Showing results for 
Search instead for 
Did you mean: 

Help please - Native VLAN mismatch

I have a customer connection that I can't change, but I need to connect my network to his.

I have a 6509 as my backbone switch with 100's of vlans configured in it. Here is the configuration of the port I am connecting to the customer switch.

interface GigabitEthernet2/38

description Port 3 on Customer Switch


switchport access vlan 176

switchport mode access

The customer connection comes in through Fortigate that then connects to a Cisco SF300-24p. I have to connect my 6509 to port 3 of his SF300. The configuration on his port 3 is:

interface fastethernet3

switchport mode access

switchport access vlan 210

I cannot set my vlan to 210 because it is being used for something else. Also - the vlan 176 on the 6509 is a no ip vlan as the customer network is providing DHCP.

How do I convert between his vlan 210 and my vlan 176 without getting VLAN mismatch errors?



What traffic is running between your network and customer network, it's seems to be customer need to extend the L2 VLAN 210 which is configured on there side, to your network. Can you provide a rough diagram with firewall.


Moncy K Thomas

Sent from Cisco Technical Support iPhone App


Traffic is regular TCP/IP for monitoring their server in our lab and file share.

We already have a vlan 210 in our network so we cannot use 210.

They will not change their vlan because this is a mock setup of their remote sites.

Basically, I just need to provide a path to the customer to access their equipment in our lab.

So I need to have the 6509 and the 3560 act like dumb switches. The are just a means to pipe the customer trafic to the customer server. I thought just putting the data into a noip vlan would be the best way to accomplish this.

Thank you for your help.


Is there not a way to set a port to be on a specific vlan, but have no vlan information passed out or received from that port?


you gonna have to both agree on a vlan to use to extend your layer 2 doman. why not route? extending layer 2 with a thirf party vendor not always the best solution!!


I cannot route, that would violate the emulation of their setup. If I could, I would just hardwire to their lab. But I have no direct runs.



1, as your customer switch and 6k ports modes are access so VLAN Id need to be Mach.

2, is VLAN 176 l2 or l3 on your end ?

If VLAN 210 not in 3560 you can configure in 3560 and directly connect.

Sent from Cisco Technical Support iPhone App


Unfortunately I already have a vlan 210 configured for another project so I can't use vlan 210.


Anyone know if I set the native vlan on 2/38 to 176, thus removing it's tagging, and they set the native vlan on their fastethernet3 to 210, also removing it's tagging, would I still get the "vlan mismatch" error?

Rising star


The native vlan is a way to change wich vlan that should be untagged on a dot1q trunk, it has no relevans for a accessport. An accessport is always untagged.

However, the native vlan mismatch is a result from the cdp protocol that runs between the switches, that informs You of the mismatch in configuration. It is just an information, the traffic will still work OK

Two choices here,

First, ignore the message, the traffic will works OK, but the log will fill up

Second, disable the cdp protocol for the port, this is probably the best way, because log will not fill up



Hi graham,

you can either disable CDP (not suggested if if a security practice) or specify the native VLAN on all your trunks (defaulting would be better). If you did not touch anything you should have the vlan 1 as native vlan in everywhere but it is worth to check. Also check the DTP settings because sometime they can try to negotiate a trunk and provide as result an error as a vlan mistmatch. Disable them with switchport nonegotiate command.



Content for Community-Ad