Round two! I enabled tagging of native VLAN frames and magically the ports became unblocked and are being forwarded across the trunk again
SW1(config-if)#vlan dot1q tag native 02:36:18: %SPANTREE-2-UNBLOCK_CONSIST_PORT: Unblocking GigabitEthernet0/19 on VLAN0003. Port consistency restored. 02:36:18: %SPANTREE-2-UNBLOCK_CONSIST_PORT: Unblocking GigabitEthernet0/19 on VLAN0012. Port consistency restored. SW1(config)#do sh int trunk Port Mode Encapsulation Status Native vlan Gi0/19 on 802.1q trunking 12 Port Vlans allowed on trunk Gi0/19 1-4094 Port Vlans allowed and active in management domain Gi0/19 1,3,12,34,56 Port Vlans in spanning tree forwarding state and not pruned Gi0/19 1,12,34,56 Of course CDP still sees and logs the mismatch (as expected) 02:37:59: %CDP-4-NATIVE_VLAN_MISMATCH: Native VLAN mismatch discovered on GigabitEthernet0/19 (12), with SW2 GigabitEthernet0/19 (3). So without the native VLAN tagging the ports logged the PVID error and went into an STP blocking state, but with tagging enabled the ports came out of the blocking state and began to forward the traffic again. Proof by IOS. You gotta love this stuff. :) Thank you, Steve E. Di Bias | Network Engineer CCNP (R&S), CCNA (R&S/Security), FNCNE, BCNE, CE|H, CCA, MCSE, MCSA, MCTS, MCITP, A+, Net+ Valley Health System | www.valleyhealthsys.com Direct: 702-369-7594 | Mobile: 702-241-1801 Email: [email protected] -----Original Message----- From: Di Bias, Steve Sent: Monday, October 03, 2011 11:17 PM To: Di Bias, Steve; Douglas Koobs; [email protected] Subject: RE: [OSL | CCIE_RS] How does a native VLAN mismatch create a loop? Hm. Oddly enough I'm getting different results than I have in the past with this, IOS version maybe? In the past I've seen CDP scream about the native VLAN mismatch but the traffic still flowed over the trunks just fine. Tonight however I'm seeing ports going into an STP inconsistent state. Here is my setup: CAT2 is the root bridge for VLAN's 1,3,12,34,56 CAT1 has a single dot1q trunk back to CAT2 (Gig0/19) CAT2 SW2(config-if)#do sh span | incl VLAN|root VLAN0001 This bridge is the root VLAN0003 This bridge is the root VLAN0012 This bridge is the root VLAN0034 This bridge is the root VLAN0056 This bridge is the root CAT1 SW1(config-if)#do sh run int giga0/19 | beg inter interface GigabitEthernet0/19 switchport trunk encapsulation dot1q switchport mode trunk SW1(config-if)#do sh int trunk Port Mode Encapsulation Status Native vlan Gi0/19 on 802.1q trunking 1 Port Vlans allowed on trunk Gi0/19 1-4094 Port Vlans allowed and active in management domain Gi0/19 1,12,34,56 Port Vlans in spanning tree forwarding state and not pruned Gi0/19 1,12,34,56 As of right now both are using a native VLAN of 1 but we will change SW2 to use VLAN 3 and SW1 to use VLAN 12 SW2 SW2(config)#int gig0/19 SW2(config-if)#sw tr nat vla 3 SW1 SW1(config-if)#int giga0/19 SW1(config-if)#sw tr na vl 12 01:48:48: %SPANTREE-2-RECV_PVID_ERR: Received BPDU with inconsistent peer vlan id 3 on GigabitEthernet0/19 VLAN12. 01:48:48: %SPANTREE-2-BLOCK_PVID_PEER: Blocking GigabitEthernet0/19 on VLAN0003. Inconsistent peer vlan. 01:48:48: %SPANTREE-2-BLOCK_PVID_LOCAL: Blocking GigabitEthernet0/19 on VLAN0012. Inconsistent local vlan. 01:49:08: %CDP-4-NATIVE_VLAN_MISMATCH: Native VLAN mismatch discovered on GigabitEthernet0/19 (12), with SW2 GigabitEthernet0/19 (3). So now what do we see? SW1(config)#do sh int trunk Port Mode Encapsulation Status Native vlan Gi0/19 on 802.1q trunking 12 Port Vlans allowed on trunk Gi0/19 1-4094 Port Vlans allowed and active in management domain Gi0/19 1,3,12,34,56 Port Vlans in spanning tree forwarding state and not pruned Gi0/19 1,34,56 Notice that VLAN 3 and VLAN 12 has now been pruned off the trunk, since they are now in a STP blocking state SW1(config-if)#do sh span blocked Name Blocked Interfaces List -------------------- ------------------------------------ VLAN0003 Gi0/19 VLAN0012 Gi0/19 02:11:55: %CDP-4-NATIVE_VLAN_MISMATCH: Native VLAN mismatch discovered on GigabitEthernet0/19 (3), with SW1 GigabitEthernet0/19 (12). --More-- 02:12:55: %CDP-4-NATIVE_VLAN_MISMATCH: Native VLAN mismatch discovered on GigabitEthernet0/19 (3), with SW1 GigabitEthernet0/19 (12). --More-- 02:13:55: %CDP-4-NATIVE_VLAN_MISMATCH: Native VLAN mismatch discovered on GigabitEthernet0/19 (3), with SW1 GigabitEthernet0/19 (12). I'm pretty sure in the past I wasn't having this issue and the two native VLAN's communicated and passed the traffic just fine however that doesn't seem to be happening now. SW2(config-if)#do sh span vl 12 VLAN0012 Spanning tree enabled protocol ieee Root ID Priority 12 Address 001c.0e4b.4500 This bridge is the root Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 12 (priority 0 sys-id-ext 12) Address 001c.0e4b.4500 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 600 Interface Role Sts Cost Prio.Nbr Type ------------------- ---- --- --------- -------- -------------------------------- Gi0/19 Desg BKN*4 128.19 P2p *PVID_Inc SW2(config-if)#do sh span vl 3 VLAN0003 Spanning tree enabled protocol ieee Root ID Priority 3 Address 001c.0e4b.4500 This bridge is the root Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 3 (priority 0 sys-id-ext 3) Address 001c.0e4b.4500 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 600 Interface Role Sts Cost Prio.Nbr Type ------------------- ---- --- --------- -------- -------------------------------- Gi0/19 Desg BKN*4 128.19 P2p *PVID_Inc Thank you, Steve E. Di Bias | Network Engineer CCNP (R&S), CCNA (R&S/Security), FNCNE, BCNE, CE|H, CCA, MCSE, MCSA, MCTS, MCITP, A+, Net+ Valley Health System | www.valleyhealthsys.com Direct: 702-369-7594 | Mobile: 702-241-1801 Email: [email protected] -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Di Bias, Steve Sent: Monday, October 03, 2011 8:35 PM To: Douglas Koobs; [email protected] Subject: Re: [OSL | CCIE_RS] How does a native VLAN mismatch create a loop? Hey Doug! First you would need to have more than one link going between your switches to even have the possibility of a loop. Secondly, while I can't guarantee it, I've never seen a loop form when using mismatched native VLAN's on my trunks (and no I don't design bad networks so stop looking at me like that ;) ;)) I like to think of this as the poor man's method for layer 2 bridging between two VLAN's, also known as "VLAN leaking". If you are really bored and have a few switches lying around you can lab this up and tell us what you find. While It's possible that some IOS versions will err-disable the ports the majority will just give you an error message. The error is generated via CDP since, since CDPv2 will pass the native VLAN information between the switches. Lab it up and see what you find! Thank you, Steve E. Di Bias | Network Engineer CCNP (R&S), CCNA (R&S/Security), FNCNE, BCNE, CE|H, CCA, MCSE, MCSA, MCTS, MCITP, A+, Net+ Valley Health System | www.valleyhealthsys.com Direct: 702-369-7594 | Mobile: 702-241-1801 Email: [email protected] -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Douglas Koobs Sent: Monday, October 03, 2011 6:27 PM To: [email protected] Subject: Re: [OSL | CCIE_RS] How does a native VLAN mismatch create a loop? Thinking about this a bit more, wouldn't the two VLANs just re-converge and create a loop-free topology around one bridge? Certainly not optimal, but not a loop... On Mon, 2011-10-03 at 20:39 -0400, Douglas Koobs wrote: > I'm reading the SWITCH foundation learning guide, and it states that a > trunk with mismatched native VLANs can lead to a loop because BPDUs > are sent to the IEEE MAC address 0180.c200.0000 > > I think I understand at a very high level how this could happen: The > root bridge of one of the VLANs would be superior to the root bridge > of the other VLAN, and some of the switches would begin to converge > around the root bridge from the wrong VLAN. > > However, this situation is still fuzzy around the edges to me, which > usually means I'm missing something fundamental. Am I? > > Thanks! > > Doug _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com UHS Confidentiality Notice: This e-mail message, including any attachments, is for the sole use of the intended recipient (s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution of this information is prohibited. If this was sent to you in error, please notify the sender by reply e-mail and destroy all copies of the original message. _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com UHS Confidentiality Notice: This e-mail message, including any attachments, is for the sole use of the intended recipient (s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution of this information is prohibited. If this was sent to you in error, please notify the sender by reply e-mail and destroy all copies of the original message. _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
