From: Narbik Kocharians (narbikk@gmail.com)
Date: Wed Oct 22 2008 - 21:35:11 ARST
Mihai,
But if the switch does NOT let you use mismatch Native VLANs, you could
always use the "Yersinia" to craft a frame with double tags, the first tag
could match the Native VLAN, where the second tag could be set based on the
destination VLAN. Now in this case the first switch will remove the tag and
the second switch will send it to the destination VLAN.
I hope this helped.
On Wed, Oct 22, 2008 at 2:49 PM, Scott M Vermillion <
scott_ccie_list@it-ag.com> wrote:
> Hey Mihai,
>
> Yeah, the documentation sucks on the topic of native VLAN and Q-in-Q. I
> don't think anything they have to say is technically incorrect - just
> misleading. The example given always seems to draw your attention to what
> the native VLAN of the customer trunk is, and that's not really the issue
> (although it does have that little twist mentioned in the original thread).
>
> In answer to your question about mismatched native VLANs between Cisco
> switches, you can disable CDP (just to eliminate the "Native VLAN mismatch
> discovered" errors - it's not strictly speaking necessary from what I can
> see in my testing) and get the trunk to come up; a Cisco switch will accept
> a tagged frame in the native VLAN but it will be (by default) putting
> untagged traffic out on what *it* believes to be the native VLAN, which
> will
> obviously be different on opposite ends of the link.
>
> Even with CDP disabled and the trunk up, though, both of your mismatched
> native VLANs are going to get put into "PVID Inconsistent" state by STP
> (again, by default - more to follow). See here:
>
>
> http://www.cisco.com/en/US/tech/tk389/tk621/technologies_tech_note09186a0080
> 1d11a0.shtml
>
>
> I just ran a quick lab based on the simple SW1-SW2 mismatched VLAN example
> from the above link. I left SW1 with VLAN1 as native and configured SW2
> with VLAN2 as native. I also created the following SVIs:
>
> Sw1 VLAN1: 1.0.0.1 255.255.255.0
> Sw2 VLAN1: 1.0.0.2 255.255.255.0
>
> Sw1 VLAN2: 2.0.0.1 255.255.255.0
> Sw2 VLAN2: 2.0.0.2 255.255.255.0
>
> Sw1 VLAN3: 3.0.0.1 255.255.255.0
> Sw2 VLAN3: 3.0.0.2 255.255.255.0
>
> The only physical port between these two switches is Fa0/7 and it is
> trunking dot1q. Here is the result from Sw1's perspective:
>
> SW1#sh cdp
> % CDP is not enabled
>
> SW1#sh int trunk | inc trunking
> Fa0/7 on 802.1q trunking 1
>
> SW1#sh vl b | exc unsup
>
> VLAN Name Status Ports
> ---- -------------------------------- ---------
> -------------------------------
> 1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4,
> Fa0/5, Fa0/6, Fa0/8, Gi0/1
> 2 VLAN_2 active
> 3 VLAN_3 active
> SW1#ping 1.0.0.2
>
> Type escape sequence to abort.
> Sending 5, 100-byte ICMP Echos to 1.0.0.2, timeout is 2 seconds:
> .....
> Success rate is 0 percent (0/5)
> SW1#ping 2.0.0.2
>
> Type escape sequence to abort.
> Sending 5, 100-byte ICMP Echos to 2.0.0.2, timeout is 2 seconds:
> .....
> Success rate is 0 percent (0/5)
> SW1#ping 3.0.0.2
>
> Type escape sequence to abort.
> Sending 5, 100-byte ICMP Echos to 3.0.0.2, timeout is 2 seconds:
> !!!!!
> Success rate is 100 percent (5/5), round-trip min/avg/max = 1/4/9 ms
>
> SW1#sh span inconsistent
>
> Name Interface Inconsistency
> -------------------- ------------------------ ------------------
> VLAN0001 FastEthernet0/7 Port VLAN ID Mismatch
> VLAN0002 FastEthernet0/7 Port VLAN ID Mismatch
>
> Number of inconsistent ports (segments) in the system : 2
>
> SW1#sh span vl 1
>
> VLAN0001
> Spanning tree enabled protocol ieee
> Root ID Priority 32769
> Address 001c.f6ad.7d80
> This bridge is the root
> Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
>
> Bridge ID Priority 32769 (priority 32768 sys-id-ext 1)
> Address 001c.f6ad.7d80
> Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
> Aging Time 300
>
> Interface Role Sts Cost Prio.Nbr Type
> ------------------- ---- --- --------- --------
> --------------------------------
> Fa0/7 Desg BKN*19 128.8 P2p *PVID_Inc
>
> SW1#sh span vl 2
>
> VLAN0002
> Spanning tree enabled protocol ieee
> Root ID Priority 32770
> Address 001c.f6ad.7d80
> This bridge is the root
> Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
>
> Bridge ID Priority 32770 (priority 32768 sys-id-ext 2)
> Address 001c.f6ad.7d80
> Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
> Aging Time 300
>
> Interface Role Sts Cost Prio.Nbr Type
> ------------------- ---- --- --------- --------
> --------------------------------
> Fa0/7 Desg BKN*19 128.8 P2p *PVID_Inc
>
> SW1#sh span vl 3
>
> VLAN0003
> Spanning tree enabled protocol ieee
> Root ID Priority 32771
> Address 001c.f6ad.7d80
> This bridge is the root
> Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
>
> Bridge ID Priority 32771 (priority 32768 sys-id-ext 3)
> Address 001c.f6ad.7d80
> Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
> Aging Time 300
>
> Interface Role Sts Cost Prio.Nbr Type
> ------------------- ---- --- --------- --------
> --------------------------------
> Fa0/7 Desg FWD 19 128.8 P2p
>
>
> Now here's the fun part:
>
>
> SW2(config)#vlan dot tag nat
>
> SW1(config)#vlan dot tag nat
> *Mar 2 20:14:07.719: %SPANTREE-2-UNBLOCK_CONSIST_PORT: Unblocking
> FastEthernet0/7 on VLAN
> 0002. Port consistency restored.
> *Mar 2 20:14:07.719: %SPANTREE-2-UNBLOCK_CONSIST_PORT: Unblocking
> FastEthernet0/7 on VLAN
> 0001. Port consistency restored.
>
> Type escape sequence to abort.
> Sending 5, 100-byte ICMP Echos to 2.0.0.2, timeout is 2 seconds:
> ...!!
> Success rate is 40 percent (2/5), round-trip min/avg/max = 1/5/9 ms
> SW1(config)#do ping 2.0.0.2
>
> Type escape sequence to abort.
> Sending 5, 100-byte ICMP Echos to 2.0.0.2, timeout is 2 seconds:
> !!!!!
> Success rate is 100 percent (5/5), round-trip min/avg/max = 1/3/8 ms
> SW1(config)#do ping 1.0.0.1
>
> Type escape sequence to abort.
> Sending 5, 100-byte ICMP Echos to 1.0.0.1, timeout is 2 seconds:
> !!!!!
> Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
>
>
> SW1#sh span vl 1
>
> VLAN0001
> Spanning tree enabled protocol ieee
> Root ID Priority 32769
> Address 001c.f6ad.7d80
> This bridge is the root
> Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
>
> Bridge ID Priority 32769 (priority 32768 sys-id-ext 1)
> Address 001c.f6ad.7d80
> Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
> Aging Time 300
>
> Interface Role Sts Cost Prio.Nbr Type
> ------------------- ---- --- --------- --------
> --------------------------------
> Fa0/7 Desg FWD 19 128.8 P2p
>
> SW1#sh span vl 2
>
> VLAN0002
> Spanning tree enabled protocol ieee
> Root ID Priority 32770
> Address 001c.f6ad.7d80
> This bridge is the root
> Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
>
> Bridge ID Priority 32770 (priority 32768 sys-id-ext 2)
> Address 001c.f6ad.7d80
> Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
> Aging Time 300
>
> Interface Role Sts Cost Prio.Nbr Type
> ------------------- ---- --- --------- --------
> --------------------------------
> Fa0/7 Desg FWD 19 128.8 P2p
>
> SW1#sh span vl 3
>
> VLAN0003
> Spanning tree enabled protocol ieee
> Root ID Priority 32771
> Address 001c.f6ad.7d80
> This bridge is the root
> Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
>
> Bridge ID Priority 32771 (priority 32768 sys-id-ext 3)
> Address 001c.f6ad.7d80
> Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
> Aging Time 300
>
> Interface Role Sts Cost Prio.Nbr Type
> ------------------- ---- --- --------- --------
> --------------------------------
> Fa0/7 Desg FWD 19 128.8 P2p
>
>
> And finally:
>
> SW2(config)# cdp run
>
> SW1(config)#cdp run
>
> SW1(config)#
> *Mar 2 20:25:56.455: %CDP-4-NATIVE_VLAN_MISMATCH: Native VLAN mismatch
> discovered on Fast
> Ethernet0/7 (1), with SW2 FastEthernet0/7 (2).
>
> SW1(config)#end
> SW1#ping 1.
> *Mar 2 20:35:04.919: %SYS-5-CONFIG_I: Configured from console by console
> SW1#ping 1.0.0.2
>
> Type escape sequence to abort.
> Sending 5, 100-byte ICMP Echos to 1.0.0.2, timeout is 2 seconds:
> !!!!!
> Success rate is 100 percent (5/5), round-trip min/avg/max = 1/3/8 ms
> SW1#ping 2.0.0.2
>
> Type escape sequence to abort.
> Sending 5, 100-byte ICMP Echos to 2.0.0.2, timeout is 2 seconds:
> ..!!!
> Success rate is 60 percent (3/5), round-trip min/avg/max = 1/3/8 ms
> SW1#
> *Mar 2 20:35:27.267: %CDP-4-NATIVE_VLAN_MISMATCH: Native VLAN mismatch
> discovered on Fast
> Ethernet0/7 (1), with SW2 FastEthernet0/7 (2).
>
> So the moral of the story is that you can do this, but you'll likely want
> to
> shut CDP up and you'll need to deal with STP inconsistency by tagging the
> native VLAN (or doing something more drastic).
>
> Now why you would want to do this is another matter altogether...
>
> ;~)
>
> Cheers,
>
> Scott(1)
>
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
> mihai.grigore@onlinehome.de
> Sent: Wednesday, October 22, 2008 12:47 PM
> To: ccielab@groupstudy.com
> Subject: Re: Re: Vlan dot1q tag Native
>
> Guys,
>
> GREAT EXPLANATION !! Worth much more than the one in DOCCD... I read that
> one
> several times but did not get it... Now, I feel better about the native
> vlan.
>
> I have a question though: is it possible to configure different native
> VLANs
> on
> the ends of a trunk between Cisco switches ?
>
> As far as I could see in the lab, as soon as I configure one end, the trunk
> is
> brought down and an error message pops up, something like: "native VLAN
> mismatch... bringing down the trunk".
> After I configure the SAME native vlan on the other end of the trunk, this
> comes up. As far as I know, this is transmitted via CDP.
>
> I guess scenario 3 does not work with Cisco switches. Maybe between Cisco
> and
> non-Cisco or between non-Ciscos...
>
> TIA, Mihai
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
>
>
>
>
>
>
-- Narbik Kocharians CCSI#30832, CCIE# 12410 (R&S, SP, Security) www.MicronicsTraining www.Net-Workbooks.com Sr. Technical InstructorBlogs and organic groups at http://www.ccie.net
This archive was generated by hypermail 2.1.4 : Sat Nov 01 2008 - 15:35:22 ARST