Solved

VLAN mismatch on trunk, why?

Posted on 2014-07-31
6
1,147 Views
Last Modified: 2014-08-02
This is using an old cisco catalyst switch 2960 24-port, 100-based. This switch is used to support 2 VLANs - one for data, and other for voice. Data using 101, and voice using 102. A second port - fastethernet0/2, was configured as trunk with the following config:

   interface FastEthernet0/2
   switchport access vlan 101
   switchport trunk allowed vlan 101,102
   switchport mode trunk
   switchport nonegotiate
   duplex full

I believed this is using dot1q.

Now, I have setup a new cisco switch - 2960, 48-port (POE), in gigabit. On this switch, port 2 - gig1/0/2 is also setup as trunk with config:

  interface GigabitEthernet1/0/2
 switchport access vlan 101
 switchport trunk allowed vlan 101,102
 switchport mode trunk
 switchport nonegotiate
 duplex full

The problem is, a trunk is not established. On the console, I saw an CDP error as follows:

 %CDP-4-NATIVE_VLAN_MISMATCH: Native VLAN mismatch discovered on FastEthernet0/2 (1), with Switch03 GigabitEthernet1/0/2 (101).

Does this mean the native vlan is mismatched? how can i solved the problem?

thanks,
0
Comment
Question by:MichaelBalack
  • 3
  • 2
6 Comments
 
LVL 1

Assisted Solution

by:Daniel Blackmore
Daniel Blackmore earned 250 total points
ID: 40232208
Hi,

First of all I would remove the 'switchport access vlan 101' from the interface config as it is not needed being a trunk port.

You can use the command 'show int trunk' on both switches to see the native vlans of each trunk port configured. I would have expected to see a command of 'switchport trunk native vlan xxx' somewhere though.

If they are the same, I am assuming you do not want VLAN 1 to be the native VLAN? If so run the command on both interfaces 'switchport trunk native vlan 99' or whatever VLAN you want as the native (Create the vlan first however)

Regards
0
 
LVL 28

Accepted Solution

by:
mikebernhardt earned 250 total points
ID: 40232245
In the older code, the access vlan also became the native vlan. In never code, it's a separate item. As already stated, remove "switchport access vlan101" from both configs as it's not needed, and that will probably also fix your native vlan mismatch. They use vlan1 by default, and that's fine. You should not use Vlan1 for any data.

Not sure why you're using switchport nonegotiate? I would see if you can add the command "switchport trunk encapsulation dot1q" If it doesn't like it, then the ports only support dot1q anyway. If it does, this will prevent them trying to set up something else.
0
 
LVL 1

Author Comment

by:MichaelBalack
ID: 40232281
Thank both, i will arranged to be onsite to make the suggested changes.

Will update you guys...
0
Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

 
LVL 1

Author Closing Comment

by:MichaelBalack
ID: 40234950
Precisely, after "no switchport access vlan 101",  and then "switchport trunk native vlan 101";  It still doesn't work until I type "no duplex full" on one switch, the trunk was eventually established. After that, I put in the "duplex full", the trunk is still established and everything work fine. Thanks both.
0
 
LVL 28

Expert Comment

by:mikebernhardt
ID: 40235036
I highly recommend that you not use the native vlan for your data vlan. Change the native vlan to vlan 1 (or use vlan 1 for your data if you want to use 101 for the native vlan).

The reason is that the native vlan is untagged and therefore less secure.
0
 
LVL 1

Author Comment

by:MichaelBalack
ID: 40236008
Thanks Mikebenhardt.
0

Featured Post

Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

How to configure Site to Site VPN on a Cisco ASA.     (version: 1.1 - updated August 6, 2009) Index          [Preface]   1.    [Introduction]   2.    [The situation]   3.    [Getting started]   4.    [Interesting traffic]   5.    [NAT0]   6.…
If you have an ASA5510 then this sort of thing would be better handled with a CSC Module, however on an ASA5505 thats not an option, and if you want to throw in a quick solution to stop your staff going to facebook during work time, then this is the…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now