Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
939
Views
0
Helpful
1
Replies

IPs 4200 sensor problem

Asim Afzal
Level 1
Level 1

‎11-11-2012 02:52 AM - edited ‎03-10-2019 05:49 AM

I have following logs on my core switch

Log Buffer (8192 bytes):

NATIVE_VLAN_MISMATCH: Native VLAN mismatch discovered on GigabitEthernet9/5 (503), with TEC-DC-COR-N6.tec.local GigabitEthernet9/4 (502).

3372049: Nov 11 12:13:53.064 UAE: %CDP-4-NATIVE_VLAN_MISMATCH: Native VLAN mismatch discovered on GigabitEthernet9/2 (506), with TEC-DC-COR-N6.tec.local GigabitEthernet9/3 (500).

3372050: Nov 11 12:13:58.916 UAE: %CDP-4-NATIVE_VLAN_MISMATCH: Native VLAN mismatch discovered on GigabitEthernet9/3 (500), with TEC-DC-COR-N6.tec.local GigabitEthernet9/2 (506).

3372051: Nov 11 12:14:00.508 UAE: %CDP-4-NATIVE_VLAN_MISMATCH: Native VLAN mismatch discovered on GigabitEthernet9/4 (502), with TEC-DC-COR-N6.tec.local GigabitEthernet9/5 (503).

3372052: Nov 11 12:14:12.268 UAE: %CDP-4-NATIVE_VLAN_MISMATCH: Native VLAN mismatch discovered on GigabitEthernet9/5 (503), with TEC-DC-COR-N6.tec.local GigabitEthernet9/4 (502).

Port 9/2---5 connected to CISCO ips 4270 sernsor.I have 2 questions

1 Why there is native vlan mismatch error while the port connected as access port below is port configuration

interface GigabitEthernet9/2
description ++++ 4270-1 Inline-WAN Port A RTR 01 ++++
switchport
switchport access vlan 506
switchport mode access
rmon collection stats 6002 owner monitor
!
interface GigabitEthernet9/3
description ++++ 4270-1 Inline WAN Port B RTR 01 ++++
switchport
switchport access vlan 500
switchport mode access
rmon collection stats 6003 owner monitor
!
interface GigabitEthernet9/4
description ++++ 4270-1 inline Dist. Port C SW 01 ++++
switchport
switchport access vlan 502
switchport mode access
rmon collection stats 6004 owner monitor
!
interface GigabitEthernet9/5
description ++++ 4270-1 Inline Dist. Port D SW 01 ++++
switchport
switchport access vlan 503
switchport mode access
rmon collection stats 6005 owner monitor

2 If i do show cdp nei i am seeing local switch name as remotes device name

Device ID        Local Intrfce     Holdtme    Capability  Platform  Port ID
TEC-DC-COR-N6.tec.local
                 Gig 9/5           170          R S I     WS-C6509- Gig 9/4
TEC-DC-COR-N6.tec.local
                 Gig 9/2           168          R S I     WS-C6509- Gig 9/3
TEC-DC-COR-N6.tec.local
                 Gig 9/3           174          R S I     WS-C6509- Gig 9/2
TEC-DC-COR-N6.tec.local
                 Gig 9/4           146          R S I     WS-C6509- Gig 9/5

Any advice on this

Labels:
0 Helpful
1 Reply 1

Karsten Iwen
VIP
VIP

‎11-11-2012 03:44 AM

In that setup the IPS is inline configured. To force the traffic to flow through the sensor, we need two vlans for one IP subnet. I.E. traffic enters on a vlan 500 from a PC/Server and should go to the DG which is the router. If the router would be attached on vlan 500 the the sensor wouldn't be inline. But one port of the sensor is also in vlan 500 and the packet flows to the sensor. The second interface of the sensor is connected to a vlan 506-port where also the router is connected.

In the end, when the switch sends a cdp-packet on the vlan 500-port it comes back to the switch on a port configured for vlan 506. For these setup, the forwarding of CDP-packets should be disabled on the sensor:

http://www.cisco.com/en/US/docs/security/ips/7.0/configuration/guide/idm/idm_interfaces.html#wp1105614

-- 
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card