How do you disable administrative native vlan tagging on the 6509?

david.erickson · ‎12-14-2012

We have a problem with CDP packets on sent by our Cisco 6509's. Unlike our other Cisco switches (4948G, 5020, etc.), the 6509 tags administrative traffic on the native vlan. As a result the CDP packets are sent with an 802.1Q header with a tag of 1. The other switches send the CDP packets untagged on the native vlan. This causes problems because we have non-Cisco devices in our lab that also receive and send CDP, but they do not process the packets that are tagged by the 6509. They see the packets from the 4948 and 5020 just fine.

How can I disable the administrative native vlan tagging on the 6509? Here is the current setup:

nwkdev-6509-1#show vlan dot1q tag native

dot1q native vlan tagging is disabled globally

nwkdev-6509-1#show interfaces gigabitEthernet 1/9/1 switchport

Name: Gi1/9/1

Switchport: Enabled

Administrative Mode: trunk

Operational Mode: trunk

Administrative Trunking Encapsulation: dot1q

Operational Trunking Encapsulation: dot1q

Negotiation of Trunking: On

Access Mode VLAN: 1 (default)

Trunking Native Mode VLAN: 155 (DATA_VLAN)

Administrative Native VLAN tagging: enabled

Operational Native VLAN tagging: disabled

nwkdev-6509-1#show version

Cisco IOS Software, s72033_rp Software (s72033_rp-ADVIPSERVICESK9_WAN-VM), Version 12.2(33)SXI4a, RELEASE SOFTWARE (fc2)

cadet alain · ‎12-14-2012

Hi,

Operational Native VLAN tagging: disabled

---> so it seems it is disabled

You could do a packet capture to get sure.

Regards.

Alain

Don't forget to rate helpful posts.

david.erickson · ‎12-14-2012

The description of the problem is based on packet captures. 6509 tags the CDP packets, 5020/4948 do not.

Mandlenkosi Nkiwane · ‎12-14-2012

Can you do a show run on this interface so that we see what your configuration is?

sh run int gigabitEthernet 1/9/1

sh int gigabitEthernet 1/9/1 status

Thanks

david.erickson · ‎12-14-2012

nwkdev-6509-1#sh run int gigabitEthernet 1/9/1

Building configuration...

Current configuration : 190 bytes

!

interface GigabitEthernet1/9/1

switchport

switchport trunk encapsulation dot1q

switchport trunk native vlan 155

switchport mode trunk

mtu 9216

spanning-tree portfast edge trunk

end

nwkdev-6509-1#sh int gigabitEthernet 1/9/1 status

Port Name Status Vlan Duplex Speed Type

Gi1/9/1 connected trunk a-full a-1000 10/100/1000BaseT

Mandlenkosi Nkiwane · ‎12-14-2012

I don't understand why it would be sending the packets on vlan 1 irregardless because it is not in access mode in order for it to use this:

Access Mode VLAN: 1 (default)

In trunk mode, it will always use the native vlan specified on the command switchport trunk native vlan 155.

david.erickson · ‎12-14-2012

Yes, I had the same question: "I don't understand why it would be sending the packets on vlan 1"

The show interface switchport does include the access vlan setting:

Access Mode VLAN: 1 (default)

Perhaps I should set the access mode vlan to 155 so that it matches the trunk native vlan (without changing the mode of

the ports to access), and the problem would go away?

I will try it.

david.erickson · ‎12-14-2012

OK, I tried all of these, only the last one results in CDP packets being untagged:

access vlan: 1, native vlan: 155, mode: trunk

access vlan 155, native vlan: 155, mode: trunk

access vlan: 1, native vlan: 1, mode: trunk

So it looks like changing the native vlan of the port to something other than 1 causes the CDP packets to get tagged.

Perhaps there is a global switch configuration command that is missing? i.e. each of the trunk ports has its native vlan

set to 155, but is there a command needed to tell IOS that vlan 155 is the native vlan for all trunks, including administrative traffic?

Mandlenkosi Nkiwane · ‎12-14-2012

try in global config mode :

vlan dot1q tag native

david.erickson · ‎12-14-2012

That would be too disruptive to even try. Many other users share this switch. did you mean

no vlan dot1q tag native?

Mandlenkosi Nkiwane · ‎12-14-2012

nwkdev-6509-1#show vlan dot1q tag native

dot1q native vlan tagging is disabled globally

Currently this is disabled. So if you want the native vlan to be tagged on all the trunk interfaces you will need to enable it, no?

david.erickson · ‎12-14-2012

Mandlenkosi, I am trying to stop the tagging of CDP packets, not enable it for the native vlan. Currently all packets on the native vlan are untagged, except for CDP. CDP is tagged only if the native vlan is something other than 1.

amikat · ‎12-14-2012

Hi,

The 802.1Q standard mandates that only ONE vlan within a trunk can have untagged frames. This is so called native vlan. With your configuration the native vlan is clearly vlan 155. So for your trunk configuration only frames within vlan 155 are untagged while ALL other vlans within the trunk carry TAGGED frames. This is true even for vlan 1 so quite correctly you can see vlan 1 frames tagged with the VID of 1. Cdp runs over Vlan 1 (even if this is not the native vlan).

Best regards,

Antonin

david.erickson · ‎12-14-2012

On the 5020, running Nexus OS, with the config below, CDP packets are not tagged:

interface Ethernet1/2

switchport mode trunk

switchport trunk native vlan 155

on the 6509, running IOS, with the config below, CDP packets are tagged:

interface GigabitEthernet1/4/5

switchport

switchport trunk encapsulation dot1q

switchport trunk native vlan 155

switchport mode trunk

mtu 9216

spanning-tree portfast edge trunk

end

Even the trunk port that connects the 6509 and the 5020 is configured this way, and both see the other's CDP traffic,

even though the 5020 sends untagged CDP packets. Similarly, the 6509 sees all the non-Cisco devices that send

it untagged CDP packets on trunk ports with the same configuration as above, all of which would seem to say that

the 6509 has a configuration problem, it can receive untagged CDP packets, but it cannot send them, unlike other Cisco gear.