cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
163985
Views
30
Helpful
16
Replies

Changing the Native VLAN command?

stevec90
Level 1
Level 1

Can someone please refresh me as to what the command is to change the Native VLAN for the entire switch? (IE: not just on the trunk, I mean the default native for the entire switch). Thanks

2 Accepted Solutions

Accepted Solutions

Ganesh Hariharan
VIP Alumni
VIP Alumni
Can someone please refresh me as to what the command is to change the
Native VLAN for the entire switch? (IE: not just on the trunk, I mean
the default native for the entire switch). Thanks

Hi Steve,

By default, there is only a single VLAN for all ports. This VLAN is called default. You cannot rename or delete VLAN 1.

If you talk about a management VLAN is nothing more than a VLAN that is used for in-band management of your network switching devices.  In order to configure this on a switch you need to create a Switch Virtual Interface (SVI) that is mapped to that VLAN and then assign that virtual interface an IP address.  On a Cisco switch it would look like the following.

Interface Vlan99
ip address 192.168.1.1 255.255.255.0
no shut

I also want to make something very clear.  Your management VLAN does not have to be the same as your Native VLAN.  Matter of fact, it is good practice to make sure that they are different.  Your management VLAN should only carry in-band management traffic and should not be the default VLAN.  By in-band management traffic I am refering to SSH or telnet (although telnet is not recommended because it is not secure).  Traffic such as BPDUs, PagP, CDP, use the native VLAN that is vlan 1.But if you change the native vlan then CDP/VTP/PagP will still use vlan 1 but the packets will be tagged.Only DTP uses the native vlan so if you changed the native vlan then DTP would use the new vlan to send frames.With PVST+ BPDUs obviously run on all vlans.

Hope to Help !!

If helpful do rate the post

Ganesh.H

View solution in original post

Jon Marshall
Hall of Fame
Hall of Fame

stevec90@yahoo.com

Can someone please refresh me as to what the command is to change the Native VLAN for the entire switch? (IE: not just on the trunk, I mean the default native for the entire switch). Thanks

Steve

In addition to Ganesh's reply.

The native vlan is only relevant on an 802.1q trunk link. It is simply the vlan that does not have an 802.1q tag in the frames. And each trunk link can use a different native vlan although obviously this isn't recommended. So there is no global command to change the native vlan because it is trunk specific.

Jon

View solution in original post

16 Replies 16

Ganesh Hariharan
VIP Alumni
VIP Alumni
Can someone please refresh me as to what the command is to change the
Native VLAN for the entire switch? (IE: not just on the trunk, I mean
the default native for the entire switch). Thanks

Hi Steve,

By default, there is only a single VLAN for all ports. This VLAN is called default. You cannot rename or delete VLAN 1.

If you talk about a management VLAN is nothing more than a VLAN that is used for in-band management of your network switching devices.  In order to configure this on a switch you need to create a Switch Virtual Interface (SVI) that is mapped to that VLAN and then assign that virtual interface an IP address.  On a Cisco switch it would look like the following.

Interface Vlan99
ip address 192.168.1.1 255.255.255.0
no shut

I also want to make something very clear.  Your management VLAN does not have to be the same as your Native VLAN.  Matter of fact, it is good practice to make sure that they are different.  Your management VLAN should only carry in-band management traffic and should not be the default VLAN.  By in-band management traffic I am refering to SSH or telnet (although telnet is not recommended because it is not secure).  Traffic such as BPDUs, PagP, CDP, use the native VLAN that is vlan 1.But if you change the native vlan then CDP/VTP/PagP will still use vlan 1 but the packets will be tagged.Only DTP uses the native vlan so if you changed the native vlan then DTP would use the new vlan to send frames.With PVST+ BPDUs obviously run on all vlans.

Hope to Help !!

If helpful do rate the post

Ganesh.H

Jon Marshall
Hall of Fame
Hall of Fame

stevec90@yahoo.com

Can someone please refresh me as to what the command is to change the Native VLAN for the entire switch? (IE: not just on the trunk, I mean the default native for the entire switch). Thanks

Steve

In addition to Ganesh's reply.

The native vlan is only relevant on an 802.1q trunk link. It is simply the vlan that does not have an 802.1q tag in the frames. And each trunk link can use a different native vlan although obviously this isn't recommended. So there is no global command to change the native vlan because it is trunk specific.

Jon

Thanks for the replies and great explanation.

Hi

While on this topic. I have been trying to trunk to 2960 switches and can't seem to get a proper connection. I am using packet tacer. The 1st switch already has a trunk port going to a router and the router has port is trunked and has sub ints for each of vlans 2 and 3 and each sub trunk has respective  native encap vlan configured. My management vlan is vlan 3. And I don't have an int vlan1 only int vlan 3. The router and the 1st siwtch work fine. But now I am trying to get another trunk port with second switch. I configured both ints for trunking using native vlan 1. Now the links are in up state but both ends are not leds green, one is orange. And I have only int vlan 3 as with other switch and ip in same subnet as managment ip but cannot ping. Strange thing vtp info can pass but no connection to other switch vlans and router etc, only local connectivity. Plz help, below is the configs of the rotuer and two switches. It is switch 1 that is giving me beans to connect to the rest.

Router0

version 12.2
no service timestamps log datetime msec
no service timestamps debug datetime msec
service password-encryption
!
hostname RouterA
!
!
!
enable secret 5 $1$mERr$hx5rVt7rPNoS4wqbXKX7m0
!
!
!
!
username admin secret 5 $1$mERr$vPOtdREpWgzFVVY37SB2h/
!
!
!
!
!
ip name-server 0.0.0.0
!
!
!
!
!
!
interface Loopback0
description management
ip address 192.168.1.1 255.255.255.0
!
interface Loopback1
ip address 192.168.2.1 255.255.255.224
!
interface FastEthernet0/0
no ip address
duplex auto
speed auto
!
interface FastEthernet0/0.1
encapsulation dot1Q 1 native
ip address 192.168.3.1 255.255.255.0
!
interface FastEthernet0/0.2
encapsulation dot1Q 2
ip address 10.5.0.1 255.255.255.0
!
interface FastEthernet0/0.3
encapsulation dot1Q 3
ip address 192.168.4.1 255.255.255.0
!
interface FastEthernet0/1
description management
no ip address
duplex auto
speed auto
!
interface Serial0/0
ip address 172.16.1.1 255.255.255.252
!
interface Serial0/1
no ip address
!
interface FastEthernet1/0
no ip address
duplex auto
speed auto
!
interface FastEthernet1/1
no ip address
duplex auto
speed auto
!
router rip
version 2
network 172.16.0.0
network 192.168.1.0
network 192.168.2.0
no auto-summary
!
ip classless
!
!
access-list 1 permit 192.168.4.0 0.0.0.255
access-list 1 permit host 192.168.4.2
!
!
!
!
!
!
!
line con 0
line vty 0 4
access-class 1 in
password 7 08316C5D1A2E5505165A
login
!
!
!
end

Switch 0 (connected to Router 0)

version 12.2
no service timestamps log datetime msec
no service timestamps debug datetime msec
service password-encryption
!
hostname SwitchA
!
no logging console
enable secret 5 $1$mERr$hx5rVt7rPNoS4wqbXKX7m0
!
ip name-server 0.0.0.0
!
username admin password 7 08651D0A043C3705561E0B54322E2B3C2B063137324232064274
!
spanning-tree portfast default
!
interface FastEthernet0/1
!
interface FastEthernet0/2
!
interface FastEthernet0/3
!
interface FastEthernet0/4
!
interface FastEthernet0/5
switchport access vlan 3
!
interface FastEthernet0/6
switchport access vlan 3
!
interface FastEthernet0/7
!
interface FastEthernet0/8
!
interface FastEthernet0/9
!
interface FastEthernet0/10
!
interface FastEthernet0/11
!
interface FastEthernet0/12
!
interface FastEthernet0/13
switchport access vlan 2
!
interface FastEthernet0/14
switchport access vlan 2
!
interface FastEthernet0/15
switchport access vlan 2
!
interface FastEthernet0/16
switchport access vlan 2
!
interface FastEthernet0/17
switchport access vlan 2
!
interface FastEthernet0/18
switchport mode trunk
!
interface FastEthernet0/19
switchport access vlan 2
switchport mode access
!
interface FastEthernet0/20
switchport access vlan 2
!
interface FastEthernet0/21
switchport access vlan 2
!
interface FastEthernet0/22
switchport mode access
!
interface FastEthernet0/23
switchport access vlan 2
!
interface FastEthernet0/24
switchport mode trunk
!
interface GigabitEthernet1/1
!
interface GigabitEthernet1/2
!
interface Vlan1
no ip address
!
interface Vlan3
ip address 192.168.4.10 255.255.255.0
!
ip default-gateway 192.168.4.1
!
!
access-list 1 permit 192.168.4.0 0.0.0.255
access-list 1 permit host 192.168.4.1
line con 0
!
line vty 0 4
access-class 1 in
password 7 08316C5D1A2E5505165A
login
line vty 5 15
login
!
!
end

Switch 1 (connected to Switch0) (This is the second switch which I cannot get connected to rest of network properly)

version 12.2
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname Switch
!
!
!
interface FastEthernet0/1
!
interface FastEthernet0/2
!
interface FastEthernet0/3
!
interface FastEthernet0/4
!
interface FastEthernet0/5
switchport access vlan 3
!
interface FastEthernet0/6
switchport access vlan 3
!
interface FastEthernet0/7
!
interface FastEthernet0/8
!
interface FastEthernet0/9
!
interface FastEthernet0/10
!
interface FastEthernet0/11
!
interface FastEthernet0/12
!
interface FastEthernet0/13
!
interface FastEthernet0/14
!
interface FastEthernet0/15
!
interface FastEthernet0/16
!
interface FastEthernet0/17
!
interface FastEthernet0/18
switchport mode trunk
!
interface FastEthernet0/19
!
interface FastEthernet0/20
!
interface FastEthernet0/21
!
interface FastEthernet0/22
!
interface FastEthernet0/23
!
interface FastEthernet0/24
!
interface GigabitEthernet1/1
!
interface GigabitEthernet1/2
!
interface Vlan1
no ip address
!
interface Vlan3
ip address 192.168.4.20 255.255.255.0
!
ip default-gateway 192.168.4.1
!
!
line con 0
!
line vty 0 4
login
line vty 5 15
login
!
!
end

Hiyo!

By no means would I say I'm a switch expert!  But I'd love to help if possible!  When I mocked up your configuration in Packet Tracer, I ran into the same problem.  Here is how I worked around it.

1.)  On one side of the trunk, issue the switchport mode dynamic desirable on the trunk interface and on the other, issue the switchport mode auto  command. 

2.)  If you want to keep your current config using the switchport mode trunk command, I think you need to issue a switchport encapsulation dot1q.

To help out with added security I would also add:

switchport trunk allowed vlan remove 2-1001

switchport trunk allowed vlan add 2-3

I'm not sure this is what you were looking for but hopefully it helps!

-Matt

Hi,

I tried what you said m8, but only brings up one side green. Links are indeed up but as I said no ping traffic passes. I recon this is a bug in packrt logic. I have tested this same setup on physical switches and works like it should with switchport mode trunk on both sides with two trunks on the switch0. Thanks for your input though

Hi,

I ran through your config & I can ping all the sub interfaces in the Router A from Switch B.

And both sides of trunks between swich A & Switch B are green.

And I attached the Packet Traser file for your reference.

Then you can double check & compare my config with your one.

Hope this one helps you.

Regards,

Dasuntha

Hi Dinesh,

What version packet tracer you compiled. Your file cannot open with packet tracer 4.1 and packet tracer 5.2

Also you say your using my config and it works. If so then it sounds buggy to me. Confirm and resend please, I would like to view those green lights. Thanks

Hi,

I m using packet traser version 5.3.

I think that's why you cant open it.

Anyway, I can confirm you that It's working fine.

I fully tested it.

Regards,

Dasuntha

Confirmed... Packet Tracer 5.3 = fully functional config exactly as you have it laid out! Congrats! Buggy PT?

-Matt

Date: Wed, 23 Jun 2010 07:07:58 -0600

From: supportforums-donotreply@cisco.com

To: newbs@hotmail.com

Subject: New message: "Changing the Native VLAN command?"

MattNewbs,

A new message was posted in the Discussion thread "Changing the Native VLAN command?":

https://supportforums.cisco.com/message/3125073#3125073

Author : Dasuntha Dinesh

Profile : https://supportforums.cisco.com/people/Dasuntha_Dinesh

Message:

I believe it may be a bug yes. I have 5.2.3 PT. Also crashes when overloaded and trying to converge. If my config works on physical devices with  similar setup, then logically it should be app problem. Can either of you send me 5.3 plz to my email address. Thanks m8

You can download Packet Traser 5.3 from below link.

http://hotfile.com/dl/40746344/98501c6/PacketTracer53_setup.rar.html

Regards,

Dasuntha

Hi Dasuntha ,

Thanks for link. As I installed 5.3 and opened up the tracer file from 5.2, the network converged in 2 secs and worked perfectly like it should.  Thanks for letting me know it worked all the time and my sanity was good. I had decided to make that lab just for so from scratch.

Packet Tracer 5.2 is buggy - DO NOT USE

Nice to hear that it's working from your side also.

PT 5.3 is much better...

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: