Native VLAN?
dan87951
Member Posts: 107
in CCNA & CCENT
Can someone explain what native VLAN is all about. I'm having a hard time understanding this in my CCNA exploration material. For example if I have 3 VLANs (10,20,30) on a 3 switch network all trunked using dot1q, how do I determine which one is the native VLAN on that particular switch?
Thanks
Thanks
Comments
-
VAHokie56
Member Posts: 783
By default your native vlan will be 1. You can change this on the interface where the trunk exists with switchport trunk native vlan xx. Just remember to change it on the other side of the trunk to or you will get a native vlan mismatch.
EDIT: Also remember you can use the sh int trunk command to see all this information.ιlι..ιlι.
CISCO
"A flute without holes, is not a flute. A donut without a hole, is a Danish" - Ty Webb
Reading:NX-OS and Cisco Nexus Switching: Next-Generation Data Center Architectures -
pham0329
Member Posts: 556
No, the native VLAN is whatever you set it to. You can set the native vlan using switchport trunk native vlan vlan_id
Frames belonging to the native vlan are sent untagged. -
dan87951
Member Posts: 107
I'm in the middle of doing lab 3.4.2 Troubleshooting VLAN implementations and cannot figure out for the life of me why PC2 cannot ping PC5. Anyone else have access to the lab?
Here is the running configs of the three swithces. I have included a PDF of the lab.
S2
Building configuration...
Current configuration : 2585 bytes
!
version 12.2
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname S2
!
enable secret 5 $1$IESG$Ocm0zW0/lVlCB2lCt/zNB0
!
no ip domain-lookup
!
!
interface FastEthernet0/1
switchport trunk native vlan 99
switchport mode trunk
!
interface FastEthernet0/2
switchport access vlan 99
switchport trunk native vlan 99
switchport mode access
!
interface FastEthernet0/3
switchport access vlan 99
switchport trunk native vlan 99
switchport mode access
!
interface FastEthernet0/4
switchport access vlan 99
switchport trunk native vlan 99
switchport mode access
!
interface FastEthernet0/5
switchport access vlan 99
switchport trunk native vlan 99
switchport mode access
!
interface FastEthernet0/6
switchport access vlan 30
switchport mode access
!
interface FastEthernet0/7
switchport access vlan 30
switchport mode access
!
interface FastEthernet0/8
switchport access vlan 30
switchport mode access
!
interface FastEthernet0/9
switchport access vlan 30
switchport mode access
!
interface FastEthernet0/10
switchport access vlan 30
switchport mode access
!
interface FastEthernet0/11
switchport access vlan 10
switchport mode access
!
interface FastEthernet0/12
switchport access vlan 10
switchport mode access
!
interface FastEthernet0/13
switchport access vlan 10
switchport mode access
!
interface FastEthernet0/14
switchport access vlan 10
switchport mode access
!
interface FastEthernet0/15
switchport access vlan 10
switchport mode access
!
interface FastEthernet0/16
switchport access vlan 10
switchport mode access
!
interface FastEthernet0/17
switchport access vlan 10
switchport mode access
!
interface FastEthernet0/18
switchport access vlan 20
switchport mode access
!
interface FastEthernet0/19
switchport access vlan 20
switchport mode access
!
interface FastEthernet0/20
switchport access vlan 20
switchport mode access
!
interface FastEthernet0/21
switchport access vlan 20
switchport mode access
!
interface FastEthernet0/22
switchport access vlan 20
switchport mode access
!
interface FastEthernet0/23
switchport access vlan 20
switchport mode access
!
interface FastEthernet0/24
switchport access vlan 20
switchport mode access
!
interface GigabitEthernet1/1
!
interface GigabitEthernet1/2
!
interface Vlan1
no ip address
shutdown
!
interface Vlan99
ip address 172.17.99.32 255.255.255.0
!
banner motd ^CAUTHORIZED ACCESS ONLY^C
!
line con 0
password cisco
login
!
line vty 0 4
password cisco
login
line vty 5 15
password cisco
login
!
!
end
S1:
Building configuration...
Current configuration : 2524 bytes
!
version 12.2
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname S1
!
enable secret 5 $1$gIYy$lNBEKWVIyHziVI2KkDqV//
!
no ip domain-lookup
!
!
interface FastEthernet0/1
switchport trunk native vlan 99
switchport mode trunk
!
interface FastEthernet0/2
switchport access vlan 99
switchport mode access
!
interface FastEthernet0/3
switchport trunk native vlan 99
switchport mode trunk
!
interface FastEthernet0/4
switchport access vlan 99
switchport trunk native vlan 99
switchport mode access
!
interface FastEthernet0/5
switchport access vlan 99
switchport trunk native vlan 99
switchport mode access
!
interface FastEthernet0/6
switchport access vlan 30
switchport mode access
!
interface FastEthernet0/7
switchport access vlan 30
switchport mode access
!
interface FastEthernet0/8
switchport access vlan 30
switchport mode access
!
interface FastEthernet0/9
switchport access vlan 30
switchport mode access
!
interface FastEthernet0/10
switchport access vlan 30
switchport mode access
!
interface FastEthernet0/11
switchport access vlan 10
switchport mode access
!
interface FastEthernet0/12
switchport access vlan 10
switchport mode access
!
interface FastEthernet0/13
switchport access vlan 10
switchport mode access
!
interface FastEthernet0/14
switchport access vlan 10
switchport mode access
!
interface FastEthernet0/15
switchport access vlan 10
switchport mode access
!
interface FastEthernet0/16
switchport access vlan 10
switchport mode access
!
interface FastEthernet0/17
switchport access vlan 10
switchport mode access
!
interface FastEthernet0/18
switchport access vlan 20
switchport mode access
!
interface FastEthernet0/19
switchport access vlan 20
switchport mode access
!
interface FastEthernet0/20
switchport access vlan 20
switchport mode access
!
interface FastEthernet0/21
switchport access vlan 20
switchport mode access
!
interface FastEthernet0/22
switchport access vlan 20
switchport mode access
!
interface FastEthernet0/23
switchport access vlan 20
switchport mode access
!
interface FastEthernet0/24
switchport access vlan 20
switchport mode access
!
interface GigabitEthernet1/1
!
interface GigabitEthernet1/2
!
interface Vlan1
no ip address
shutdown
!
interface Vlan99
ip address 172.17.99.31 255.255.255.0
!
banner motd ^CAUTHORIZED ACCESS ONLY^C
!
line con 0
password cisco
login
!
line vty 0 4
password cisco
login
line vty 5 15
password cisco
login
!
!
end
S3:
Building configuration...
Current configuration : 2453 bytes
!
version 12.2
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname S3
!
enable secret 5 $1$bAW7$i8oljtIWD71Gv898tGI6i/
!
no ip domain-lookup
!
!
interface FastEthernet0/1
switchport access vlan 99
switchport mode access
!
interface FastEthernet0/2
switchport access vlan 99
switchport mode access
!
interface FastEthernet0/3
switchport trunk native vlan 99
switchport mode trunk
!
interface FastEthernet0/4
switchport access vlan 99
switchport mode access
!
interface FastEthernet0/5
switchport access vlan 99
switchport mode access
!
interface FastEthernet0/6
switchport access vlan 30
switchport mode access
!
interface FastEthernet0/7
switchport access vlan 30
switchport mode access
!
interface FastEthernet0/8
switchport access vlan 30
switchport mode access
!
interface FastEthernet0/9
switchport access vlan 30
switchport mode access
!
interface FastEthernet0/10
switchport access vlan 30
switchport mode access
!
interface FastEthernet0/11
switchport access vlan 10
switchport mode access
!
interface FastEthernet0/12
switchport access vlan 10
switchport mode access
!
interface FastEthernet0/13
switchport access vlan 10
switchport mode access
!
interface FastEthernet0/14
switchport access vlan 10
switchport mode access
!
interface FastEthernet0/15
switchport access vlan 10
switchport mode access
!
interface FastEthernet0/16
switchport access vlan 10
switchport mode access
!
interface FastEthernet0/17
switchport access vlan 10
switchport mode access
!
interface FastEthernet0/18
switchport access vlan 20
switchport mode access
!
interface FastEthernet0/19
switchport access vlan 20
switchport mode access
!
interface FastEthernet0/20
switchport access vlan 20
switchport mode access
!
interface FastEthernet0/21
switchport access vlan 20
switchport mode access
!
interface FastEthernet0/22
switchport access vlan 20
switchport mode access
!
interface FastEthernet0/23
switchport access vlan 20
switchport mode access
!
interface FastEthernet0/24
switchport access vlan 20
switchport mode access
!
interface GigabitEthernet1/1
!
interface GigabitEthernet1/2
!
interface Vlan1
no ip address
shutdown
!
interface Vlan99
ip address 172.17.99.33 255.255.255.0
!
banner motd ^CAUTHORIZED ACCESS ONLY^C
!
line con 0
password cisco
login
!
line vty 0 4
password cisco
login
line vty 5 15
password cisco
login
!
!
end
I have checked to make sure that all the switchports belong to the correct VLAN and I have also made sure the trunks all belong to the correct native VLAN. Also both PC's have the correct IP's, subnets, and gateways. The other VLAN's (10 and 30) can talk to each other just fine. -
dan87951
Member Posts: 107
I think the problem lies with s1?? I also used the command show interface trunk to make sure the VLANs have access across the trunk which they do.
-
Mierdin
Member Posts: 79 ■■□□□□□□□□
The biggest use of native VLAN is for frames that come in on a VLAN trunk untagged. The frame gets assigned to the native VLAN. In reference to your question about comparison with a management VLAN - they can be the same but it is a general best security practice that they are not."We gain complexity by linking together. To be isolated within a single platform is to be reduced. We see less. Understand less. It is quieter.” -Legion
Current Focus: CCIE R/S
Blog -- Keeping It Classless -
pham0329
Member Posts: 556
are the vlans created on all the switch? Are they being pruned/on the allowed list?
-
Forsaken_GA
Member Posts: 4,024 ■■■■■■■■■■
I think the problem lies with s1?? I also used the command show interface trunk to make sure the VLANs have access across the trunk which they do.
do sh vlan brief on all three switches to make sure the vlan is actually created on all three switches. Putting the port into a vlan doesn't always create the vlan on the switch, especially if it's a VTP Client. If the vlan isn't in the switches local database, it won't pass traffic for that vlan over a trunk.
Also check the hosts themselves to make sure they have the right netmasks. They're probably fine, but never a good idea to make assumptions. -
dan87951
Member Posts: 107
Yes VLAN's are created on all three switches. Did I also mention that traffic for VLAN 10 and 30 send/receive just fine. I don't understand why VLAN 20 cannot communicate with the other host. Everything in the config is flawless from what I can see!!
-
dan87951
Member Posts: 107
Look what I found. This is on S3 port 18 for VLAN20.
S3#show interface fa0/18 switchport
Name: Fa0/18
Switchport: Enabled
Administrative Mode: static access
Operational Mode: down
Administrative Trunking Encapsulation: dot1q
Operational Trunking Encapsulation: native
Negotiation of Trunking: Off
Access Mode VLAN: 20 (Students)
Trunking Native Mode VLAN: 1 (default)
Voice VLAN: none
Administrative private-vlan host-association: none
Administrative private-vlan mapping: none
Administrative private-vlan trunk native VLAN: none
Administrative private-vlan trunk encapsulation: dot1q
Administrative private-vlan trunk normal VLANs: none
Administrative private-vlan trunk private VLANs: none
Operational private-vlan: none
Trunking VLANs Enabled: ALL
Pruning VLANs Enabled: 2-1001
Capture Mode Disabled
Capture VLANs Allowed: ALL
Protected: false
Appliance trust: none
Why is the operation mode showing as "down"? This should be set to static access. How do I change it to that? I have tried reseting port 18 and than adding the vlan 20 and switchport mode access commands back but that does nothing. Please advise. -
Eildor
Member Posts: 444
If you want you can send me your PT file to eildor@hotmail.co.uk and I'll have a look at it.
-
CodeBlox
Member Posts: 1,363 ■■■■□□□□□□
And you're certain you've created these vlans on all switches??Currently reading: Network Warrior, Unix Network Programming by Richard Stevens -
pham0329
Member Posts: 556
Look what I found. This is on S3 port 18 for VLAN20.
S3#show interface fa0/18 switchport
Name: Fa0/18
Switchport: Enabled
Administrative Mode: static access
Operational Mode: down
Administrative Trunking Encapsulation: dot1q
Operational Trunking Encapsulation: native
Negotiation of Trunking: Off
Access Mode VLAN: 20 (Students)
Trunking Native Mode VLAN: 1 (default)
Voice VLAN: none
Administrative private-vlan host-association: none
Administrative private-vlan mapping: none
Administrative private-vlan trunk native VLAN: none
Administrative private-vlan trunk encapsulation: dot1q
Administrative private-vlan trunk normal VLANs: none
Administrative private-vlan trunk private VLANs: none
Operational private-vlan: none
Trunking VLANs Enabled: ALL
Pruning VLANs Enabled: 2-1001
Capture Mode Disabled
Capture VLANs Allowed: ALL
Protected: false
Appliance trust: none
Why is the operation mode showing as "down"? This should be set to static access. How do I change it to that? I have tried reseting port 18 and than adding the vlan 20 and switchport mode access commands back but that does nothing. Please advise.
Kind of an obvious question but you issued the no shut command, right? -
dan87951
Member Posts: 107
And you're certain you've created these vlans on all switches??
Correct, remember VLAN10 and 30 can send/receive traffic just fine. Only VLAN20 cannot.
I will send the PT activity to the user that requested it. Thanks man! -
Eildor
Member Posts: 444
Correct, remember VLAN10 and 30 can send/receive traffic just fine. Only VLAN20 cannot.
I will send the PT activity to the user that requested it. Thanks man!
If you could let me know on this thread once you have sent the file I'd appreciate it as I don't have that e-mail account linked up to my phone, and I might be away from the computer for some minutes
-
dan87951
Member Posts: 107
Ok guys got it figured out. You have to remember I'm doing this all using packet tracer so things that seem easy to overlook in lab enviro. are a little more difficult in PT. Anywyas on SW3 the computer connected to port 18 was not really connect to port 18 it was on port 17. Since it was labled in PT as Port 18 I assumed it was on 18 when in fact it was on 17. Wow, sneaking lab... Anyways, so there was nothing wrong with my config the reason the computer on VLAN 20 could not ping the other computer was because it was connected to another switchport (17).
Thanks for support on this lab even though I'm a little embarrassed now. -
Eildor
Member Posts: 444
Ok guys got it figured out. You have to remember I'm doing this all using packet tracer so things that seem easy to overlook in lab enviro. are a little more difficult in PT. Anywyas on SW3 the computer connected to port 18 was not really connect to port 18 it was on port 17. Since it was labled in PT as Port 18 I assumed it was on 18 when in fact it was on 17. Wow, sneaking lab... Anyways, so there was nothing wrong with my config the reason the computer on VLAN 20 could not ping the other computer was because it was connected to another switchport (17).
Thanks for support on this lab even though I'm a little embarrassed now.
Well done on figuring it out mate We all learn from troubleshooting exercises like this, so no worries. -
Ltat42a
Member Posts: 587 ■■■□□□□□□□
Ok guys got it figured out. You have to remember I'm doing this all using packet tracer so things that seem easy to overlook in lab enviro. are a little more difficult in PT. Anywyas on SW3 the computer connected to port 18 was not really connect to port 18 it was on port 17. Since it was labled in PT as Port 18 I assumed it was on 18 when in fact it was on 17. Wow, sneaking lab... Anyways, so there was nothing wrong with my config the reason the computer on VLAN 20 could not ping the other computer was because it was connected to another switchport (17).
Thanks for support on this lab even though I'm a little embarrassed now.
Ah.....a Physical Layer problem huh? Had a similar lab with a cable between a PC and a router. The cable was a straight-thru, swapped it out with a crossover....pings galore!
Nice job..
