VLAN mismatch on trunk, why?

Posted on 2014-07-31
Last Modified: 2014-08-02
This is using an old cisco catalyst switch 2960 24-port, 100-based. This switch is used to support 2 VLANs - one for data, and other for voice. Data using 101, and voice using 102. A second port - fastethernet0/2, was configured as trunk with the following config:

   interface FastEthernet0/2
   switchport access vlan 101
   switchport trunk allowed vlan 101,102
   switchport mode trunk
   switchport nonegotiate
   duplex full

I believed this is using dot1q.

Now, I have setup a new cisco switch - 2960, 48-port (POE), in gigabit. On this switch, port 2 - gig1/0/2 is also setup as trunk with config:

  interface GigabitEthernet1/0/2
 switchport access vlan 101
 switchport trunk allowed vlan 101,102
 switchport mode trunk
 switchport nonegotiate
 duplex full

The problem is, a trunk is not established. On the console, I saw an CDP error as follows:

 %CDP-4-NATIVE_VLAN_MISMATCH: Native VLAN mismatch discovered on FastEthernet0/2 (1), with Switch03 GigabitEthernet1/0/2 (101).

Does this mean the native vlan is mismatched? how can i solved the problem?

Question by:MichaelBalack
  • 3
  • 2

Assisted Solution

by:Daniel Blackmore
Daniel Blackmore earned 250 total points
ID: 40232208

First of all I would remove the 'switchport access vlan 101' from the interface config as it is not needed being a trunk port.

You can use the command 'show int trunk' on both switches to see the native vlans of each trunk port configured. I would have expected to see a command of 'switchport trunk native vlan xxx' somewhere though.

If they are the same, I am assuming you do not want VLAN 1 to be the native VLAN? If so run the command on both interfaces 'switchport trunk native vlan 99' or whatever VLAN you want as the native (Create the vlan first however)

LVL 28

Accepted Solution

mikebernhardt earned 250 total points
ID: 40232245
In the older code, the access vlan also became the native vlan. In never code, it's a separate item. As already stated, remove "switchport access vlan101" from both configs as it's not needed, and that will probably also fix your native vlan mismatch. They use vlan1 by default, and that's fine. You should not use Vlan1 for any data.

Not sure why you're using switchport nonegotiate? I would see if you can add the command "switchport trunk encapsulation dot1q" If it doesn't like it, then the ports only support dot1q anyway. If it does, this will prevent them trying to set up something else.

Author Comment

ID: 40232281
Thank both, i will arranged to be onsite to make the suggested changes.

Will update you guys...
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.


Author Closing Comment

ID: 40234950
Precisely, after "no switchport access vlan 101",  and then "switchport trunk native vlan 101";  It still doesn't work until I type "no duplex full" on one switch, the trunk was eventually established. After that, I put in the "duplex full", the trunk is still established and everything work fine. Thanks both.
LVL 28

Expert Comment

ID: 40235036
I highly recommend that you not use the native vlan for your data vlan. Change the native vlan to vlan 1 (or use vlan 1 for your data if you want to use 101 for the native vlan).

The reason is that the native vlan is untagged and therefore less secure.

Author Comment

ID: 40236008
Thanks Mikebenhardt.

Featured Post

Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Cisco VPN client v5 migration to Anyconnect VPN? 8 52
Cisco  3750E switches 1 28
BGP DUAL ISP with IP SLA 10 18
CISCO ASA 5505 double Wan 8 18
From Cisco ASA version 8.3, the Network Address Translation (NAT) configuration has been completely redesigned and it may be helpful to have the syntax configuration for both at a glance. You may as well want to read official Cisco published AS…
Use of TCL script on Cisco devices:  - create file and merge it with running configuration to apply configuration changes
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

831 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question