Native VLAN mismatch detected?

John Adams · ‎01-03-2014

Hi -

I've got an ADSL router that has 4 ethernet ports in under the default vlan1.

It looks like this:

interface FastEthernet0

description Uplink

no ip address

!

interface FastEthernet1

no ip address

shutdown

!

interface FastEthernet2

no ip address

shutdown

!

interface FastEthernet3

no ip address

shutdown

!

interface Vlan1

description Switch default vlan1 Network - all Ports

ip address 192.168.0.1 255.255.255.0

ip nat inside

ip virtual-reassembly in

!

The Router works fine. When I plug my laptop into FastEthernet1 it gets a 192.168.0.x IP from the DHCP of the Router and can get on the internet etc. No issues.

The Router needs an uplink to a switch so some access points can use the internet. The switch port is in access mode and has the vlan ID of 50.

When I plug my Router into the switch I get errors on the switch about 'Native VLAN mismatch detected'.

Should my ADSL router be set to use VLAN 50 as well? Would that explain the error?

How do I change my interface vlan1 to be interface vlan 50?

Thanks.

Edison Ortiz · ‎01-03-2014

It seems your router port is set to dynamic trunking.

Try settting your router port to 'switchport mode access' or disable negotiation in the switch port with the command 'switchport nonegotiate'.

Regards,

John Adams · ‎01-03-2014

Would that be by default then that the Router ports are set to dynamic trunking?

So would I put 'switchport mode access' under here:

!

interface Vlan1

description Switch default vlan1 Network - all Ports

ip address 192.168.0.1 255.255.255.0

ip nat inside

ip virtual-reassembly in

switchport mode access

!

Do I also need to set vlan1 to be vlan 50?

Or do I need to do both, or 1 or the other?

Edison Ortiz · ‎01-03-2014

'switchport mode acess' under the physical router port which is connected to the switch.

Richard Burts · ‎01-03-2014

John

The easy part of answering your question is to confirm that yes if the router interface is in vlan 1 and the switch port is in vlan 50 that yes there is a vlan mismatch. The more complicated part of answering is trying to determine what is the best way to fix it - and that mostly depends on figuring how you want it to work.

Do you want your laptop to be in the same vlan as the AP and the devices connected to it? If so then you can create vlan 50 in the switch module that is part of your router. Then assign the router interfaces to vlan 50. Then remove the IP address from interface vlan 1 and configure interface vlan 50 and configure the IP address there.

If you want your laptop to be in a subnet separate from the AP and the devices connected to it, then you need to keep most of your router interfaces as they are. You need to create vlan 50 in the switch module that is part of your router, assign the particular router interface that connects to the AP to vlan 50, configure interface vlan 50 on your router, choose a subnet that will be used for the AP, assign an IP address from that subnet to the vlan 50 interface of your router, and implement the appropriate routing, address translation, etc that is needed for the AP and its subnet to access the Internet.

HTH

Rick

HTH

Rick

John Adams · ‎01-03-2014

Hi,

Thank you.

I'll detail my previous setup.

I had a basic home/consumer grade TPLINK ADSL router. This connected to a Cisco switch (port set in access mode, VLAN 50).

That cisco switch then has an Access Point in another port (and other switches with other Access Points) that has various SSIDS and networks - one of which allows users Guest internet via VLAN 50.

That all worked fine. I guess the TPLINK is a 'dumb' switch and knows nothing of tags.

However plugging my Cisco Router in caused the issues I have mentioned. I guess because the Cisco has the PVID set to 1.

Is it therefore as simple as changing vlan1 to be vlan 50 on my router or do I need to do anything else? I understand all the fastethernet ports will be in that vlan1 but if i change it to vlan50 will they all be under that the same?

Richard Burts · ‎01-03-2014

John

Thank you for the additional information. I am a bit concerned about the part of your description that says that " (and other switches with other Access Points) that has various SSIDS and networks". If there were multiple networks in the previous environment I am not clear how they will work with your new router.

But in terms of the immediate question, I believe that if you do change the things in the router that currently refer to vlan 1 and make them refer to vlan 50 that it should resolve the reported error with vlan mismatch.

HTH

Rick

HTH

Rick

John Adams · ‎01-03-2014

Sorry yes I will try and clarify.

We have various Cisco switches.

They have 3 vlans configured - 1 for workstations, 1 for phones and 1 for Guest (vlan 50).

We have a couple of access points that patch into various Cisco switches.

The access points allow you to connet wireless to either the normal workstation network or a 'Guest' connection which puts the user on VLAN 50 and just gives them internet access through the ADSL router.

Normal 'workstations' don't use the ADSL router - they go out via a different method.

I've probably confused the matter here in trying to clarify it.

How do i change my vlan1 to refer to vlan50 instead?

Richard Burts · ‎01-03-2014

John

Since we do not know which router you have the syntax might be a bit different. But in general it might look something like this.

! remove the IP address from vlan 1

interface vlan 1

no ip address

! you might or might not need to explicitly create the new vlan

vlan 50

name guest_wireless

! create and configure the vlan interface

interface Vlan50

description Switch guest wireless and all Ports

ip address 192.168.0.1 255.255.255.0

ip nat inside

ip virtual-reassembly in

! assign router interfaces to the new vlan
interface FastEthernet0

switchport access vlan 50
interface FastEthernet1

switchport access vlan 50
interface FastEthernet2

switchport access vlan 50
interface FastEthernet3

switchport access vlan 50

HTH

Rick

HTH

Rick

John Adams · ‎01-03-2014

Thank you. It's an 887va.

It was mentioned earlier in the thread to use the commands:

'switchport mode access' or 'switchport nonegotiate' - are they required as well or not required in this situation?

Where would they go (if needed) in the above example just posted?

Richard Burts · ‎01-03-2014

John

I am not sure that either command is needed, but it would not hurt to put them under each of the physical interfaces (FastEther0, 1, 2, 3) if it would make you more comfortable.

I believe that switchport mode access is the default and is already in use, but try configuring it under FastEther0 as a test. If I am correct that it is the default then it will not show up in the output of show run even after you manually put it into the configuration. If it does show up in the output of show run then perhaps it is worth it to add the command to each of the physical interfaces.

I do not believe that negotiation is a problem in your situation. But if the port on the other switch is truly in access mode with vlan 50 then negotiation is not taking place and using the command to disable it would not hurt anything.

HTH

Rick

HTH

Rick

Edison Ortiz · ‎01-03-2014

Rick,

Default mode isn't access but dynamic. That's the reason the router port is trying to dynamically trunk.

By setting the 'switchport mode access' in the router port should eliminate the tagged vlan and that's the reason for the 'native vlan' mismatch. Access port do not use 'native vlan' in their frames, trunk ports do.

While your recommendation is sound, using the same VLAN on both devices - for this simple setup isn't needed.

He can remain with VLAN 1 on the router side while having VLAN 50 in their switch environment.

As he stated, it was working before with an unmanaged device - the reason was the unmanaged device did not trunk.

John Adams · ‎01-03-2014

Thank you both. It looks like there is perhaps 2 ways (and maybe even more) to go about this then.

Edison - when you say trunk can you ckarify what the dynamic trunks are - what exactly can it do in that mode - i'm fairly sure as you say i so not need that default setup and need access port - i'd just be interested to here what the default does and why, and how you would use it.

Is there an easy way/command for me to prove the dynamic trunk is in place?

I think for my situation i'd be best trying the below (adding the bit in bold).

interface FastEthernet0

description Uplink

no ip address

switchport mode acesss

!

interface FastEthernet1

no ip address

shutdown

switchport mode access

!

interface FastEthernet2

no ip address

shutdown

switchport mode access

!

interface FastEthernet3

no ip address

shutdown

switchport mode access

!

interface Vlan1

description Switch default vlan1 Network - all Ports

ip address 192.168.0.1 255.255.255.0

ip nat inside

ip virtual-reassembly in

!

If that does not work then i need to make it look like this (though not sure if the 'switchport mode access' is required or not if I do this?

interface FastEthernet0

description Uplink

no ip address

switchport mode acesss

switchport access vlan 50

!

interface FastEthernet1

no ip address

shutdown

switchport mode access

switchport access vlan 50

!

interface FastEthernet2

no ip address

shutdown

switchport mode access

switchport access vlan 50

!

interface FastEthernet3

no ip address

shutdown

switchport mode access

switchport access vlan 50

!

interface Vlan50

description Switch default vlan1 Network - all Ports

ip address 192.168.0.1 255.255.255.0

ip nat inside

ip virtual-reassembly in

!

Many thanks for taking the time to help me out with this issue I look forward to hearing back.

Edison Ortiz · ‎01-03-2014

John,

You can try the command 'show interface switchport' for port configuration at the router side.

Additionally, for the 2nd option to work, make sure to create VLAN 50 in the Vlan database.

John Adams · ‎01-03-2014

Thank you.

Does the vlan database not auto update these days? if not what's the command you refer to?