Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
43348
Views
4
Helpful
10
Replies

Native Vlan mismatch error!!!

Go to solution
Sundeep Dsouza
Level 1
Level 1

‎01-16-2011 10:24 PM - edited ‎03-06-2019 03:01 PM

Hello everyone,

Recently I was given the responsibility of managing one of our campus networks. After going through the configuration and logs of some of the switches, I came across native vlan mismatch error. Refer to the exhibit I have attached. The switch right at the top 3560, has Interface Vlan 1 as management vlan and two more vlans one for user and Voice. There is a trunk link between this switch and the Catalyst 500 switch. This 500 switch has 2 access links originating from its FA0/3 and 0/4 ports to 2 Cisco 3560 8 port switch. The FA0/3 and 0/4 are configured as access ports for Vlan 99 and 111. I dont know why this was configured as access instead of trunk. If security was an issue we could have allowed only certain vlans to be allowed on the trunk, thereby restricting access to other vlans configured on the network.

The weird issue I spotted was, on both the 3560 8 port switch Interface vlan 1 is configured to get an IP from DHCP. However the IP it got from DHCP belongs to Vlan 99. I am kinda confused.

Following is the error message I get when I do show log on the 3560 access switch.

"%CDP-4-NATIVE_VLAN_MISMATCH: Native VLAN mismatch discovered on GigabitEthernet0/1 (1), with Cisco500 FastEthernet0/3(99).

I feel its better to configure a trunk link between Cisco 500 and Cisco 3560 8 port switch and allow only certain vlans to pass through the switch. Need your opinion and explanation.

Note: The fa0/3 and fa0/4 ports on the Cisco 500 catalyst switch has BPDU guard and filter both enabled. In my opinion the other end being a switch will send BPDU's which will cause the 500 switch to shutdown both 0/3 and 0/4 ports. Correct me if I am wrong.

Regards

1 person had this problem
Labels:
Preview file
134 KB
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
lgijssel
Level 9
Level 9
In response to Sundeep Dsouza

‎01-17-2011 01:26 AM

This is certainly true but the reason for the error message is CDP exchanging vlan parameters.

Although there is may not be an actual mismatch, it is still interpreted as such. You may consider this a warning about a potentially inconsistent configuration. My impression was that you wanted to get rid of this error message.

This can be achieved by either setting the access vlans on the 3560 to vlan 99 or by building a trunk like you suggested.

My standard setting is as follows:

swi mode trunk

swi nonegotiate

Be sure to create all vlans on every switch or configure vtp.

regards,

Leo

View solution in original post

0 Helpful
10 Replies 10

Go to solution
lgijssel
Level 9
Level 9

‎01-16-2011 10:42 PM

The native vlan is where the untagged frames are sent to. CDP is used to exchange the settings of a port and one these items is the native vlan.

On the 3560-side you appearently have vlan 1 as native, on the other side it is vlan 99. This is also the explanation why you got dhcp from that side.

In fact, this means you have a layer2 connection between vlan 1 and vlan 99 over the trunk. This impacts your network topology and STP behavior.

You should configure the same vlan as 'native' on both sides of a trunk.

regards,

Leo

0 Helpful

Go to solution
Sundeep Dsouza
Level 1
Level 1
In response to lgijssel

‎01-16-2011 11:06 PM

Thanks Leo for the input. As for the trunk link you mentioned, let me clarify that the link between Catalyst 500 and 3560 8 port switch is not a trunk link. Fa0/3 and 0/4 are configured as access ports with vlan 99 and vlan 111. The switch 3560 is acting like a pure L2 switch. If the link between the two switches were to be a trunk link, I could have configured native vlans on both the ends.

Regards

0 Helpful

Go to solution
lgijssel
Level 9
Level 9
In response to Sundeep Dsouza

‎01-16-2011 11:28 PM

Can you please provide some details on the port config?

sh run

sh vlan

sh vtp

sh spanning-tree

regards,

Leo

0 Helpful

Go to solution
Sundeep Dsouza
Level 1
Level 1
In response to lgijssel

‎01-16-2011 11:57 PM

Show run int fa0/3 on Catalyst 500  ( Configuration on fa0/4 is the same)

interface FastEthernet0/3
switchport access vlan 99
switchport mode access
switchport voice vlan 111
switchport port-security
switchport port-security maximum 6
switchport port-security aging time 2
switchport port-security violation restrict
switchport port-security aging type inactivity
switchport port-security maximum 3 vlan access
switchport port-security maximum 3 vlan voice
ip arp inspection trust
ip access-group 2118 in
service-policy input general-map
srr-queue bandwidth share 10 10 35 45
srr-queue bandwidth shape  10  0  0  0
queue-set 2
macro description cisco-ipphone
storm-control broadcast level 0.10
spanning-tree portfast
spanning-tree bpdufilter enable
spanning-tree bpduguard enable
end

---------------------------------------

Sh vlan info

1    default                          active   
99    User                            active  

33    Servers                       active   
111   Voice                         active  

---------------------------------------

Sh VTP status

VTP Version                           : 2
Configuration Revision          : 0
Maximum VLANs supported locally : 30

Number of existing VLANs        : 4

VTP Operating Mode              : Transparent
VTP Domain Name                 :
VTP Pruning Mode                 : Disabled
VTP V2 Mode                         : Disabled
VTP Traps Generation           : Disabled

---------------------------------------------------

Sh spanning-tree

VLAN0001
  Spanning tree enabled protocol rstp
  Root ID    Priority    24577
             Address     0017.9451.eb84
             Cost        4
             Port        1 (GigabitEthernet1)
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec

  Bridge ID  Priority    32769  (priority 32768 sys-id-ext 1)
             Address     0016.4651.c980
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec
             Aging Time 300

Interface        Role Sts Cost      Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Gi1              Root FWD 4         128.1    P2p Peer(STP)
Gi2              Altn BLK 4         128.2    P2p Peer(STP)

VLAN99
  Spanning tree enabled protocol rstp
  Root ID    Priority    24578
             Address     0017.9451.eb84
             Cost        4
             Port        1 (GigabitEthernet1)
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec

  Bridge ID  Priority    32770  (priority 32768 sys-id-ext 2)
             Address     0016.4651.cb980
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec
             Aging Time 300

Interface        Role Sts Cost      Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Gi1              Root FWD 4         128.1    P2p Peer(STP)
Gi2              Altn BLK 4         128.2    P2p Peer(STP)
Fa1              Desg FWD 19        128.3    Edge P2p
Fa2              Desg FWD 19        128.4    Edge P2p
Fa3              Desg FWD 19        128.5    Edge P2p
Fa4              Desg FWD 19        128.6    Edge P2p
Fa5              Desg FWD 19        128.7    Edge P2p
Fa6              Desg FWD 19        128.8    Edge P2p
Fa7              Desg FWD 19        128.9    Edge P2p
Fa8              Desg FWD 19        128.10   Edge P2p
Fa10             Desg FWD 19        128.12   Edge P2p
Fa11             Desg FWD 19        128.13   Edge P2p
Fa13             Desg FWD 19        128.15   Edge P2p
Fa16             Desg FWD 19        128.18   Edge P2p
Fa19             Desg FWD 19        128.21   Edge P2p
Fa21             Desg FWD 19        128.23   P2p
Fa23             Desg FWD 19        128.25   Edge P2p
Fa24             Desg FWD 19        128.26   Edge P2p

VLAN33
  Spanning tree enabled protocol rstp
  Root ID    Priority    24579
             Address     0017.9451.eb84
             Cost        4
             Port        1 (GigabitEthernet1)
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec

  Bridge ID  Priority    32771  (priority 32768 sys-id-ext 3)
             Address     0016.4651.c980
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec
             Aging Time 300

Interface        Role Sts Cost      Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Gi1              Root FWD 4         128.1    P2p Peer(STP)
Gi2              Altn BLK 4         128.2    P2p Peer(STP)

VLAN111
  Spanning tree enabled protocol rstp
  Root ID    Priority    24580
             Address     0017.9451.eb84
             Cost        4
             Port        1 (GigabitEthernet1)
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec

  Bridge ID  Priority    32772  (priority 32768 sys-id-ext 4)
             Address     0016.4651.c980
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec
             Aging Time 300

Interface        Role Sts Cost      Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Gi1              Root FWD 4         128.1    P2p Peer(STP)
Gi2              Altn BLK 4         128.2    P2p Peer(STP)
Fa1              Desg FWD 19        128.3    Edge P2p
Fa2              Desg FWD 19        128.4    Edge P2p
Fa3              Desg FWD 19        128.5    Edge P2p
Fa4              Desg FWD 19        128.6    Edge P2p
Fa5              Desg FWD 19        128.7    Edge P2p
Fa6              Desg FWD 19        128.8    Edge P2p
Fa7              Desg FWD 19        128.9    Edge P2p
Fa8              Desg FWD 19        128.10   Edge P2p
Fa10             Desg FWD 19        128.12   Edge P2p
Fa11             Desg FWD 19        128.13   Edge P2p
Fa13             Desg FWD 19        128.15   Edge P2p
Fa16             Desg FWD 19        128.18   Edge P2p
Fa19             Desg FWD 19        128.21   Edge P2p
Fa23             Desg FWD 19        128.25   Edge P2p
Fa24             Desg FWD 19        128.26   Edge P2p

----------------------------------------------------------

Please note that the Catalyst 500 switch has one more trunk link going to a second core 3560 switch, which is not shown in the diagram. Also note that Core 1 is the root switch in our network. However, when I do show spanning-tree on the 3560 8 port switch, it shows this as the root switch. This is not good for STP operation. Please suggest.

Regards

0 Helpful

Go to solution
lgijssel
Level 9
Level 9
In response to Sundeep Dsouza

‎01-17-2011 12:16 AM

Still missing the port config of the 3560-8.

0 Helpful

Go to solution
Sundeep Dsouza
Level 1
Level 1
In response to lgijssel

‎01-17-2011 12:24 AM

Opps!!! Sorry here it is.

Sh run

version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
no aaa new-model
system mtu routing 1500
vtp mode transparent
ip subnet-zero
!
no file verify auto
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
interface FastEthernet0/1
!
interface FastEthernet0/2
!
interface FastEthernet0/3
!
interface FastEthernet0/4
!
interface FastEthernet0/5
!
interface FastEthernet0/6
!
interface FastEthernet0/7
!
interface FastEthernet0/8
!
interface GigabitEthernet0/1
!
interface Vlan1
ip address dhcp
!
ip classless
ip http server
!
control-plane
!
-----------------------------

Sh vlan

VLAN Name                             Status    Ports
---- -------------------------------- --------- ---------------------------
1    default                          active        Fa0/1, Fa0/2, Fa0/3, Fa0/4
                                                            Fa0/5, Fa0/6, Fa0/7, Fa0/8, Gi0/1
1002 fddi-default                act/unsup
1003 token-ring-default      act/unsup
1004 fddinet-default           act/unsup
1005 trnet-default               act/unsup

------------------------------------------------

Sh vtp status

VTP Version                     : 2
Configuration Revision          : 0
Maximum VLANs supported locally : 1005
Number of existing VLANs        : 5
VTP Operating Mode              : Transparent
VTP Domain Name                 :
VTP Pruning Mode                : Disabled
VTP V2 Mode                     : Disabled
VTP Traps Generation            : Disabled
--------------------------------------------------

Sh spanning-tree

VLAN0001
  Spanning tree enabled protocol ieee
  Root ID    Priority    32769
             Address     68bd.ab58.f400
             This bridge is the root
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec

  Bridge ID  Priority    32769  (priority 32768 sys-id-ext 1)
             Address     68bd.ab58.f400
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec
             Aging Time 300

Interface        Role Sts Cost      Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Gi0/1            Desg FWD 19        128.1    P2p
Fa0/1           Desg FWD 19        128.2    P2p ( this is an IP phone)

Regards

0 Helpful

Go to solution
lgijssel
Level 9
Level 9
In response to Sundeep Dsouza

‎01-17-2011 12:42 AM

On the 3560 you have a default config. This means auto-negotiate trunking which may contribute to the cause of your problem. You can verify the actual status using the command: sh int fa0/1 swi.

With such a simple config, you should rather move all ports to vlan 99:

int ra fa0/1-8

swi mo acc

swi acc vlan 99

spanning-tree portfast

The management vlan can either be shut down or moved to vlan 99 as well. (create int vlan 99, shut int vlan 1)

Also I would recommend removing the bpdu filter and guard from the Cat500.

As you can see, the filtering has caused the 3560 to think it is the root.

It is better to have a consistent STP topology. Having the other 3560 as the root is fine.

regards,

Leo

0 Helpful

Go to solution
Sundeep Dsouza
Level 1
Level 1
In response to lgijssel

‎01-17-2011 01:09 AM

Talking about Auto negotiate trunk, kindly check the show int switchport output for Catalyst 500 3560-8 ports.

Catalyst 500 - Show int fa0/3 switchport

Name: Fa0/3
Switchport: Enabled
Administrative Mode: static access
Operational Mode: static access
Administrative Trunking Encapsulation: dot1q
Operational Trunking Encapsulation: native
Negotiation of Trunking: Off
Access Mode VLAN: 99

Trunking Native Mode VLAN: 1 (default)
Administrative Native VLAN tagging: enabled
Voice VLAN: 111

Administrative private-vlan host-association: none
Administrative private-vlan mapping: none
Administrative private-vlan trunk native VLAN: none
Administrative private-vlan trunk Native VLAN tagging: enabled
Administrative private-vlan trunk encapsulation: dot1q
Administrative private-vlan trunk normal VLANs: none
Administrative private-vlan trunk private VLANs: none
Operational private-vlan: none
Trunking VLANs Enabled: ALL
Pruning VLANs Enabled: 2-1001
Capture Mode Disabled
Capture VLANs Allowed: ALL

Protected: false
Unknown unicast blocked: disabled
Unknown multicast blocked: disabled
Appliance trust: none

Cisco 3560 - Show int G0/1 switchport

Name: Gi0/1
Switchport: Enabled
Administrative Mode: dynamic auto
Operational Mode: static access
Administrative Trunking Encapsulation: negotiate
Operational Trunking Encapsulation: native
Negotiation of Trunking: On
Access Mode VLAN: 1 (default)
Trunking Native Mode VLAN: 1 (default)
Administrative Native VLAN tagging: enabled
Voice VLAN: none
Administrative private-vlan host-association: none
Administrative private-vlan mapping: none
Administrative private-vlan trunk native VLAN: none
Administrative private-vlan trunk Native VLAN tagging: enabled
Administrative private-vlan trunk encapsulation: dot1q
Administrative private-vlan trunk normal VLANs: none
Administrative private-vlan trunk private VLANs: none
Operational private-vlan: none
Trunking VLANs Enabled: ALL
Pruning VLANs Enabled: 2-1001
Capture Mode Disabled
Capture VLANs Allowed: ALL

Protected: false
Unknown unicast blocked: disabled
Unknown multicast blocked: disabled
Appliance trust: none

----------------------------------------------------

Although both the above ports are in auto negotiate trunk mode, their operational mode says "Static access". So in my opinion, there arent any trunk between the switches. Also I might need to add one more vlan to range fa0/1-8 and that is the voice vlan. So the configuration would be like

int ra fa0/1-8

swi mo acc

swi acc vlan 99

switchport voice vlan 111
spanning-tree portfast

If I configure the above, I think I will need to establish a dot1q trunk between the switches. So on Gi0/1(3560) and FA0/3 Catalyst 500, I will need switchport mode trunk followed by the encapsulation. What do you suggest?

Regards

0 Helpful

Go to solution
lgijssel
Level 9
Level 9
In response to Sundeep Dsouza

‎01-17-2011 01:26 AM

This is certainly true but the reason for the error message is CDP exchanging vlan parameters.

Although there is may not be an actual mismatch, it is still interpreted as such. You may consider this a warning about a potentially inconsistent configuration. My impression was that you wanted to get rid of this error message.

This can be achieved by either setting the access vlans on the 3560 to vlan 99 or by building a trunk like you suggested.

My standard setting is as follows:

swi mode trunk

swi nonegotiate

Be sure to create all vlans on every switch or configure vtp.

regards,

Leo

0 Helpful

Go to solution
milan.kulik
Level 10
Level 10
In response to lgijssel

‎01-17-2011 11:27 AM

Hi,

another possibilities if you need to keep the access ports in different VLANs:

1) disabling CDP on the port

2) using CDP ver 1.

See http://www.cisco.com/en/US/docs/switches/lan/catalyst3560/software/release/12.2_25_sea/configuration/guide/swcdp.html#wp1028306

HTH,

Milan

Customers Also Viewed These Support Documents