CCIE Routing & Switching v5 Workbook -
CCIE R&S v5 Advanced Technology Labs -
LAN Switching
802.1q Native VLAN
You must load the initial configuration files for the section, Basic
Layer2 Switching, which can be found in
. Reference the Virtual Routers &
Physical Switches Diagram to complete this task.
Task
Configure all inter-switch links on SW1 to be in dynamic desirable state.
Configure all inter-switch links of SW2, SW3, and SW4 toward SW1 to be in dynamic
auto state.
Configure the trunking encapsulation on SW1’s inter-switch links as static 802.1q.
Configure the switches so that traffic between devices in VLAN 146 is not tagged
when sent over the trunk links.
Configuration
SW1:
vlan 146
!
interface range FastEthernet0/19 - 24
switchport mode dynamic desirable
switchport trunk encapsulation dot1q
switchport trunk native vlan 146
SW2:
vlan 146
!
interface range FastEthernet0/23 - 24
switchport mode dynamic auto
switchport trunk native vlan 146
SW3:
vlan 146
!
interface range FastEthernet0/19 - 20
switchport mode dynamic auto
switchport trunk native vlan 146
SW4:
vlan 146
!
interface range FastEthernet0/21 - 22
switchport mode dynamic auto
switchport trunk native vlan 146
Verification
The IEEE 802.1q trunking encapsulation standard uses the term native VLAN to
describe traffic sent and received on an interface running 802.1q encapsulation that
does not have an 802.1q tag actually inserted. Native VLAN was preserved for
backward compatibility so that frames can still transit switches not yet capable for
802.1q.
When a switch needs to forward a frame outbound on a trunk link and the frame
was received from a VLAN that is the same as the native VLAN of the trunk link, the
frame is sent untagged as if 802.1q were not configured. When the switch receives
an untagged frame on an interface running 802.1q, it associates the frame with the
native VLAN of its trunk port on which the frame was received. The native VLAN is
not configured switch-wide; it is port specific. For example, a switch may be
configured to have VLAN 20 as native VLAN on its FastEthernet0/19 port and VLAN
40 as native VLAN on its FastEthernet0/20 port. The switches on both ends of an
802.1q trunk link must agree on what the native VLAN is; otherwise, traffic can
unexpectedly leak between broadcast domain boundaries. The native VLAN is not
negotiated between switches; it is your responsibility to configure it the same on
both ends of the trunk link.
If, however, you’ve configured a different native VLAN on the two ends of a trunk
link, this will be detected through CDP, which will log a warning messages, and
STP, which will logically disable the port to avoid forwarding loops. The native VLAN
defaults to 1 on all links unless modified. In this case, the native VLAN is modified to
146 on both ends of the link.
SW1#show interface trunk
PortMode
Encapsulation
StatusNative vlan
Fa0/19desirable
802.1q
trunking146
Fa0/20desirable802.1q
trunking146
Fa0/21desirable802.1q
trunking146
Fa0/22desirable802.1q
trunking146
Fa0/23desirable802.1q
trunking146
Fa0/24desirable802.1q
trunking146
<output omitted>
!
!SW2#show interface trunk
PortMode
Encapsulation
StatusNative vlan
Fa0/23auto
n-802.1q
trunking146
Fa0/24auto
n-802.1q
trunking146
<output omitted>
!
!SW3#show interface trunk
PortMode
Encapsulation
StatusNative vlan
Fa0/19auto
n-802.1q
trunking146
Fa0/20auto
n-802.1q
trunking146
<output omitted>
!
!SW4#show interface trunk
PortMode
Encapsulation
StatusNative vlan
Fa0/21auto
n-802.1q
trunking146
Fa0/22auto
n-802.1q
trunking146
<output omitted>
Verify that the default native VLAN of 1 has been changed to VLAN 146.
SW1#show interfaces fastEthernet0/23 switchport
Name: Fa0/23
Switchport: Enabled
Administrative Mode: dynamic desirable
Operational Mode: trunk
Administrative Trunking Encapsulation: dot1q
Operational Trunking Encapsulation: dot1q
Negotiation of Trunking: OnAccess Mode VLAN: 1 (default)
Trunking Native Mode VLAN: 146 (VLAN0146)
Administrative Native VLAN tagging: enabled
!
!SW2#show interfaces fastEthernet0/23 switchport
Name: Fa0/23
Switchport: Enabled
Administrative Mode: dynamic auto
Operational Mode: trunk
Administrative Trunking Encapsulation: negotiate
Operational Trunking Encapsulation: dot1q
Negotiation of Trunking: OnAccess Mode VLAN: 1 (default)
Trunking Native Mode VLAN: 146 (VLAN0146)
Administrative Native VLAN tagging: enabled
Let’s break the configuration by using a different native VLAN on the ends of the
trunk link.
SW1#configure terminal
SW1(config)#interface range fastEthernet0/23 - 24
SW1(config-if-range)#shutdown
SW1(config-if-range)#switchport trunk native vlan 1
SW1(config-if-range)#no shutdown
The following log messages will be triggered by CDP, as the native VLAN value is
sent through CDP advertisements.
%CDP-4-NATIVE_VLAN_MISMATCH:Native VLAN mismatch
discovered on FastEthernet0/23 (1), with SW2 FastEthernet0/23 (146).%CDP-4-NATIVE_VLAN_MISMATCH:
Native VLAN mismatch
discovered on FastEthernet0/24 (1), with SW2 FastEthernet0/24 (146).
The following log messages will be triggered by STP, logically blocking the port.
%SPANTREE-2-RECV_PVID_ERR: Received BPDU with inconsistent peer vlan id 146 on FastEthernet0/24 VLAN1.
%SPANTREE-2-BLOCK_PVID_PEER:Blocking FastEthernet0/24 on VLAN0146. Inconsistent peer vlan.
%SPANTREE-2-BLOCK_PVID_LOCAL:Blocking FastEthernet0/24 on VLAN0001. Inconsistent local vlan.
%SPANTREE-2-RECV_PVID_ERR: Received BPDU with inconsistent peer vlan id 146 on FastEthernet0/23 VLAN1.
%SPANTREE-2-BLOCK_PVID_PEER:Blocking FastEthernet0/23 on VLAN0146. Inconsistent peer vlan.
%SPANTREE-2-BLOCK_PVID_LOCAL:Blocking FastEthernet0/23 on VLAN0001. Inconsistent local vlan.
Verify that from STP perspective, ports are blocked, which means no data-plane
traffic can be forwarded out on the trunks and all inbound data-plane frames are
dropped; however, ports are in the UP state.
SW1#show ip interface brief | i 0/23|0/24
FastEthernet0/23
unassigned
YES unset upup
FastEthernet0/24
unassigned
YES unset upup
!
!SW1#show spanning-tree vlan 1 interface fastEthernet0/23
VlanRole Sts CostPrio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
VLAN0001DesgBKN*19128.25P2p *PVID_Inc
!
!SW1#show spanning-tree inconsistentports
NameInterfaceInconsistency
-------------------- ------------------------ ------------------VLAN0001
FastEthernet0/23Port VLAN ID Mismatch
VLAN0001FastEthernet0/24Port VLAN ID MismatchVLAN0146
FastEthernet0/23Port VLAN ID Mismatch
VLAN0146FastEthernet0/24Port VLAN ID Mismatch
Number of inconsistent ports (segments) in the system : 4