Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
957
Views
5
Helpful
6
Replies

Switching problem with vlan mismatch

AlexandrosMavridis
Level 1
Level 1

‎12-04-2020 01:28 PM

Hi i use a Firepower to filter the traffic , so from the wan router is going the traffic to the switch with vlan 10 and then a portchannel with switchport access vlan 10 to the firepower and a second portchannel which send the traffic from Firepower to the switch with vlan 11, in the first switch was an Catalyst i saw in log %CDP-4-NATIVE_VLAN_MISMATCH strange because i have access ports not a trunk but i thougt ok its happen because the firepower is transparent , i configure no cdp enable and i dont see the log anymore and the design working from the beginning. Today i had a meraki switch and there i saw cdp-vlan-mismatch and i can not disable cdp on meraki, any suggestion how will my design will work? 

Labels:
0 Helpful
6 Replies 6

Reza Sharifi
Hall of Fame
Hall of Fame

‎12-04-2020 01:55 PM

Hi,

Since you can't disable CDP on the Meraki switch, try making the connections between the firewall and switches trunk and test.

If you plan to make the change, you would need a maintenance window as the link will go down until you configure both sides of the link as a trunk.

HTH

 

0 Helpful

AlexandrosMavridis
Level 1
Level 1
In response to Reza Sharifi

‎12-04-2020 02:07 PM

the problem is we dont want to change the design because we have the same or we will have on 20-30 locations and only have meraki, so you think also that the problem is from cdp?

0 Helpful

Reza Sharifi
Hall of Fame
Hall of Fame
In response to AlexandrosMavridis

‎12-04-2020 02:39 PM

the problem is we dont want to change the design because we have the same or we will have on 20-30 locations and only have meraki, so you think also that the problem is from cdp?

I completely understand you want to keep things consistent and it makes sense. If you don't have any native vlan mismatch anywhere on the switches, then it can be CDP. 

HTH

AlexandrosMavridis
Level 1
Level 1
In response to Reza Sharifi

‎12-04-2020 03:15 PM

traffic is going like this from Core switchport access vlan 10 ---> Firepower ports only enable not trunk --> to core switchport access vlan 20 and i am almost sure thats the reason for the vlan mismatch... with a catalyst i just saw the mismatch but is working with meraki not :s 

0 Helpful

Reza Sharifi
Hall of Fame
Hall of Fame
In response to AlexandrosMavridis

‎12-04-2020 05:11 PM

So, if I understand you correctly, the firepower connects to 2 different core switches and one side is in vlan 10 and the other is in vlan 20?

Or the firepower connects to 2 different ports on the same switch but in different vlans? which one is that?

HTH

0 Helpful

AlexandrosMavridis
Level 1
Level 1
In response to Reza Sharifi

‎12-05-2020 01:59 AM

i have two firepowers and two switches but take the example 1:1 one Firepower connected with one switch with two port channels, the one is access vlan 10 and the orther 20 , the Firepower is transparent mode and i saw in the switch log msgs mismatch the first interface onn the first port channel  on the switch with the second portchannel interfaces

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card