Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1495
Views
0
Helpful
7
Replies

cdp with non-default native vlan

Philip DG
Level 1
Level 1

‎03-20-2005 03:10 AM - edited ‎03-02-2019 10:12 PM

Hi all,

I have a strange situation where I have moved the native vlan on the stacking gbic trunks for a stack of 3550s to 999 and sh cdp nei returns nothing. I remove the native vlan config and sh cdp nei starts showing me the the other switches in the stack again. I haven't noticed this problem with any of our other stacks, and wondered if anyone had a clue what might be going on here

Thankyou

Phil DG

Labels:
0 Helpful
7 Replies 7

Philip DG
Level 1
Level 1

‎03-20-2005 03:19 AM

additional information:

trunks are 802.1Q

vlan 1 is shutdown (different management and user vlans are in allowed vlan list)

switch s/w is 12.1(14)EA1a

0 Helpful

milan.kulik
Level 10
Level 10
In response to Philip DG

‎03-29-2005 12:12 AM

Hi,

AFAIK, CDP should be always sent in VLAN1 on trunks (no matter which VLAN is the native one).

If you disable VLAN1, Cisco "control plane protocols" (CDP, CMP, VTP, PaGP, etc.) should still be sent in VLAN1, only user data and STP BPDUs should be blocked.

But some IOSes include bugs which prevent CDP (or VTP, e.g.) work correctly when VLAN1 disabled on trunk. So I'd check release notes and TAC bug tool for some bug in your IOS version.

Regards,

Milan

0 Helpful

amikat
Spotlight
Spotlight
In response to Philip DG

‎03-29-2005 12:42 AM

Hi,

To my knowledge WITH CAT3550 if vlan1 is not allowed in dot1q trunk, then cdp is sent via native vlan.

Best regards,

Antonin

0 Helpful

milan.kulik
Level 10
Level 10
In response to amikat

‎03-29-2005 12:54 AM

Interesting!

What about other control plane protocols?

VTP, e.g?

Are they also sent via native VLAN when VLAN1 disabled on a 3550?

Regards,

Milan

0 Helpful

ankurbhasin
Level 9
Level 9
In response to amikat

‎03-29-2005 02:49 AM

This is my question since long? I undestand CDP works on vlan 1 on trunk but what makes it work on native vlan when vlan 1 is removed from the trunk. What changes in the functionality of cdp frames.

Regards,

Ankur

0 Helpful

Philip DG
Level 1
Level 1
In response to ankurbhasin

‎03-29-2005 04:41 AM

Thanks for all of the responses - I have upgraded the switches in question and the problem is now resolved.

The whole question of vlan 1 and native vlans is interesting in itself. I have always found it to be an area without clear and non-contradictory advice.

The best practices for catalyst 6500/6000 and 4500/4000 running ios states that CDP, VTP and PAgP are always forwarded with VLAN 1 tag even if vlan1 is cleared from trunks and is not the native vlan.

However it also says that dot1q BPDUs are forwarded untagged on CST vlan 1 unless vlan 1 has been cleared from the trunk... but doesn't clarify any further. it's all a bit elusive.

Nowadays, I tend to create a new vlan for managment on every switch, shutdown vlan 1 and prune it from all trunks and configure vlan 999 as a dummy on all trunks. I would be interested to hear what other people do and if there is a better best practice recommendation out there.

Phil DG

0 Helpful

milan.kulik
Level 10
Level 10
In response to Philip DG

‎03-29-2005 05:38 AM

Hi,

IMHO, the best (paranoid) practice is:

1. Don't use VLAN1 for user data. Configure different VLAN for management and another VLAN as native one on trunks. Don't even put users to the VLAN used as native one (see VLAN hopping attack).

2. But leave VLAN1 enabled on trunks.

If you disable it, you can get in trouble when connecting third party switches running CST.

More: some Cisco IOS/CatOS versions include bugs which can cause problems when VLAN1 disabled.

Regards,

Milan

0 Helpful
Customers Also Viewed These Support Documents