cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
13459
Views
5
Helpful
8
Replies

trunk allowed vlan VS native vlan

ney25
Level 2
Level 2

Hi ,

can any netpro share with me what are the difference between trun allowed vlan and native vlan .

your reply will be highly appreciated.

thanks.

regards,

jack

1 Accepted Solution

Accepted Solutions

Jack

Firstly you need to decide whether you want to run the link as a trunk link or not. If you do then do as Narayan says and configure switch 2 port as a trunk.

If you don't then as Edison has said, switch 2 will send vlan 269 packets only down the link and these will not be tagged because switch 2 port is configured as an access port and not a trunk port. Packets sent down an access port are not tagged.

So if you want to remove the error message you will have to make the native vlan (ie. the untagged vlan) on the trunk port of switch 1 to be vlan 269. That is the only vlan you can use because that is the only vlan coming down the link from switch 2.

I would recommend deciding whether or not you want this link between the 2 switches to act as a trunk link or not.

HTH

Jon

View solution in original post

8 Replies 8

Jon Marshall
Hall of Fame
Hall of Fame

Hi Jack

The native vlan is the vlan that is not tagged with a vlan ID on an 802.1q trunk. All other vlans traversing the trunk are tagged with a vlan ID.

Using the trunk allowed command lets you specify exactly which vlans are allowed over the trunk link, if they aren't in the list the vlan traffic will not go over the link.

HTH

Jon

Hi Jon,

thanks for reply. ok, i understand but i still dont know why the below problem occurred.

%CDP-4-NATIVE_VLAN_MISMATCH: Native VLAN mismatch discovered on GigabitEthernet9/27 (1), with SW02 GigabitEthernet9/38 (269).

basically , my vlan 269 is layer 2 vlan (without ip address).

switch01 :

interface GigabitEthernet9/27

no ip address

speed 1000

duplex full

switchport

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 64,72,264,268

switchport mode trunk

end

switch02:

interface GigabitEthernet9/38

no ip address

speed 1000

duplex full

switchport

switchport access vlan 269

switchport mode access

spanning-tree portfast

end

can anybody explain to me why ? what went wrong ?

your reply will be highly appreciated.

thanks.

regards,

Jack

Switch 02 is set to access mode for VLAN 269, therefore it will only send/receive untagged packets for VLAN 269.

Switch 01 is set to trunk without any native VLAN configuration, so it defaults to VLAN 1. In turn, this create a native VLAN mismatch.

Switch 01 sends untagged packets with VLAN 1 and Switch 02 sends untagged packets with VLAN 269.

You must enter the native vlan command for the trunk on Switch 01 for VLAN 269.

Jack,

I think you have a connection between the switches suing the above ports and your trunk configuration is inconsistent.

Gi9/27 is configured as a trunk and it is using VLAN1 by default as your native vlan

on the other hand g9/38, the port is configured as a static access port.

I suggest you configure the following on switch2

interface GigabitEthernet9/38

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 64,72,264,268

switchport mode trunk

swithcport access vlan 1

HTH

Narayan

hi ,

thanks for your prompt replied.

basically, that's no any VLAN 1 in my network because, i have shut down the int vlan 1.

Then as edison suggested configure native vlan as 269 on switch01 and remove the switchport mode access command from sw2.

Narayan

Hi Narayan,

thanks for reply.

would you mind to share with me why we should use native vlan for vlan269 (as i mentioned vlan 269 is layer 2 vlan which is private vlan).

kindly correctly me . thanks a lot

regards,

Jack

Jack

Firstly you need to decide whether you want to run the link as a trunk link or not. If you do then do as Narayan says and configure switch 2 port as a trunk.

If you don't then as Edison has said, switch 2 will send vlan 269 packets only down the link and these will not be tagged because switch 2 port is configured as an access port and not a trunk port. Packets sent down an access port are not tagged.

So if you want to remove the error message you will have to make the native vlan (ie. the untagged vlan) on the trunk port of switch 1 to be vlan 269. That is the only vlan you can use because that is the only vlan coming down the link from switch 2.

I would recommend deciding whether or not you want this link between the 2 switches to act as a trunk link or not.

HTH

Jon

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: