Re: NATIVE_VLAN_MISMATCH on a non-trunk port - Page 2

ido.edo10 · ‎03-16-2009

Hello,

I have a Cisco 851w that connects to a Catalyst 2950, the Catalyst have a few vlans and a FW that is being the "Router on a stick", the 851w should only be used in VLAN20.

It connects to Fa0/23 on the catalyst which is configured as follows:

interface FastEthernet0/23

description Line to xxx Fa0

switchport access vlan 20

switchport mode access

switchport port-security

switchport port-security violation restrict

switchport port-security mac-address sticky

switchport port-security mac-address sticky aaaa.bbbb.cccc

load-interval 30

speed 100

duplex full

spanning-tree portfast

Even though, I got errors in the log:

%CDP-4-NATIVE_VLAN_MISMATCH: Native VLAN mismatch discovered on FastEthernet0/23 (20), with xxxxx FastEthernet0 (1). (Same errors appear on the 851 log with different direction)

The 851 doesn't really support VLANs, it does have a vlan database but only "supports" VLAN1, although that doesn't really suppose to matter as I don't try to negotiate a trunk between the devices, and even if I was trying, the native vlan for that interface would be VLAN1 as seen in the following output:

sh int fastEthernet 0/23 switchport

Name: Fa0/23

Switchport: Enabled

Administrative Mode: static access

Operational Mode: static access

Administrative Trunking Encapsulation: dot1q

Operational Trunking Encapsulation: native

Negotiation of Trunking: Off

Access Mode VLAN: 20 (Wifi-DMZ)

Trunking Native Mode VLAN: 1 (default)

Voice VLAN: none

Administrative private-vlan host-association: none

Administrative private-vlan mapping: none

Administrative private-vlan trunk native VLAN: none

Administrative private-vlan trunk encapsulation: dot1q

Administrative private-vlan trunk normal VLANs: none

Administrative private-vlan trunk private VLANs: none

Operational private-vlan: none

Trunking VLANs Enabled: ALL

Pruning VLANs Enabled: 2-1001

Capture Mode Disabled

Capture VLANs Allowed: ALL

Protected: false

Unknown unicast blocked: disabled

Unknown multicast blocked: disabled

Appliance trust: none

Any one has an idea how to "fix" that problem? the error shouldn't appear in the logs

Thanks,

Ido.

Edison Ortiz · ‎03-16-2009

As you have bridging enabled on the 851w, it is carrying BPDUs on the link and the 2950 is detecting it as a regular switch where the Vlans must match.

Now, having different Vlans (both in access-mode) shouldn't be a problem with the connection there but CDP is quite picky when it comes to that.

You can either ignore the message (hard to do when filling up your log) or disable CDP at both ends of the link.

http://www.cisco.com/en/US/docs/ios/netmgmt/command/reference/nm_03.html#wp1011618

HTH,

__

Edison.

ido.edo10 · ‎03-16-2009

OK, I did manage to solve the problem, while looking at the input from the show cdp ne fa0/23 de command I saw that both the switch and the router was on the same VTP domain (although, obviously the cannot share the same database), and it said "Native Vlan: 1 (Mismatch)"

Changing the VTP domain on the router solved the problem and now it says "Native Vlan: 1" - looks like it doesn't care that there is a mismatch.

Regarding the bridging enable - looks like it doesn't matter, I just tried with a Cisco 851 that doesn't have any bridging and had the same "problem", the 851 also sends BPDUs (was confirmed using bpduguard on the port...) although it doesn't run spanning tree. (reports "No spanning tree instances exist." when using the show span command)

However I still can't find out how does CDP decides what is the "native vlan" at the other side (and obviously it decides incorrectly, because as shown by the show int fa0/23 switchport the native vlan is auto set to 1) any ideas regarding that?