Task 1.5 - 802.1q Native VLAN

Hi Guys,

Little question here this is not technical related but I think this is important from Exam point of view.

In 1.5 they specifically ask to set SW1, we know that changing the native vlan on 1 switch will generate error on other but they never mention to do anything on other switches.

I think I did not get the question right. Because in the solution they changed it on every switch.

So, what I concluded by this is that we have to make sure we also do the configuration related to the task on other devices wheather it is mentioned or not.

I will appreciate the feed back.

Regards

Mahir

Comments

  • Hi mahirali,

    Yes - the native vlan should be the same on both sides of the link. Therefore, that's why the SG is changing the native vlan on the other switches' connections to SW1, so they could be match.

    If the VLANs are not the same CDP will complain and it is considered a security breach, as it could be used to perform VLAN hopping atacks.

    HTH

    Good luck!

  • You are welcome!

    Good luck with your studies!

  •  

    Hi Mahir,

    You are right. You have to change it on every other connected switch, or you will get the native VLAN mismatch error. There always configurations that have to be done without being asked for explicitly, but they are indeed required for a complete correct solution. You will encounter things like this in vol 1 and much more in Vol 2.

     

    HTH,

    Bassam

  • Little question here this is not technical related but I think this is important from Exam point of view.

    In 1.5 they specifically ask to set SW1, we know that changing the native vlan on 1 switch will generate error on other but they never mention to do anything on other switches.

    I think I did not get the question right. Because in the solution they changed it on every switch.

    So, what I concluded by this is that we have to make sure we also do the configuration related to the task on other devices wheather it is mentioned or not.

    Along with CDP, if there is dynamic negotiations od trunks via DTP then DTP also throws error for native vlan mismatch. We can avoid getting these errors messages but traffic can still be leaked if native vlan mismatch occurs. However there is a special mechnish in stp which prevents the leaking of traffic by bloking the ports where native vlans are mismatched.

    In case if there is tagging for all the vlans or isl is used, then native vlan has no meaning. 

  • Hello Everyone,

    I was configuring Task 1.5 today and encountered a strange issue, admitedlly one that was a config error on my end but is still intresting to understand. Below is a synopsis of my config  -

    SW1

    vlan 146

    !

    int fa0/19 - 24

    switchport trunk encap dot1q

    switchport mode dynamic desirable

    switchport trunk native vlan 146

    !

    SW2 /SW3/SW4

    vlan 146

    !

    int fa0/19 - 24 ( The error was that I configured all ports here and not just the ones connected to SW1)

    switchport mode dynamic auto (default)

    switchport trunk native vlan 146

    !

    i saw CDP and STP complaining about VLAN mismatch. Eventually the ports converged. However, on all 4 switches "sh spanning-tree vlan 146" yielded no result. (i.e. spanning-tree instance for Vlan 146 did not exist.)

     

    Based on my understanding, if a access port receives a BPDU, the switch puts the ports in inconsistent state. However, for instance ports on SW2 connecting to SW3 & SW4 were dynamic auto (i.e. access ports). These ports should not generate BPDU right ?? Why did the spanning-tree domain for Vlan 146 not converge once the switches agreed on the native vlan as 146 ??

    Please assist. Your response would be greatly appreciated.

    Thanks.

Sign In or Register to comment.