cat2960 native VLAN1 TAGGED

Unanswered Question
Jun 23rd, 2007
User Badges:


I configured vlan 1,2 and 3 on switch cat2960 ios: C2960 Software (C2960-LANBASE-M), Version 12.2(25)SEE2.

I connected the switch f0/1 port configured like a TRUNK 802.1q, to a cisco2610 router with ios : C2600 Software (C2600-IS-M), Version 12.2(40).

I configured Ethernet SUBINTERFACES on router for 802.1q intervlan routing.

E0/0 subinterface on router has vlan 1 NATIVE encapsulation.

I can't ping the switch from router console and viceversa, intervlan routuing does not work.


Switch#sh interfaces f0/1 switchport

Name: Fa0/1

Switchport: Enabled

Administrative Mode: trunk

Operational Mode: trunk

Administrative Trunking Encapsulation: dot1q

Operational Trunking Encapsulation: dot1q

Negotiation of Trunking: On

Access Mode VLAN: 1 (default)

Trunking Native Mode VLAN: 1 (default)

Administrative Native VLAN tagging: enabled

Voice VLAN: none

Administrative private-vlan host-association: none

Administrative private-vlan mapping: none

Administrative private-vlan trunk native VLAN: none

Administrative private-vlan trunk Native VLAN tagging: enabled

Administrative private-vlan trunk encapsulation: dot1q

Administrative private-vlan trunk normal VLANs: none

Administrative private-vlan trunk private VLANs: none

Operational private-vlan: none

Trunking VLANs Enabled: ALL

Pruning VLANs Enabled: 2-1001

Capture Mode Disabled

Capture VLANs Allowed: ALL

Protected: false

Unknown unicast blocked: disabled

Unknown multicast blocked: disabled

Appliance trust: none



best regards


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Edison Ortiz Sat, 06/23/2007 - 07:03
User Badges:
  • Super Bronze, 10000 points or more
  • Hall of Fame,

    Founding Member

Can you post configs from the router and switch as well as show ip int brief from each device ?

fsoffia Wed, 07/04/2007 - 06:07
User Badges:


the command that you specify does NON exist on cat2960.

VLAN Config guide (OL-8603-01) for IOS 12.2(25)SEE, pag 12-19 say that native VLAN (default vlan 1) is not tagged on truk interfaces.

It seems me that it's not right.

Have you an idea for removing tagging for native vlan 1 on trunks ?

best regards


glen.grant Sun, 06/24/2007 - 18:49
User Badges:
  • Purple, 4500 points or more

you might want to post the port configs from the router and the switch . Normally you should not have to mess with the tagging stuff just make sure the native vlan matches on each end of the link .

Amit Singh Wed, 07/04/2007 - 06:30
User Badges:
  • Cisco Employee,

If you still want to remove the Vlan1 as the native vlan, you can simply create a bogus vlan which does not exist anywhere on the network and set that as the native vlan on the trunk port. This way all the inter-vlan traffic will be tagged towards the router.

Vlan 999

Name Bogus Vlan

Int fa 0/1

switchport trunk native vlan 999

On the router side do not use the native keyword on the router side.

But to be very true, I have personally seen a lots of issues when you remove native vlan on a router-on-stick model for inter-vlan routing that you are setting up.

If you have the same native vlan setup on both the sides it should work. Please paste the router and switch config and we will be able to take it further.

-amit singh

fsoffia Wed, 07/04/2007 - 06:56
User Badges:

hello amit,

I just want to remove ADMINISTRATIVE VLAN 1 TAGGING from switch trunk !

Cat2950 does not have this problem, for example !

Is it possible ?

Anyway I attached config files from cisco2610 and cisco2960.

best regards

Edison Ortiz Wed, 07/04/2007 - 07:09
User Badges:
  • Super Bronze, 10000 points or more
  • Hall of Fame,

    Founding Member

On the router, you have

interface Ethernet0/0.1

encapsulation dot1Q 1 native

ip address

Remove the native keyword on the encapsulation, then reset both ports and check the 2960 status again.

Amit Singh Wed, 07/04/2007 - 08:19
User Badges:
  • Cisco Employee,


If you remove the native keyword on the interface e0/0.1, the original poster will face the native vlan issues as the trunk port will have vlan 1 as the native vlan bydefault.The router will drop the untagged poackets sourced from vlan1 in this case.

I would agree on this if there is a bogus vlan configured on the trunkport as the native vlan instead of the vlan1.

-amit singh

Edison Ortiz Wed, 07/04/2007 - 08:41
User Badges:
  • Super Bronze, 10000 points or more
  • Hall of Fame,

    Founding Member


I believe the native tagging is being learned by the router on this case. I was unable to duplicate this behavior when trunking 2 switches. I understand this may cause a disruption of services but I wanted to verify if by removing the native keyword from the router, would the switch behave any differently.

[edit:] never mind, I checked on 3560 switches and the native VLAN tagging is indeed enabled. Very interesting. I don't see this information on the 3500 or 6500 switches ...

Amit Singh Wed, 07/04/2007 - 08:23
User Badges:
  • Cisco Employee,


Unfortunately You cannot do it on 2960, the command to tag the native vlan on the trunk port is not supported on 2960.The work around that I gave in my earlier post will eventually do the same function but the Native vlan tagging will remain enabled.

-amit singh

fsoffia Thu, 07/05/2007 - 23:04
User Badges:

hello Amit,

I agree with you.

On Cat2960 at the moment I think we can't disable native vlan tagging on trunk ports.

On cisco2610 native vlan 1 tagging is by default, we have just tried this ...

I think like you that a bogus vlan at the moment is the only solution.

I don't like this but it's the only...

Do you think that it could be an IOS bug ?

best regards


Amit Singh Fri, 07/06/2007 - 00:03
User Badges:
  • Cisco Employee,


What is the IOS version running on the 2600 router. If it is later than 12.1.3T then, I think its a bug. This is not an expected behaviour. This behaviour could have been expecetd in the earlier IOS than 12.1.3T.

In earlier IOS " native " keyword was not supported under the sub-interface config.If configured wrong, the router would expect a tag dot1q frame on VLAN1 and the switch is not expecting a tag on VLAN1. As a result, no traffic will pass between VLAN1 on the switch and the router. In these situations always put the configuration for the native VLAN under the main interface and on the trunk create subinterface for all other VLAN.

I think you might be hitting this BUG : CSCds42715

Did you try upgrading the IOS on the router with int the same train. We have only two options here:

Try upgrading the IOS to the latest train

Confiigure the bogus vlan on the trunk port and TAG all the vlans to the router trunk.

Let us know if that works.

-amit singh

Amit Singh Mon, 07/09/2007 - 06:52
User Badges:
  • Cisco Employee,


You are running 12.2.40 which is a much later release than 12.1.3T.

This looks a bug for me so try upgrading the IOS to the latest one in 12.2 series to 12.2.46 or move to 12.3 train and it should work for you.

Otherwise you can create a bogus vlan on the trunkport to tag all the vlans on the trunkport and it should for you as well.

HTH,Please rate all the posts that helped.

-amit singh

fsoffia Wed, 07/11/2007 - 08:01
User Badges:

hi amit,

the bug is in cat2960 ios or cisco2610 ios ?

For me it's cat2960 that works wrong !

I think that trunk native vlan tagging "administratively enabled" isn't a good thing.

One would choose if tagging or not the native vlan !

DO you agree

best regards


Amit Singh Wed, 07/11/2007 - 09:05
User Badges:
  • Cisco Employee,


The Bug is on the 2610 router end. Cisco's implemetation for native vlan tagging has been the same over a period of time. Its only Cisco's implementation which uses native vlan on the trunkports, IEEE implementation doesnot use that.I think upgrading the IOS on 2610 should resolve the issue. Try uploading it and update us on this.

HTH,Please rate if it does.

-amit singh

fsoffia Fri, 07/13/2007 - 07:01
User Badges:

hi amit

excuse me

It's first time I work with cat2960...

With cat2950 I never had this problem of native vlan tagging on trunk 802.1q with cisco routers.

I never used the tag for native vlan 1 !!!

Or I never saw that thing or it's new on cat2960.

If cisco switches always tag the native vlan by default, do you mean that the tag is negotiated between switch and router on the other end, and if the router does not tag the vlan 1 so the switch disable vlan 1 tagging.

If the router tags vlan 1 on the switch it's the default behaviour.

But in this case the ROUTER does NOT negotiate tagging with cat2960 switch ?

Is it right ?

I don't know that cisco implementation is not like IEEE standard.

I know that ISL is cisco proprietary trunking but not 802.1q.

Could you explain me better or give me a reference doc ?

best regards



This Discussion