Trunking_Top

To kick start things off, I still have our respective host / trunk ports, but for security purposes we don’t want to keep the “default” VLAN as 1, because as was said in the last post any untagged traffic showing up at an 802.1q Trunk will be forwarded across it as though it came from default VLAN 1.

This widely well known to IT geeks that default VLANs are 1 across most (probably all) switches unless re-configured, I’ve seen this some out in the wild on customer networks and think putting unused ports in a non-default 1 native VLAN is best practice.

So to begin this, since we only have 2 ports on each switch that is tagged in a VLAN:

SW1(config)#int fa1/0/2
SW1(config-if)#switchport mode access
SW1(config-if)#switchport access vlan 100
% Access VLAN does not exist. Creating vlan 100
SW1(config-if)#int range fa1/0/4 – 24
SW1(config-if-range)#switchport access vlan 100
SW1(config-if-range)#switchport mode access
SW1(config-if-range)#int range gi1/0/1 – 2
SW1(config-if-range)#switchport mode access
SW1(config-if-range)#switchport access vlan 100

I made a derp here, because being that ports 10 and 20 were trunk and not access ports, I accidentally dropped their trunk configuration.

So here are said error messages:

*Mar 1 00:06:28.644: %CDP-4-NATIVE_VLAN_MISMATCH: Native VLAN mismatch discovered on FastEthernet1/0/10 (100), with SW2 FastEthernet1/0/10 (1).
*Mar 1 00:06:42.258: %SPANTREE-7-RECV_1Q_NON_TRUNK: Received 802.1Q BPDU on non trunk FastEthernet1/0/10 VLAN100.
*Mar 1 00:06:42.258: %SPANTREE-7-BLOCK_PORT_TYPE: Blocking FastEthernet1/0/10 on VLAN0100. Inconsistent port type.
*Mar 1 00:07:28.656: %CDP-4-NATIVE_VLAN_MISMATCH: Native VLAN mismatch discovered on FastEthernet1/0/10 (100), with SW2 FastEthernet1/0/10 (1).
*Mar 1 00:08:28.660: %CDP-4-NATIVE_VLAN_MISMATCH: Native VLAN mismatch discovered on FastEthernet1/0/10 (100), with SW2 FastEthernet1/0/10 (1).

First you’ll notice highlighted in red that spanning-tree did its thing and put the port into blocking, because I accidentally made it an access port with my interface range command (doh!).

Once I put port 10 back in Trunk mode, because its running dot1q it stopped nagging, as its default VLAN still matches over the Trunk – just not between SW1 and SW2 sides of the switchports.

So that behavior was caused by an access port being placed in a diffrent VLAN than is across the wire, as I have not changed the native VLAN on the Trunk yet.

Another thing to note is that there was no griping from port 20 which was also just an access port, but had an ISL Trunk config on its corresponding switchport, because they do not recognize Native VLANs.

With that lets make port 10’s Native Vlan 100 on SW1 and see what errors we can generate:

SW1(config-if)#switch trunk ?
allowed Set allowed VLAN characteristics when interface is in trunking
mode
encapsulation Set trunking encapsulation when interface is in trunking mode
native Set trunking native characteristics when interface is in
trunking mode
pruning Set pruning VLAN characteristics when interface is in trunking
mode

SW1(config-if)#switch trunk native ?
vlan Set native VLAN when interface is in trunking mode

SW1(config-if)#switch trunk native vlan ?
<1-4094> VLAN ID of the native VLAN when this port is in trunking mode

SW1(config-if)#switch trunk native vlan 100
SW1(config-if)#
*Mar 1 00:55:33.473: %SPANTREE-2-RECV_PVID_ERR: Received BPDU with inconsistent peer vlan id 1 on FastEthernet1/0/10 VLAN100.
*Mar 1 00:55:33.473: %SPANTREE-2-BLOCK_PVID_PEER: Blocking FastEthernet1/0/10 on VLAN0001. Inconsistent peer vlan.
*Mar 1 00:55:33.473: %SPANTREE-2-BLOCK_PVID_LOCAL: Blocking FastEthernet1/0/10 on VLAN0100. Inconsistent local vlan.

Now we are getting the nagging error every 60 seconds as we did when it was an access port:

*Mar 1 00:56:28.829: %CDP-4-NATIVE_VLAN_MISMATCH: Native VLAN mismatch discovered on FastEthernet1/0/10 (100), with SW2 FastEthernet1/0/10 (1).
*Mar 1 00:57:28.833: %CDP-4-NATIVE_VLAN_MISMATCH: Native VLAN mismatch discovered on FastEthernet1/0/10 (100), with SW2 FastEthernet1/0/10 (1).

So I configured SW2 port 10 with “switchport trunk native vlan 100” as well, so lets take a look at our output:

SW2(config-if)#do sh int trunk

Port Mode Encapsulation Status Native vlan
Fa1/0/10 on 802.1q trunking 100
Fa1/0/20 on isl trunking 1

Port Vlans allowed on trunk
Fa1/0/10 1-4094
Fa1/0/20 1-4094

Port Vlans allowed and active in management domain
Fa1/0/10 1,12,34,100
Fa1/0/20 1,12,34,100

Port Vlans in spanning tree forwarding state and not pruned
Fa1/0/10 1,12,34,100
Fa1/0/20 none
SW2(config-if)#

Now lets mess with that ISL trunk a bit to see if we can get some life out of it:

Upon verifying both VLANs are now rocking, I noticed ISL says that it is in VLAN 1, but I am left wondering if that can be changed as it does not acknowledge Native Vlans:

SW2(config-if)#int fa1/0/20
SW2(config-if)#switchport trunk native ?
vlan Set native VLAN when interface is in trunking mode

SW2(config-if)#switchport trunk native vlan 100
SW2(config-if)#
*Mar 1 01:16:39.171: Port is not 802.1Q trunk, no action

I believe it just politely told you to take a long walk off a short cliff! So even though it shows VLAN 1 as it’s “Native VLAN” it doesn’t truly have one, and it cannot be changed.

SW1(config-if)#switchport trunk encap negotiate
Command rejected: A port which is configured to “trunk” mode can not be configured to negotiate the encapsulation.
SW1(config-if)#switchport mode access
SW1(config-if)#switchport trunk encap negotiate
SW1(config-if)#switchport mode trunk
Command rejected: An interface whose trunk encapsulation is “Auto” can not be configured to “trunk” mode.
SW1(config-if)#

So this is very odd to me, I tried it on both the ISL Trunk and Dot1q trunk, and it happened on both – So it seems like a command with no use.

However, Trunk “Modes” will be the next post I got for you, so we shall see if we can make some use of that negotiate sub-command yet!

Edit from future me 8/23: Negotiate examined and debunked bottom of next post 🙂