cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
5065
Views
0
Helpful
7
Replies

Trunks with two different Native VLANs

dclarolh1
Level 1
Level 1

Hello. I have a cisco 9372PX and a 3750-x connected to each other.

I am getting native vlan mismatches in the logs on the 3750-x only and unsure why as i'm in the understanding that both switches can use their own native vlan.

9K Config

interface Ethernet1/9
switchport
switchport mode trunk
switchport trunk native vlan 7
switchport trunk allowed vlan 190
bandwidth 5000000
no shutdown

3K Config

interface GigabitEthernet2/0/45
switchport trunk encapsulation dot1q
switchport trunk native vlan 6
switchport trunk allowed vlan 190
switchport mode trunk

3K Error

Feb 27 13:48:07: %CDP-4-NATIVE_VLAN_MISMATCH: Native VLAN mismatch discovered on GigabitEthernet2/0/45 (6), with x Ethernet1/9 (7).

1 Accepted Solution

Accepted Solutions

Hi, you could create the vlan 6 or 7 on both switches and use it as native vlan on both devices. If these vlans are not being used for operations or end users you have green light to proceed. 

For example you could create a native vlan for your entire layer 2 infrastructure and assign it for that role only. This vlan should be created the native vlan on all your switches. 

Switch 1

vlan 999
name NATIVE-VLAN

interface g1/1/1
description TRUNK-TO-SWITCH2
switchport trunk encapsulation dot1q
switchport mode trunk
switchport trunk native vlan 999
no shutdown.

Switch 2

vlan 999
name NATIVE-VLAN

interface g1/1/1
description TRUNK-TO-SWITCH1
switchport trunk encapsulation dot1q
switchport mode trunk
switchport trunk native vlan 999
no shutdown.




>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<

View solution in original post

7 Replies 7

Hi

Both switches must use the same native vlan otherwise you will receive that error message and problems with the communication between them.




>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<

Can I just tag vlan 190 as native then since i'm dedicating that VLAN for this traffic anyway? Would that change this config at all?

Hi 

A good practice for security purposes is to create a specific vlan for native, and this vlan should not be used for other role. 

:-)




>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<

so since I already have vlan 190 specified for the allowed traffic, vlan 6 specified as the default native for the 9k, vlan 7 specified as the default native for the 3k. I should create a 4th vlan that both switches will use just for the native?

Is it best practice for every trunk to have a new native vlan or is it best practice to create a second native vlan for all trunks?

Hi, you could create the vlan 6 or 7 on both switches and use it as native vlan on both devices. If these vlans are not being used for operations or end users you have green light to proceed. 

For example you could create a native vlan for your entire layer 2 infrastructure and assign it for that role only. This vlan should be created the native vlan on all your switches. 

Switch 1

vlan 999
name NATIVE-VLAN

interface g1/1/1
description TRUNK-TO-SWITCH2
switchport trunk encapsulation dot1q
switchport mode trunk
switchport trunk native vlan 999
no shutdown.

Switch 2

vlan 999
name NATIVE-VLAN

interface g1/1/1
description TRUNK-TO-SWITCH1
switchport trunk encapsulation dot1q
switchport mode trunk
switchport trunk native vlan 999
no shutdown.




>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<

If the trunk is configured to allow only vlan 190 then the error is pretty much cosmetic. If the trunk did carry traffic for the native vlan then the results would be much more of a problem. If the trunk did carry traffic for the native vlan then the result would be that you are bridging vlan 7 on one side with vlan 6 on the other side. So effectively you would have a single larger vlan instead of two smaller vlans. I have seen a situation where this was done by mistake and the result was a spanning tree failure and a layer 2 loop that impacted the network.

But if the only vlan carried by the trunk is vlan 190 then there is no bridging of the vlans and no spanning tree failure. But it does make me wonder what is the logic of configuring a trunk  if it is to carry only a single vlan. Why not just configure the interfaces as access ports in vlan 190?

HTH

Rick

HTH

Rick

Ok. I'll have to tackle that another time since there are additional changes. Thanks for all your help!

Review Cisco Networking for a $25 gift card