Solved: Re: Native Vlan Mismatch on access link??

frenzeus · ‎08-11-2004

I have a Cat4506 with a SupII running CatOS 7.6. The 10/100 modules with their ports configured into respective vlans. Trunking has been set to off on the ports. So when i plug in Catalyst 2950 switches, it forms an access link, not a trunk but on the Cat4506 it receives msgs like such:

%CDP-4-NVLANMISMATCH:Native vlan mismatch detected on port 2/11

I only find that the C2950 switches running 12.1(19)EA1c plugged into the Cat4 has the Cat4 producing error msgs of native vlan mismatch. Other C2950 switches running slightly older version is not having the Cat4 producing the errors. I couldn't find any bugs on the IOS version. The configuration of the switches is a simple one, nothing fancy.

milan.kulik · ‎08-13-2004

Hi,

if it is absolutely necessary to use different VLANs on the opposite access line sides (not recommended), there are some possibilities how to stop bothering error messages without disabling CDP completely:

a) The native VLAN info comes from CDP ver 2. So if you use CDP ver 1 instead of ver 2, the messages will stop.

b) On CatOS switches you can use

set logging level cdp 3 default

command. (I'm using it on Cat4000 and it works fine.)

Regards,

Milan

View solution in original post

florence · ‎08-11-2004

Have a look on : show cdp and show cdp neigbors,

I have had the pb with 3550 and 3750 connected on a C6k.

Florence

aashish.c · ‎08-11-2004

Hi,

In this acse , by default all the ports on 2950 stay in dynamic desirable mode means they are ready to make trunks with their neighbour. run the command on 2950 :

switch#sh int fa0/4 switchport (whatever the port on 2950)

check the native vlan in the list and operational mode. I think it would be trunk.

Then apply the command on 2950`s port :

switch(config-if)#switchport mode access

switch(config-if)#switchport access vlan 2

if as per you, it should be an access link then the other port should be in the membership of same vlan ie. 2 (example).

on 4506 check sh trunk 2/11

check the trunking mode. it should be non-trunking.

if it doesn`t resolve the issue, kindly update me with :

1. output of "h int fa0/4 switchport" from 2950

2. running config of both the ports from both switches.

3. output of sh trunk 2/11

Hopefully this will resolve the issue. The only issue could be that this link is transformed in trunk and native vlan is different. on 4506 there is no command by which you can change native vlan.

frenzeus · ‎08-11-2004

I'm not able to provide u with the "show" command output now, i'm out of office.

Anyhow, i can assure u that both ports, on the 4506 and the 2950 are not trunking. The link connecting the 2 ports is an access link. Though the native vlan on 4506 is ie.2, but since the link is not trunking, so it shouldn't even tag the packets.

However, i've got other 2950 plugged into it, all having the same running config and the operational mode is the default, though it's dynamic desirable but these switches are not having any vlan mismatch issue/msgs coming out on the 4506. However, these are running on older IOS version. The ones having this problem is running on a newer version. Since it's not an issue, if on the 4506, the ports have already been turn to off mode for trunking.

Any ideas? I'll only be able to provide u the config tomorrow.

Thanks!!

erhoehne · ‎08-11-2004

Just to clarify; the two switchports terminating this link are in the same vlan correct?

frenzeus · ‎08-11-2004

No. The port on the 4506 (ie. 2/1) is configured for ie. vlan 2. The port on the 2950 (ie. 0/24) is at it's default config, meaning it's still in vlan 1. Both ports are not trunking, where the port on the 4506 is providing an access link to the port on 2950.

aashish.c · ‎08-11-2004

If you say that 2 ports are in different vlans. the it just cant be access link and it will not communicate. How can a packet coming from vlan 2 travel on vlan 1 link????

Both ports have to be in same vlan thats why u r getting this native vlan mismatch messages.

native vlan cant b for whole switch, its decided on per trunk port basis. 1 trunk port can have vlan 2 as native and other trunk port can have vlan 4 as its native vlan.

I hope u must have understood the problem by now....

frenzeus · ‎08-11-2004

Of course i've already foreseen this. Let me answer u accordingly:

How can a packet coming from vlan 2 travel on vlan 1 link????

Yes, of course it's not possible if it was traversing a trunk. But if a packet was to be transmitted out of an access link, any vlan tagging on the packet would be removed from it before being transmitted out of the link.

native vlan cant b for whole switch, its decided on per trunk port basis.

Yes, I am also aware of this since native vlan only applies to trunk links running on 802.1q on a per port basis.

Like i mentioned earlier, it's an access link, so it wouldn't matter would it, since the packets are not tagged with any vlan when traversing the link.

However, i've put in a test switch, booting up with the 12.1(19)EA1c that's giving the problem and a lower version 12.1(11). When the switch was boot into the newer ios, it produced such msgs when plugged into the Cat4. However, when i reset the test switch to boot with the older version, it runs fine. No error msgs seen on the cat4 console.

aashish.c · ‎08-11-2004

Hi,

Now, whwen you agree that "a native vlan" is only applicable to 802.1q trunk links and you havent made that link as a trunk link, then how can u expect that link to carry any untagged packets for vlan 2.

An access link can carry only tagged packets for that vlan for which it has a membership. If you agree with this then their is no question of untagged packets going through this link.

Kindly update.

frenzeus · ‎08-12-2004

Hi,

Thanks for the info. Access links however, do not carry tagged packets, even for that vlan in which it has been configured for. It only tags it, as packets are received into the port configured for vlan association and then tag it with a VLAN ID if the packet needs to traverse across a trunk. Below is a link to support my statement:

http://www.cisco.com/en/US/tech/tk389/tk390/technologies_tech_note09186a0080094665.shtml

Thanks.

I hv included the attachment of the config for viewing. Pls let me know if u find anything wrong.

nikhilgupta · ‎08-12-2004

Hi,

Please send me configuration of both switch.

Thanks & Regards,

aashish.c · ‎08-12-2004

Hi,

I agree that vlan tag is removed when a packet is sent on access-link. But an access link can be in membership of 1 vlan and it will never carry any other vlan`s traffic. I hope u agree on this.

I have gone through the configs. on 2950 the port is in the membership of vlan 1

and on cat4K the port is in membership of vlan 30. I fail to understand how this link can be up. No document will say that 2 ports in different vlans will ever communicate with each other. It defeats the purpose of having vlan then.

nikhilgupta · ‎08-11-2004

Hi,

can u pls send me the "sh running-config" from the 2950 and the cat 4k so that we can have a look at the output and help you accordingly.

Because this issue is getting a bit confusing as how two pcs in different vlan can communicate with each other on an access link???

thanks

mlund · ‎08-12-2004

Hi

I have connected switches in the same way that you have, but not with c4k. However I got the same error. To resolve this either configure the link as a trunk or turn off the cdp on the port with " no cdp run" because this is just a cdp error that has no effect of how the switch handles traffic, it is just an annoying messages that can be ignored

/Mike

frenzeus · ‎08-12-2004

Yeap, thanks. Have already suggested to the customer to have the links trunk since they want cdp enabled for monitoring purposes.

Thanks anyways!