Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
5921
Views
25
Helpful
5
Replies

Can I configure multiple native vlans on a single trunk link on a single port?

Go to solution
YetinayetBitew87488
Level 1
Level 1

‎08-28-2020 01:20 AM

 

Hello guys.

 

I am working on a switch migration from an old ZTE distribution to new Cisco C9500 switch and since my existing core switch is Cisco switch (which is stack wised), I wanted to connect the new distribution switch and the VSL core switches with port channel, but the thing is, in the old ZTE switch there were two separate trunk links with different native vlans going to each VSL links. but now, I want to connect them in one port-channel link. below is the old and new planned configurations. Please help me do this right! thanks!

 

OLD ZTE distribution SW Config

!

!
interface gei_1/13
out_index 15
description Uplink-to-Core1 (which implies to VSL 1)
negotiation auto
switchport mode trunk
switchport trunk native vlan 101
switchport trunk vlan 101
switchport trunk vlan 201
switchport trunk vlan 400
switchport trunk vlan 412
switchport trunk vlan 417
switchport trunk vlan 429
switchport trunk vlan 1040
switchport qinq normal
ip dhcp snooping trust
!
interface gei_1/14
out_index 16
description Uplink-to-Core2 (which implies to VSL 2)
negotiation auto
switchport mode trunk
switchport trunk native vlan 201
switchport trunk vlan 101
switchport trunk vlan 201
switchport trunk vlan 400
switchport trunk vlan 417
switchport trunk vlan 429
switchport trunk vlan 1040
switchport qinq normal
ip dhcp snooping trust

 

OLD VSL Core SW Config

!

!
interface TenGigabitEthernet1/0/1
description To-office-Tower-Gnd-Floor-Bridge1-Gei_1/13
switchport trunk native vlan 101
switchport trunk allowed vlan 101,102,400,412,417,429,1040
switchport mode trunk

!

interface TenGigabitEthernet2/0/1
description To-office-Tower-Gnd-Floor-Bridge1-Gei_1/14
switchport trunk native vlan 201
switchport trunk allowed vlan 101,201,400,1040
switchport mode trunk

 

New Cisco distribution SW Config

 

Interface range Tengig1/1/13-14

switchport trunk encapsulation dot1q
#switchport mode trunk
#switchport trunk native VLAN 101 VLAN 201
#switchport trunk allowed VLAN 101,201,400,412,417,429,1040
#Channel-group 31 mode on
#exit
!
#interface Port-channel 31
#description Connected to Core-SW
#switchport trunk encapsulation dot1q
#switchport mode trunk
#switchport trunk native VLAN 101 VLAN 201
#switchport trunk allowed VLAN 101,201,400,412,417,429,1040

 

New VSL Core SW Config

!

!
int TenGig1/0/1
switchport trunk encapsulation dot1q
switchport mode trunk
switchport trunk native vlan 101 Vlan 201
switchport trunk allowed vlan 101,102,201,202,400,412,417,429,1040
channel-group 31 mode on
exit
!
int TenGig2/0/1
switchport trunk encapsulation dot1q
switchport mode trunk
switchport trunk native vlan 101 Vlan 201
switchport trunk allowed vlan 101,102,201,202,400,412,417,429,1040
channel-group 31 mode on
exit

!
int port-channel 31
description TO GND floor  Distribution SW
switchport trunk encapsulation dot1q
switchport mode trunk
switchport trunk native vlan 101 Vlan 201
switchport trunk allowed vlan 101,102,201,202,400,412,417,429,1040

 

 

I would SO MUCH appreciate your kind help!

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Giuseppe Larosa
Hall of Fame
Hall of Fame

‎08-28-2020 02:06 AM

Hello @YetinayetBitew87488 ,

you cannot have two native vlans on the same switchport . This is wrong at conceptual level.

 

I think that @pieterh is right in his explanation of why two different native Vlans were used with the ZTE switch: if the ZTE switch interacts with the core switch only on the native VLAN using two different native Vlans on the two uplinks was a way to have both of them not blocked by PVST on Core switch.

With new switch you can run PVST or Rapid PVST so you don't need anymore this strange setup and if you build an an etherchannel the two links become only one logical one as noted by @balaji.bandi .

So use a single native Vlan on the member links of the new port channel.

 

Hope to help

Giuseppe

 

View solution in original post

5 Replies 5

Go to solution
Seb Rupik
VIP Alumni
VIP Alumni

‎08-28-2020 01:30 AM

Hi there,

The purpose of the native vlan statement is to take an untagged frame and place it in the specified VLAN. The idea of having two native VLANs on a trunk link doesn't make sense in that respect.

 

Was the purpose of the native VLAN a security measure to prevent double tagging? If so, just specifying one VLAN is sufficient.

 

cheers,

Seb. 

Go to solution
pieterh
VIP
VIP

‎08-28-2020 01:34 AM

no you cannot assing multiple native vlans to a switchport, but I don't think you need to

my guess is :
with the old switch, spanning-tree was only stable/possible with assigning different native vlan to the different uplinks.

with the new setup and an etherchannel this problem does not occur

-> chose any vlan as the native vlan , and put all necessary vlans in the allowed list

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎08-28-2020 01:43 AM

i do not believe you need 2 or more native VLAN, native VLAN for where untagged packets, if you need more why not have seperate VLAN to TAG?

 

not sure what is the use case here.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Go to solution
Giuseppe Larosa
Hall of Fame
Hall of Fame

‎08-28-2020 02:06 AM

Hello @YetinayetBitew87488 ,

you cannot have two native vlans on the same switchport . This is wrong at conceptual level.

 

I think that @pieterh is right in his explanation of why two different native Vlans were used with the ZTE switch: if the ZTE switch interacts with the core switch only on the native VLAN using two different native Vlans on the two uplinks was a way to have both of them not blocked by PVST on Core switch.

With new switch you can run PVST or Rapid PVST so you don't need anymore this strange setup and if you build an an etherchannel the two links become only one logical one as noted by @balaji.bandi .

So use a single native Vlan on the member links of the new port channel.

 

Hope to help

Giuseppe

 

Go to solution
YetinayetBitew87488
Level 1
Level 1

‎08-28-2020 02:37 AM

Hey guys!

 

Thank you very much for your quick and clear response!

I have decided to use the same setup as previous one, since my job is migration and don't want to take any risk since its a very big Enterprise. Thanks again.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card