trunk allowed vlan VS native vlan

Answered Question
Jul 4th, 2007
User Badges:

Hi ,


can any netpro share with me what are the difference between trun allowed vlan and native vlan .


your reply will be highly appreciated.


thanks.


regards,

jack

Correct Answer by Jon Marshall about 9 years 9 months ago

Jack


Firstly you need to decide whether you want to run the link as a trunk link or not. If you do then do as Narayan says and configure switch 2 port as a trunk.


If you don't then as Edison has said, switch 2 will send vlan 269 packets only down the link and these will not be tagged because switch 2 port is configured as an access port and not a trunk port. Packets sent down an access port are not tagged.


So if you want to remove the error message you will have to make the native vlan (ie. the untagged vlan) on the trunk port of switch 1 to be vlan 269. That is the only vlan you can use because that is the only vlan coming down the link from switch 2.


I would recommend deciding whether or not you want this link between the 2 switches to act as a trunk link or not.


HTH


Jon

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
Jon Marshall Wed, 07/04/2007 - 19:18
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Hi Jack


The native vlan is the vlan that is not tagged with a vlan ID on an 802.1q trunk. All other vlans traversing the trunk are tagged with a vlan ID.


Using the trunk allowed command lets you specify exactly which vlans are allowed over the trunk link, if they aren't in the list the vlan traffic will not go over the link.


HTH


Jon

ney25 Wed, 07/04/2007 - 20:16
User Badges:

Hi Jon,


thanks for reply. ok, i understand but i still dont know why the below problem occurred.


%CDP-4-NATIVE_VLAN_MISMATCH: Native VLAN mismatch discovered on GigabitEthernet9/27 (1), with SW02 GigabitEthernet9/38 (269).


basically , my vlan 269 is layer 2 vlan (without ip address).


switch01 :

interface GigabitEthernet9/27

no ip address

speed 1000

duplex full

switchport

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 64,72,264,268

switchport mode trunk

end


switch02:

interface GigabitEthernet9/38

no ip address

speed 1000

duplex full

switchport

switchport access vlan 269

switchport mode access

spanning-tree portfast

end


can anybody explain to me why ? what went wrong ?


your reply will be highly appreciated.


thanks.


regards,

Jack

Edison Ortiz Wed, 07/04/2007 - 20:41
User Badges:
  • Super Bronze, 10000 points or more
  • Hall of Fame,

    Founding Member

Switch 02 is set to access mode for VLAN 269, therefore it will only send/receive untagged packets for VLAN 269.


Switch 01 is set to trunk without any native VLAN configuration, so it defaults to VLAN 1. In turn, this create a native VLAN mismatch.


Switch 01 sends untagged packets with VLAN 1 and Switch 02 sends untagged packets with VLAN 269.


You must enter the native vlan command for the trunk on Switch 01 for VLAN 269.

royalblues Wed, 07/04/2007 - 20:44
User Badges:
  • Green, 3000 points or more

Jack,


I think you have a connection between the switches suing the above ports and your trunk configuration is inconsistent.


Gi9/27 is configured as a trunk and it is using VLAN1 by default as your native vlan

on the other hand g9/38, the port is configured as a static access port.


I suggest you configure the following on switch2

interface GigabitEthernet9/38

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 64,72,264,268

switchport mode trunk

swithcport access vlan 1


HTH

Narayan


ney25 Wed, 07/04/2007 - 20:48
User Badges:

hi ,


thanks for your prompt replied.


basically, that's no any VLAN 1 in my network because, i have shut down the int vlan 1.



royalblues Wed, 07/04/2007 - 21:17
User Badges:
  • Green, 3000 points or more

Then as edison suggested configure native vlan as 269 on switch01 and remove the switchport mode access command from sw2.


Narayan

ney25 Wed, 07/04/2007 - 21:39
User Badges:

Hi Narayan,


thanks for reply.


would you mind to share with me why we should use native vlan for vlan269 (as i mentioned vlan 269 is layer 2 vlan which is private vlan).


kindly correctly me . thanks a lot


regards,

Jack


Correct Answer
Jon Marshall Wed, 07/04/2007 - 22:37
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Jack


Firstly you need to decide whether you want to run the link as a trunk link or not. If you do then do as Narayan says and configure switch 2 port as a trunk.


If you don't then as Edison has said, switch 2 will send vlan 269 packets only down the link and these will not be tagged because switch 2 port is configured as an access port and not a trunk port. Packets sent down an access port are not tagged.


So if you want to remove the error message you will have to make the native vlan (ie. the untagged vlan) on the trunk port of switch 1 to be vlan 269. That is the only vlan you can use because that is the only vlan coming down the link from switch 2.


I would recommend deciding whether or not you want this link between the 2 switches to act as a trunk link or not.


HTH


Jon

Actions

This Discussion