Skip to main content

Native VLAN Mismatches.

By

Error#1

Lets assume that one of the workstations on the network (PC 5) cannot connect to the internal web server WEB/TFTP, lets use the figure below as an example of a switched network, the first place you start will be at the Switch 2 to check if VLANs are properly configured. Looking at the diagram, switch port fa0/3 on Switch 2 is configured as a trunk port. 

Oct 27 12:16:29.352 EET: %CDP-4-NATIVE_VLAN_MISMATCH: Native VLAN mismatch discovered on GigabitEthernet2/6 (2), with sw-el0 GigabitEthernet0/8 (1).

  When you connect to switch S2, if there is an error on the switch port, it will appear on your console window, in this case there is and it looks like this:

        S2#
        #CDP-4-NATIVE VLAN_MISMATCH: Native VLAN mismatch discovered on
         FastEthernet0/3  (100), with S1  FastEthernet0/3  (99).


Using the show interfaces fa0/3 switchport command will display connectivity detail on the port.

e.g

        S2# show interfaces fa0/3 switchport
        Name:  fa0/3
        Switchport:  Enabled
        Administrative Mode:  trunk
        Operational Mode:  trunk
        Administrative Trunking Encapsulation:  dot1q
        Operational Trunking Encapsulation:  dot1q
        Nagotiation of Trunking:  On
        Access Mode VLAN:  1 (default)
        Trunking Native Mode VLAN: 100 (Inactive)
        …
        Trunking VLANs Enabled:  10,  99

                              …

Looking at the above detail, you will notice that the native VLAN has been set to VLAN 100 and it is inactive.
 As you look further down the output, you see that the allowed VLANs are 10 and 99.
To sum it up, this is a case of a mismatched native VLAN



The solution:

 You need to reconfigure the native VLAN on the Fast Ethernet F0/3 trunk port to be VLAN 99.  e.g


    S2#config t
    S2#interface fa0/3
    S2#switchport trunk native vlan 99
    S2#end
    

After you have done that, use the show interfaces fa0/3 switchport confirm you configuration.

And use the Ping to confirm connectivity with the server.  e.g.

    PC5> ping 192.168.10.30
    Pinging 192.168.10.30 with 32 bytes of data:
    Reply from 192.168.10.30: bytes-32 times-147ms TT-128
    Reply from 192.168.10.30: bytes-32 times-147ms TT-128
    Reply from 192.168.10.30: bytes-32 times-147ms TT-128
    ...

 The screen output for the computer PC5 shows that connectivity has been restored to the WEB/TFTP server found at IP address 192.168.10.30.

This Article has been taken from http://www.orbit-computer-solutions.com/Native-VLAN-Mismatches.php
When you connect to switch S2, if there is an error on the switch port, it will appear on your console window, in this case there is and it looks like this:
S2#
#CDP-4-NATIVE VLAN_MISMATCH: Native VLAN mismatch discovered on
 FastEthernet0/3  (100), with S1  FastEthernet0/3  (99).
 
Using the show interfaces fa0/3 switchport command will display connectivity detail on the port.
 
e.g
S2# show interfaces fa0/3 switchport
Name:  fa0/3
Switchport:  Enabled
Administrative Mode:  trunk
Operational Mode:  trunk
Administrative Trunking Encapsulation:  dot1q
Operational Trunking Encapsulation:  dot1q
Nagotiation of Trunking:  On
Access Mode VLAN:  1 (default)
Trunking Native Mode VLAN: 100 (Inactive)
Trunking VLANs Enabled:  10,  99
                              …
 
Looking at the above detail, you will notice that the native VLAN has been set to VLAN 100 and it is inactive.
 As you look further down the output, you see that the allowed VLANs are 10 and 99.
To sum it up, this is a case of a mismatched native VLAN
 
 
 

The solution:

 
 You need to reconfigure the native VLAN on the Fast Ethernet F0/3 trunk port to be VLAN 99.  e.g
 
S2#config t
S2#interface fa0/3
S2#switchport trunk native vlan 99
S2#end
 
After you have done that, use the show interfaces fa0/3 switchport confirm you configuration.
And use the Ping to confirm connectivity with the server.  e.g.
PC5> ping 192.168.10.30
Pinging 192.168.10.30 with 32 bytes of data:
Reply from 192.168.10.30: bytes-32 times-147ms TT-128
Reply from 192.168.10.30: bytes-32 times-147ms TT-128
Reply from 192.168.10.30: bytes-32 times-147ms TT-128
...
 The screen output for the computer PC5 shows that connectivity has been restored to the WEB/TFTP server found at IP address 192.168.10.30.
- See more at: http://www.orbit-computer-solutions.com/Native-VLAN-Mismatches.php#sthash.nYrDvqdI.dpuf
Error#1
Lets assume that one of the workstations on the network (PC 5) cannot connect to the internal web server WEB/TFTP, lets use the figure below as an example of a switched network, the first place you start will be at the Switch 2 to check if VLANs are properly configured. Looking at the diagram, switch port fa0/3 on Switch 2 is configured as a trunk port.     
- See more at: http://www.orbit-computer-solutions.com/Native-VLAN-Mismatches.php#sthash.nYrDvqdI.dpuf
Error#1
Lets assume that one of the workstations on the network (PC 5) cannot connect to the internal web server WEB/TFTP, lets use the figure below as an example of a switched network, the first place you start will be at the Switch 2 to check if VLANs are properly configured. Looking at the diagram, switch port fa0/3 on Switch 2 is configured as a trunk port.     
- See more at: http://www.orbit-computer-solutions.com/Native-VLAN-Mismatches.php#sthash.nYrDvqdI.dpuf

Comments

Post a Comment

Popular posts from this blog

Schedule Automatic backup config in Cisco Nexus

By
Schedule Automatic backup config in Cisco Nexus Nexus-Sw1(config)#feature scheduler   //Enable scheduler service in Nexus Nexus-Sw1(config)#scheduler job name backup-daily      // Job Name Nexus-Sw1(config)#scheduler aaa-authentication username abcd password abcd@123     // AAA - Authentication for Job created above (If AAA configured) Nexus-Sw1(config)#scheduler job name backup-daily copy running-config tftp://192.168.1.23/$(SWITCHNAME)-cfg.$(TIMESTAMP)         //IP of TFTP SERVER , file will saved with switch name and timestamp exit Nexus-Sw1(config)#scheduler schedule name backup-daily   // Setup Schedule to run for the JOB Nexus-Sw1(config-schedule)# time ?   daily    Specify a daily schedule   monthly  Specify a monthly schedule   start    Specify a future time schedule   weekly   Specify a weekly schedule...
Post a Comment
Read more

Duplicate IP Address has been Detected Rule

By
A duplicate IP address has been detected on the network Rule Knowledgebase Summary This rule generates an alert when Windows® detects that he local machine’s IP address is in conflict with one or more identical IP addresses on the network. Until the IP address conflict is resolved, remote clients and applications may have difficulty accessing resources on any of the effected computers. Additionally, the local computer may not be able to access network resources. Related Events This rule generates an alert whenever the following events occur and are recorded in the System Event Log: The system detected an address conflict for IP address %2 with the system having network hardware address %3. The local interface has been disabled. Source: TCPIP; Event ID: 4198; The system detected an address conflict for IP address %2 with the system having network hardware address %3. The local interface has been disabled. Source: TCP...
1 comment
Read more

Shunned packet Error on Cisco ASA Firewall

By
           Shunning/Blocking on IPS for  ASA/PIX/IOS Router Configuration Example   Advanced Threat Detection feature – This feature does a bunch of things. It detects and alerts on activity that might be related to a Denial of Service attack or Scanning reconnaissance. Optionally, the ASA can automatically shun/block hosts that are detected as a scanning threat. Threat detection also can gather threat statistics for display on the new Firewall Dashboard inside the ASDM GUI. Top 10 graphs, charts, and lists for things like access list hits, services most used, and top IP SRC and IP DST hosts are tracked. On Cisco routers and Catalyst 6500 series switches, ARC creates blocks by applying ACLs or VACLs. ACLs and VACLs apply filters to interfaces, which includes direction, and VLANs, respectively in order to permit or deny traffic. . The PIX Firewall, FWSM, and ASA do not use ACLs or VACLs. The built-in shu...
1 comment
Read more