VLANs Enabled: 2-1001
    Capture Mode Disabled
    Capture VLANs Allowed: ALL
    Protected: false
    Unknown unicast blocked: disabled
    Unknown multicast blocked: disabled
    Appliance trust: none
    SW2
    Name: Gi3/0/5
    Switchport: Enabled
    Administrative Mode: trunk
    Operational Mode: trunk
    Administrative Trunking Encapsulation: dot1q
    Operational Trunking Encapsulation: dot1q
    Negotiation of Trunking: On
    Access Mode VLAN: 1 (default)
    Trunking Native Mode VLAN: 100 (Inactive)
    Administrative Native VLAN tagging: enabled
    Voice VLAN: 10 (Voice)
    Administrative private-vlan host-association: none
    Administrative private-vlan mapping: none
    Administrative private-vlan trunk native VLAN: none
    Administrative private-vlan trunk Native VLAN tagging: enabled
    Administrative private-vlan trunk encapsulation: dot1q
    Administrative private-vlan trunk normal VLANs: none
    Administrative private-vlan trunk private VLANs: none
    Operational private-vlan: none
    Trunking VLANs Enabled: ALL
    Pruning VLANs Enabled: 2-1001
    Capture Mode Disabled
    Capture VLANs Allowed: ALL
    Protected: false
    Unknown unicast blocked: disabled
    Unknown multicast blocked: disabled
    Appliance trust: none

  • Service instance and trunk ports

    hi I have the following configuration:
    interface Port-channel1
     description SHN-AX1-1-2-CNRY
     switchport trunk allowed vlan none
     switchport mode trunk
     load-interval 30
     no keepalive
     service instance 1 ethernet
      encapsulation untagged
      l2protocol peer lacp
      bridge-domain 1
     service instance 2 ethernet
      description IDP_VLAN_2
      encapsulation dot1q 2
      bridge-domain 3998
     service instance 3 ethernet
      description BBR_VLAN
      encapsulation dot1q 420
      bridge-domain 3998
     service instance 4 ethernet
      description MGMT_VLAN
      encapsulation dot1q 95
      bridge-domain 3998
     service instance 5 ethernet
      description STATIC_VLAN
      encapsulation dot1q 3641,3644,3777,3291
      bridge-domain 3998
     service instance 6 ethernet
      description SME_VLAN
      encapsulation dot1q 2098,2339
      bridge-domain 3998
    interface Port-channel1
     description SHN-AX1-1-2-CNRY
     switchport trunk allowed vlan none
     switchport mode trunk
     load-interval 30
     no keepalive
     service instance 1 ethernet
      encapsulation untagged
      l2protocol peer lacp
      bridge-domain 1
     service instance 2 ethernet
      description IDP_VLAN_2
      encapsulation dot1q 2
      bridge-domain 3998
     service instance 3 ethernet
      description BBR_VLAN
      encapsulation dot1q 420
      bridge-domain 3998
     service instance 4 ethernet
      description MGMT_VLAN
      encapsulation dot1q 95
      bridge-domain 3998
     service instance 5 ethernet
      description STATIC_VLAN
      encapsulation dot1q 3641,3644,3777,3291
      bridge-domain 3998
     service instance 6 ethernet
      description SME_VLAN
      encapsulation dot1q 2098,2339
      bridge-domain 3998
    interface GigabitEthernet0/1
     switchport trunk allowed vlan none
     switchport mode trunk
     channel-group 1 mode on
    interface GigabitEthernet0/2
     switchport trunk allowed vlan none
     switchport mode trunk
     channel-group 1 mode on
    interface Port-channel12
     description SHN-AGG-BX1
     switchport trunk allowed vlan 34,50,76,3998
     switchport mode trunk
     mtu 9000
    interface GigabitEthernet0/23
     switchport trunk allowed vlan 34,3998
     switchport mode trunk
     mtu 9000
     channel-group 12 mode active
    interface GigabitEthernet0/24
     switchport trunk allowed vlan 34,3998
     switchport mode trunk
     mtu 9000
     channel-group 12 mode active
    the input interfaces are gigEth0/1 and gigEth0/2 and the output interfaces are gigEth0/23 and gigEth0/24.
    the ingress traffic at the input port has a single tag and the ingress traffic at the output port has two tags.
    please explain me, where tags would be pushed/popped and why??
    thank you.

    Hello.
    You might have confused service instance configuration and usual switchport mode trunk.
    Please refer figure 11-10 in the document http://www.cisco.com/c/en/us/td/docs/switches/metro/me3600x_3800x/software/release/12-2_52_ey/configuration/guide/3800x3600xscg/swevc.html
    >But there is a typo - per description it should be "enc doat1q 20" under service instance 9on the picture).
    Also under Figure 11-2 we have following example:
     QinQ is also supported when sending packets between an EFP and a switchport trunk, because the switchport trunk is implicitly defined as rewrite ingress tag pop 1 symmetric. The same external behavior as Method 1 can be achieved with this configuration:
    Switch (config)# interface gigabitethernet0/1 
    Switch (config-if)# service instance 1 Ethernet 
    Switch (config-if-srv)# encapsulation dot1q 1-100 
    Switch (config-if-srv)# bridge-domain 30
    Switch (config)# interface gigabitethernet0/2 
    Switch (config-if)# switchport mode trunk
    Again, service instance 1 on Gigabit Ethernet port 0/1 is configured with the VLAN encapsulations used by the customer: C-VLANs 1-100. These are forwarded on bridge-domain 30. The service provider facing port is configured as a trunk port. The trunk port implicitly pushes a tag matching the bridge-domain that the packet is forwarded on (in this case S-VLAN 30). 

  • VLAN mismatch question

    Hi,
    My setup is:
    switcha(vlan 1) <-> router <-> switchb(vlan2)
    Switcha and switchb are on different subnets. Why do I get a vlan mismatch in this case? The vlan assigned to the connecting ports are irrelevant because these switches are in different subnets.

    HI
    Are this switches connected with each other.if they are then i think they are configured as trunk ports.so the native vlan should be same on both the swithes.
    Thanks
    Mahmood

  • Etherchannel Non-adjacent Ports

    I am trying to create an etherchannel between non adjacent ports on a 6509 running catos and a 4507 running ios. The switches are configured as follows:
    Cisco 6509 running CatOS ver 8.4(5)
    set trunk 1/1 on dot1q 1-4094
    set port channel 1/1 mode on
    set trunk 7/1 on dot1q 1-4094
    set port channel 7/1 mode on
    Catalyst 4500 running IOS ver 12.2(31)SG
    interface Port-channel9
    switchport
    switchport trunk encapsulation dot1q
    switchport mode trunk
    switchport nonegotiate
    interface GigabitEthernet3/12
    switchport trunk encapsulation dot1q
    switchport mode trunk
    switchport nonegotiate
    channel-group 9 mode on
    interface GigabitEthernet4/12
    switchport trunk encapsulation dot1q
    switchport mode trunk
    switchport nonegotiate
    channel-group 9 mode on
    I disable all the ports involved, deliver the configuration and when I reenable the ports one line connects and the other line goes errdisabled and no channel is formed. What am I doing wrong?
    Thanks in advanced

    there should be no problem with channeling between a catos box and a ios box . Have you looked in the logs , usually it will give you an idea why it err-disabled a port . The other thing to check seeing that you are trunking also is to make sure both ends are using the same native vlan for all ports involved. On the catos side it will just be whatever the ports will fall back to if the channel fails, this is set by the set vlan X slot/port command . On the IOS side you need to add the switchport trunk native vlan X" command . The way it is now it is assuming that everything is in vlan 1 which I don't know if its true or not . What vlan are the ports on the catos side set into ? you also just use the following after verify the native vlan is the same on both sides . Use channel-group X mode desirable non-silent and on the catos side use "set port channel slot/port mode desirable non-silent .

  • Native Vlan Mismatch on Switch LD connected to

    I am running 3 switches each with the same 3 vlans. I also have 2 local directors in failover mode. The primary has interfaces connected to switch one and the secondary has interfaces to switch two. Trunking is disabled on all device ports but enabled on a dedicated fiber connection between the 2 switches
    The first vlan is vlan 1 for management
    The second is vlan 2 for the gateway side of the local directors
    The third is vlan 3 for the server side of the local directors
    On the primary switch I am logging CDP messages telling me i have a native vlan mismatch on the 2 local director ports. The secondary switch I dont get these messages.
    Any ideas what is going on here and why? Thanks, Art.

    You mention above " but trunking is enabled on a dedicated fiber connection between the two switches", therefore trunking is enabled.
    Because trunked ports need to be assigned to the same native vlan, I would do a "show trunk" and verify that the port used for trunking on each switch, are assigned to the same native vlan, I've seen the mismatch if the are not. That command above is if your switch is using CatalystOS, otherwise, use this command for NativeOS - sh int fast 0/1 switchport and look for the "trunking native mode vlan" number. They must match on each side. To correct the problem, do set vlan 1 4/10 to assign port 4/10 to vlan 1 which, is your management vlan which I assume you've choosen to be your native vlan.
    Hope this helps.

Maybe you are looking for

  • Moving from one screen to another

    Hi all, I have developed an ALV program, i have used 2 screens. when i double on one value the 2nd screen with more details should be displayed. till this point it is fine. But when i press back button it is coming to 1st screen but the screen is emp

  • Message Monitor Doesn't Display All Errors

    Hi, I have a strange problem with PI Message Monitor. There are some error messages on Message Status Overview tab (let's say 100). When I click on the number of errors, PI switches to Database tab and should display these 100 errors. However sometim

  • Invalid credential error in SCC for all users

    Hi, None of the users, including the admin user, are able to enter the SCC. The SCC portal opens, but when the users try to enter their credentials the system prompts them with 'Invalid Credentials'. Please help me on this and let me know you require

  • HP6940 power interupted...now prints lots of boxes across printed page

    HPDeskjet 6940 I've owned 3 of these and love the printer but think I just scrambled the printer's motherboard!? i was printing a 3 page Word document when i accidentally disconnected the cord between the printer and the pc. I immediately reconnected

  • File attachment translation between .mac and .me

    Why does a .xls, .doc, etc. sent to mac.com change to a 'winmail.dat' file but when I send it to me.com it displays correctly? Is there a resolution?