cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
7079
Views
10
Helpful
5
Replies

Two switches connected by access port but with two different vlan at both end

olly ahmed
Level 1
Level 1

I have two switch connected by access port. And in syslog it is showing native vlan mismatch. Can anyone describe it why we connect two switches by access port with different access vlan in 2 switches. Here is an sample configuration given below:

A#show running-config interface fa0/22
Building configuration...

Current configuration : 200 bytes
!
interface FastEthernet0/22
description "With A"
switchport mode access
storm-control broadcast level 5.00
storm-control multicast level 5.00
storm-control action shutdown
end

A#


====================================================
B#

Current configuration : 231 bytes
!
interface GigabitEthernet4/0/41
description "With A"
switchport access vlan 963
switchport mode access
storm-control broadcast level 5.00
storm-control multicast level 5.00
storm-control action shutdown
end

5 Replies 5

pwwiddicombe
Level 4
Level 4

Since the ports are defined as access ports, this will "function" normally, and just send standard untagged Ethernet packets, and will function.

CDP, however, runs on the ports and has determined you have interconnected 2 switches; and the VLAN neighbor information differs (CDP will also report on duplex mismatches and a few other things).   It looks like the first switch listed above has no vlan specified, so presumably it's vlan will be 1 - was that intentional?

While this isn't technically a problem, it can cause some confusion; and wouldn't work at all if you later decide you need VLANs in place and designate these ports as trunk.  This can also be annoying during troubleshooting when the logs are full of VLAN mismatch messages, and your important event has scrolled off. 

Fix is to actually change the vlan numbering on one of the switches to match the other; although this can be tricky to change if remote (you probably lose the connection when you change the port vlan setting; midway through the reconfig ! ).  A workaround is to disable CDP on these ports ("no cdp enable"), so they don't exchange CDP information.

It may work well, but as pwwiddicombe said, in case if you make it to trunk it can end up in undesired results. So in future if you are changing this to a trunk to allow multiple vlans over this link, ensure you remove these access vlan commands and configure same native vlan at both ends.

Thanks,

Madhu

Guru Mysoruu
Level 1
Level 1

Hi

Native Vlan or That Traffic will not be tagged by the Switch

Switch A is having Vlan 1 a Native Vlan and Switch B is having Vlan 2 As Native Vlan.Its obvious that you will see native Vlan Mismatch Because Switch A Is Sending Vlan 1 Without Tagging to switch B and vice Versa..Both starts processing packets and See Two Diffrent Vlan traffic as Native Vlan.

Regards,

Gurudath K S

The original post asks an important question which none of the responses so far have addressed. The question was "  Can anyone describe it why we connect two switches by access port with different access vlan in 2 switches". I can suggest a couple of possible answers to this question:

1) It is quite likely that this configuration is the result of an error on switch A. Perhaps the person overlooked the need to assign a vlan, or perhaps the switchport access vlan command was entered but there was a syntax error and the command was not accepted, or perhaps the config was done with cut and paste and there was a buffering issue which caused a command to be dropped.

2) It is possible that the configuration was done as a test to see what would happen.

3) It is possible that someone did this "because I can do it"

Several responses have said that this configuration does work. I think it gets interesting to look at that from the perspective of processing layer 2 and from the perspective of processing layer 3. To begin the consideration of layer 2 processing it might help to refresh out understanding of a vlan. At layer 2 a vlan defines a broadcast domain which means that any device in this broadcast domain will be locally connected to every other device in the broadcast domain (any device can arp for the other device and will receive an arp response and will be able to communicate directly with each other. So with this config the broadcast domain of vlan 963 on switch B is joined to the broadcast domain of vlan 1 on switch A and any device on switch B in vlan 963 will be able to communicate directly with any device on switch A in vlan 1. 

From the perspective of layer 3 this gets a bit problematic. We tend to assume that there is a one to one relationship between vlans and subnets. So the assumption might be that vlan 963 uses subnet 192.168.3.0 and that  vlan 1 uses subnet 192.168.10.0. So from the perspective of layer 2 all these devices are locally connected, but from the perspective of layer 3 the devices would appear to be remote but they could be able to communicate directly with each other without requiring layer 3 routing to be enabled.

HTH

Rick

HTH

Rick

csmith44
Level 1
Level 1

This is an old thread, wasn't sure whether to start a new one but my issue relates. I've got the following setup at site1:

R1 gi0/1/1 switchport access vlan 9  >> SW1 gi0/1/2 switchport access vlan 1155 

SW1> trunk all vlans >SW2

SW2 gi0/1/3 switchport access vlan 1155 >> R2 gi0/1/1 switchport access vlan 9

physical ints/svi's up/up on both routers, vlan9 subnet 10.10.1.0/28, R1 and R2 can ping each other in vlan9. Any reason why this is a bad idea or shouldn't work?

Reason i ask is i have the exact same setup at site2/same config - physical ints/svi's up/up on both routers, vlan9 subnet 10.10.2.0/28 - but at this site i can't ping between the 2 routers. SW2 learns the MAC of R2 gi0/1/1 but R2 learns nothing on gi0/1/1.

cheers

 

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco