Re: vlan dot1q tag native on catalyst 3750

guillaume.chartrand · ‎09-10-2018

Hi,

We have a problem with vlan tag and we want to know if it’s the way we build our network who’s incorrect of if it’s the function isn’t fully supported on our equipment.

We have a core switch Catalyst 3750 with ip service activated, so it’s the core switch act as layer 3 for one of our building.

All the vlan is configurated on this switch. We have setup an ip address on the vlan 1 and we access is by telnet with the vlan 1 ip address.

The switch is connected thru other switch (2960 model) by a config switchport mode trunk

I need to activate a global config “vlan dot1q tag native” on my core. But when I make this, all my network goes down, even in console of my 3750 switch, I can’t no more access all my other 2960 switch thru my vlan 1. If I disable the “vlan dot1q tag native” all the network become available and I can manage all my switch thru is vlan 1 ip address.

I make the same setup in other building except the core switch is a 3850 instead of 3750. Can it be the problem?

Is is a part of the config

Switch CORE 3750

Ios version : Cisco IOS Software, C3750 Software (C3750-IPSERVICESK9-M), Version 12.2(50)SE, RELEASE SOFTWARE (fc1)

The trunk port thru my other switch (2960)

interface Port-channel1

switchport trunk encapsulation dot1q

switchport mode trunk

!

interface GigabitEthernet1/0/2

switchport trunk encapsulation dot1q

switchport mode trunk

channel-protocol lacp

channel-group 1 mode active

!

interface GigabitEthernet1/0/3

switchport trunk encapsulation dot1q

switchport mode trunk

channel-protocol lacp

channel-group 1 mode active

!

interface GigabitEthernet1/0/4

switchport trunk encapsulation dot1q

switchport mode trunk

channel-protocol lacp

channel-group 1 mode active

On my 2960 switch:

Ios version : Cisco IOS Software, C2960S Software (C2960S-UNIVERSALK9-M), Version 12.2(55)SE3, RELEASE SOFTWARE (fc1)

Config of trunk port:

interface Port-channel1

switchport mode trunk

!

interface GigabitEthernet1/0/42

switchport mode trunk

channel-protocol lacp

channel-group 1 mode active

!

interface GigabitEthernet1/0/47

switchport mode trunk

channel-protocol lacp

channel-group 1 mode active

!

interface GigabitEthernet1/0/48

switchport mode trunk

channel-protocol lacp

channel-group 1 mode active

!

Matt Delony · ‎09-10-2018

Hello Guillaume.chartrand,

In IOS, the command "vlan dot1q tag native" should have the effect of tagging outbound traffic on the native vlan. It will also have the effect of dropping inbound untagged traffic (reference). I'm suspecting that 3750 was dropping traffic from 2960 if you configured only on the 3750 side.

3850 should have the same behavior, but there was a bug opened because the platform was not implementing the feature properly. Please see CSCvc14778. Fixed release 15.2(3)E5 = 03.07.05E. I'm not sure what version of IOS-XE you're running on 3850.

If you enable this command on 3750, then you need to enable on 2960 as well.

guillaume.chartrand · ‎09-10-2018

Hi Matt,

I can't enable this command on 2960 switch, the command isn't present.

in config mode, the only listed command with "vlan" is

switch(config)#vlan ?

WORD ISL VLAN IDs 1-4094

access-map Create vlan access-map or enter vlan access-map command mode

filter Apply a VLAN Map

group Create a vlan group

internal internal VLAN

In the reference you pointed me, they said that these command need to be enable

"spanning-tree bpdufilter enable"

Can it be the problem?

On my 3750, only these command is enabled

spanning-tree mode rapid-pvst

spanning-tree etherchannel guard misconfig

spanning-tree extend system-id

On my 2960, it's

spanning-tree mode pvst

spanning-tree extend system-id

Thanks for your help

Matt Delony · ‎09-10-2018

Hello Guillaume.chartrand,

I checked and unfortunately it looks like the 2960 platform doesn't support tagging native vlan. So your implementation of tagging the native vlan won't work with the 2960 switch. You could force VLAN 1 to be non-native on both sides. But you'd have to be mindful of the vlan that you choose to be native for the trunk, it would effectively not be able to pass traffic to 3750 with native vlan tagging enabled.

The BPDUfilter config was a recommendation for service provider edge routers so that customer STP BPDU's don't interfere with the provider's internal STP implementation.

guillaume.chartrand · ‎09-10-2018

Ok,

instead of changing the native vlan, we don't need to use vlan 1 as management vlan for our switch. it's a config who was created very long time ago and persist with no specific utility. I will create another vlan for management and assign an ip in that vlan for all my switch and I will be able to enable vlan tagging, right?

Matt Delony · ‎09-10-2018

Hello Guillaume.chartrand,

That should work. Please note that all non-native vlans on a trunk are already using a vlan tag. It's the native vlan which is sent/received untagged by default. The "vlan dot1q tag native" command tells the switch to set vlan tag for native vlan, which is not the default setting.

paul driver · ‎09-10-2018

Hello

If you going to tag the native vlan globally then you need to apply this to every switch in your estate that connects to the L3 core switch, and not just the core switch, even if you create a another unused vlan it still will become tagged if you use this command.

The other alternative is as you have stated is to create and use a used vlan other than vlan 1 and make that native without tagging it

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul