From: Scott M Vermillion (scott_ccie_list@it-ag.com)
Date: Wed Oct 22 2008 - 19:49:44 ARST
Hey Mihai,
Yeah, the documentation sucks on the topic of native VLAN and Q-in-Q. I
don't think anything they have to say is technically incorrect - just
misleading. The example given always seems to draw your attention to what
the native VLAN of the customer trunk is, and that's not really the issue
(although it does have that little twist mentioned in the original thread).
In answer to your question about mismatched native VLANs between Cisco
switches, you can disable CDP (just to eliminate the "Native VLAN mismatch
discovered" errors - it's not strictly speaking necessary from what I can
see in my testing) and get the trunk to come up; a Cisco switch will accept
a tagged frame in the native VLAN but it will be (by default) putting
untagged traffic out on what *it* believes to be the native VLAN, which will
obviously be different on opposite ends of the link.
Even with CDP disabled and the trunk up, though, both of your mismatched
native VLANs are going to get put into "PVID Inconsistent" state by STP
(again, by default - more to follow). See here:
http://www.cisco.com/en/US/tech/tk389/tk621/technologies_tech_note09186a0080
1d11a0.shtml
I just ran a quick lab based on the simple SW1-SW2 mismatched VLAN example
from the above link. I left SW1 with VLAN1 as native and configured SW2
with VLAN2 as native. I also created the following SVIs:
Sw1 VLAN1: 1.0.0.1 255.255.255.0
Sw2 VLAN1: 1.0.0.2 255.255.255.0
Sw1 VLAN2: 2.0.0.1 255.255.255.0
Sw2 VLAN2: 2.0.0.2 255.255.255.0
Sw1 VLAN3: 3.0.0.1 255.255.255.0
Sw2 VLAN3: 3.0.0.2 255.255.255.0
The only physical port between these two switches is Fa0/7 and it is
trunking dot1q. Here is the result from Sw1's perspective:
SW1#sh cdp
% CDP is not enabled
SW1#sh int trunk | inc trunking
Fa0/7 on 802.1q trunking 1
SW1#sh vl b | exc unsup
VLAN Name Status Ports
---- -------------------------------- ---------
-------------------------------
1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4,
Fa0/5, Fa0/6, Fa0/8, Gi0/1
2 VLAN_2 active
3 VLAN_3 active
SW1#ping 1.0.0.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 1.0.0.2, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
SW1#ping 2.0.0.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2.0.0.2, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
SW1#ping 3.0.0.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 3.0.0.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/4/9 ms
SW1#sh span inconsistent
Name Interface Inconsistency
-------------------- ------------------------ ------------------
VLAN0001 FastEthernet0/7 Port VLAN ID Mismatch
VLAN0002 FastEthernet0/7 Port VLAN ID Mismatch
Number of inconsistent ports (segments) in the system : 2
SW1#sh span vl 1
VLAN0001
Spanning tree enabled protocol ieee
Root ID Priority 32769
Address 001c.f6ad.7d80
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32769 (priority 32768 sys-id-ext 1)
Address 001c.f6ad.7d80
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300
Interface Role Sts Cost Prio.Nbr Type
------------------- ---- --- --------- --------
--------------------------------
Fa0/7 Desg BKN*19 128.8 P2p *PVID_Inc
SW1#sh span vl 2
VLAN0002
Spanning tree enabled protocol ieee
Root ID Priority 32770
Address 001c.f6ad.7d80
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32770 (priority 32768 sys-id-ext 2)
Address 001c.f6ad.7d80
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300
Interface Role Sts Cost Prio.Nbr Type
------------------- ---- --- --------- --------
--------------------------------
Fa0/7 Desg BKN*19 128.8 P2p *PVID_Inc
SW1#sh span vl 3
VLAN0003
Spanning tree enabled protocol ieee
Root ID Priority 32771
Address 001c.f6ad.7d80
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32771 (priority 32768 sys-id-ext 3)
Address 001c.f6ad.7d80
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300
Interface Role Sts Cost Prio.Nbr Type
------------------- ---- --- --------- --------
--------------------------------
Fa0/7 Desg FWD 19 128.8 P2p
Now here's the fun part:
SW2(config)#vlan dot tag nat
SW1(config)#vlan dot tag nat
*Mar 2 20:14:07.719: %SPANTREE-2-UNBLOCK_CONSIST_PORT: Unblocking
FastEthernet0/7 on VLAN
0002. Port consistency restored.
*Mar 2 20:14:07.719: %SPANTREE-2-UNBLOCK_CONSIST_PORT: Unblocking
FastEthernet0/7 on VLAN
0001. Port consistency restored.
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2.0.0.2, timeout is 2 seconds:
...!!
Success rate is 40 percent (2/5), round-trip min/avg/max = 1/5/9 ms
SW1(config)#do ping 2.0.0.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2.0.0.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/3/8 ms
SW1(config)#do ping 1.0.0.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 1.0.0.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
SW1#sh span vl 1
VLAN0001
Spanning tree enabled protocol ieee
Root ID Priority 32769
Address 001c.f6ad.7d80
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32769 (priority 32768 sys-id-ext 1)
Address 001c.f6ad.7d80
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300
Interface Role Sts Cost Prio.Nbr Type
------------------- ---- --- --------- --------
--------------------------------
Fa0/7 Desg FWD 19 128.8 P2p
SW1#sh span vl 2
VLAN0002
Spanning tree enabled protocol ieee
Root ID Priority 32770
Address 001c.f6ad.7d80
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32770 (priority 32768 sys-id-ext 2)
Address 001c.f6ad.7d80
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300
Interface Role Sts Cost Prio.Nbr Type
------------------- ---- --- --------- --------
--------------------------------
Fa0/7 Desg FWD 19 128.8 P2p
SW1#sh span vl 3
VLAN0003
Spanning tree enabled protocol ieee
Root ID Priority 32771
Address 001c.f6ad.7d80
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32771 (priority 32768 sys-id-ext 3)
Address 001c.f6ad.7d80
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300
Interface Role Sts Cost Prio.Nbr Type
------------------- ---- --- --------- --------
--------------------------------
Fa0/7 Desg FWD 19 128.8 P2p
And finally:
SW2(config)# cdp run
SW1(config)#cdp run
SW1(config)#
*Mar 2 20:25:56.455: %CDP-4-NATIVE_VLAN_MISMATCH: Native VLAN mismatch
discovered on Fast
Ethernet0/7 (1), with SW2 FastEthernet0/7 (2).
SW1(config)#end
SW1#ping 1.
*Mar 2 20:35:04.919: %SYS-5-CONFIG_I: Configured from console by console
SW1#ping 1.0.0.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 1.0.0.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/3/8 ms
SW1#ping 2.0.0.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2.0.0.2, timeout is 2 seconds:
..!!!
Success rate is 60 percent (3/5), round-trip min/avg/max = 1/3/8 ms
SW1#
*Mar 2 20:35:27.267: %CDP-4-NATIVE_VLAN_MISMATCH: Native VLAN mismatch
discovered on Fast
Ethernet0/7 (1), with SW2 FastEthernet0/7 (2).
So the moral of the story is that you can do this, but you'll likely want to
shut CDP up and you'll need to deal with STP inconsistency by tagging the
native VLAN (or doing something more drastic).
Now why you would want to do this is another matter altogether...
;~)
Cheers,
Scott(1)
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
mihai.grigore@onlinehome.de
Sent: Wednesday, October 22, 2008 12:47 PM
To: ccielab@groupstudy.com
Subject: Re: Re: Vlan dot1q tag Native
Guys,
GREAT EXPLANATION !! Worth much more than the one in DOCCD... I read that
one
several times but did not get it... Now, I feel better about the native
vlan.
I have a question though: is it possible to configure different native VLANs
on
the ends of a trunk between Cisco switches ?
As far as I could see in the lab, as soon as I configure one end, the trunk
is
brought down and an error message pops up, something like: "native VLAN
mismatch... bringing down the trunk".
After I configure the SAME native vlan on the other end of the trunk, this
comes up. As far as I know, this is transmitted via CDP.
I guess scenario 3 does not work with Cisco switches. Maybe between Cisco
and
non-Cisco or between non-Ciscos...
TIA, Mihai
Blogs and organic groups at http://www.ccie.net
This archive was generated by hypermail 2.1.4 : Sat Nov 01 2008 - 15:35:22 ARST