cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1532
Views
0
Helpful
5
Replies

Native VLAN question

Andy White
Level 3
Level 3

Hi,

I've connected 3 x 3560 switches in a lab.  Switch 1 is in VTP server mode and the other 2 are clients and the VTP domain is working fine.

On switch 1 I have set the trunk to switch 2 to use native vlan 99 and on all the other trunk ports on each switch I have not set this to purposely create a native VLAN mismatch.  I have created VLAN 50, 60 & 70 on the server switch (switch1).  Now I would assume that if there is a native VLAN mismatch on the first trunk between switch 1 & 2 then the client switches 2 & 3 wouldn't get the VLAN info created on the server switch?  I have put a PC in VLAN 50 on switch 1 and switch 3 and they can ping each other.

And I misunderstanding what the Native VLAN does?

5 Replies 5

Giuseppe Larosa
Hall of Fame
Hall of Fame

Hello Andy,

a native vlan mismatch will cause problems between vlan 99 and vlan1 for IP connectivity

VTP messages are probably sent with  vlan tag 802.1Q and vlan-id =1 or are processed by switch2 in any case after having detected they are VTP frames.

We have noticed that even if we don't permit vlan1 on trunk ports VTP messages are able to propagate.

A common explanation of this is that we are blocking only user traffic in vlan1 by not permitting it.

Once VTP messages are able to propagate you have no issues on new vlans 50,60 and so on.

A local span session on Switch1 could show us how the VTP frames are actually sent on the wire.

see the following useful document that provides details about L2 signalling protocols

http://www.cisco.com/en/US/products/hw/switches/ps700/products_white_paper09186a00801b49a4.shtml

>> In summary, note this information about trunks:

  • CDP, VTP, and PAgP updates are always forwarded on trunks with a VLAN           1 tag. This is the case even if VLAN 1 has been cleared from the trunks and is           not the native VLAN. If you clear VLAN 1 for user data, the action has no           impact on control plane traffic that is still sent with the use of VLAN           1.

Hope to help

Giuseppe

Thanks for your reply, so VTP messages are recieved regardless of what the Native VLAN has been set to, a switch will recieve the VTP info and just process it?

Would it just mean that users on VLAN 1 on switch 1 (server) would not be able to communicate with users on VLAN 1 on switch 2 (client)?

Just one last thing, I want to create a spanning tree loop between these 3 switches to see how ports block etc, I tried just adding a second cable between switch 2 and 3 (both client) and nothing happened, then I tried to set it as a trunk, so I have 2 trunks configure between them, I though this would of created a loop?  I'm not sure of the best command to check, a "sh ip int bri" showed that all the ports were up.  

Hello Andy,

>> Would it just mean that users on VLAN 1 on switch 1 (server) would not be able to communicate with users on VLAN 1 on switch 2 (client)?

yes, this could be a way to see native vlan mismatch in action

>> I want to create a spanning tree loop between these 3 switches

I hope you are in a lab otherwise this can be a serious problem

actually, what you did demonstrates that STP is working preventing loops

the correct show commands to be used are those related to STP: STP blocking state doesn't mean you should expect to see the port down at OSI layer1.

It is a logical state

show spanning-tree interface type x/y

do it on the switch that is not root bridge. One of the ports will be in STP blocking state for all vlans permitted on the trunk.

to create an STP loop you should use commands like

conf t

int type x/y

spanning-tree bpdu-filter enable

on both sides in interface mode

you then connect the ports with a cable the command above block STP messages and so the switches cannot detect each other and a loop can form.

Warning: do this only if you are in a lab environment. Don't do it if this a production network.

to break the loop you can:

shut a port of the link with STP bdpu filter enable (if you still can control the switches ....) or you will need to unplug  the cable on that link

Hope to help

Giuseppe

Should the switch display any spanning tree errors in the CLI when it detects a spanning tree loop, do I need to turn logging on?

Not sure if it's my IOS, this is all I see:

Switch3(config)#
Switch3(config)#interface fastethernet 0/2
Switch3(config-if)#span
Switch3(config-if)#spanning-tree ?
  guard      Change an interface's spanning tree guard mode
  link-type  Specify a link type for spanning tree protocol use
  portfast   Enable an interface to move directly to forwarding on link up
  vlan       VLAN Switch Spanning Tree
Switch3(config-if)#spanning-tree
Switch3#

Hello Andy,

http://www.cisco.com/en/US/docs/switches/lan/catalyst3560/software/release/12.2_44_se/configuration/guide/swstpopt.html#wp1033638

spanning-tree bpdufilter enable

otherwise you need to disable the STP instance for a specific vlan and to put the port in that vlan

no spanning-tree vlan X

Hope to help

Giuseppe

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco