Hello good day,
We have a bit of a problem here.
We have setup a Ring network of Cisco Industrial Switches (managed, Stratix 8000).
The Trunk lines on this Ring are working.
The security is done by VLAN segmentation.
All the VLANs on this Ring are configured, all the ports are supposed to be access ports in their dedicated VLAN.
In this example, the end device(s) should be in VLAN 730.
We supposed that the clients always would be:
- End Devices (1 IP address)
- Unmanaged switches with some devices linked to them
I think static access ports with dedicated VLAN would be OK in that situation.
Now we see that some integrators (that put the end devices on the ring) use Managed Industrial Cisco switches, which they don't configure but they use them (all ports default VLAN 1). If such a switch connects to our Cisco Ring device, on the Static Access port, the port goes into "VLAN mismatch" error, and the EIP mod LED start blinking Red.
It would be very hard for us to ask the integrator to configure all his managed switches, create the VLAN on them and set the line to Trunk.
I tried to set our port on Trunk Mode with native VLAN 730. That gave no error. But once I set that port also to "allow only VLAN 730", it gives the error again. Our security cannot depent on the settings of a switch managed by an integrator. We just want them to be only in VLAN 730, regardless of the configuration on their switch.
How could this be solved the easiest please, with minimal interferance for the integrator?
Thanks a lot.
EDIT: I configured both switch ports now to "static access" but I get the error "native VLAN mismatch on interfaces ... (730) and ... (1).
So no solution ... : (
Is your only issue now getting the native vlan mismatch? If so just turn off cdp on that link . If both are access links then that's just an informational message and doesn't hurt anything. If you need cdp on then just ignore the message.