Courseiva
VLANCCNA 200-301

Native VLAN Mismatch on Trunk — CDP Warning / STP Issues

Presenting Symptom

Users in VLAN 10 report intermittent connectivity to the server farm, and CDP shows 'Native VLAN mismatch discovered' errors on the trunk link between two switches.

Network Context

A small branch office network with two Cisco Catalyst 2960 switches (SW1 and SW2) running IOS 15.0. SW1 connects to access switches for client PCs in VLAN 10 (192.168.10.0/24) and VLAN 20 (192.168.20.0/24). SW2 connects to a server farm with servers in VLAN 10. The two switches are interconnected via a trunk link (GigabitEthernet0/1 on both). The native VLAN is configured as VLAN 1 on SW1 but VLAN 99 on SW2, causing a mismatch.

Diagnostic Steps

1

Check CDP neighbors and native VLAN mismatch warnings

show cdp neighbors detail
Device ID: SW2
Entry address(es):
  IP address: 192.168.1.2
Platform: cisco WS-C2960-24TT-L, Capabilities: Switch
Interface: GigabitEthernet0/1, Port ID (outgoing port): GigabitEthernet0/1
Holdtime : 134 sec

Version :
Cisco IOS Software, C2960 Software (C2960-LANBASEK9-M), Version 15.0(2)SE, RELEASE SOFTWARE (fc1)

advertisement version: 2
Native VLAN mismatch: discovered on GigabitEthernet0/1, none.

The output shows 'Native VLAN mismatch: discovered' on the trunk interface. This indicates the native VLAN configured on SW1's trunk port differs from that on SW2's trunk port. A mismatch can cause STP issues and misforwarding of untagged frames.

2

Verify trunk configuration and native VLAN on both switches

show interfaces trunk
Port        Mode         Encapsulation  Status        Native vlan
Gi0/1       on           802.1q         trunking      1

Port        Vlans allowed on trunk
Gi0/1       1-4094

Port        Vlans allowed and active in management domain
Gi0/1       1,10,20

Port        Vlans in spanning tree forwarding state and not pruned
Gi0/1       1,10,20

On SW1, the native VLAN is 1. On SW2, the same command would show native VLAN 99. Compare the native VLAN values; if they differ, that is the root cause. Also check that the trunk is up and the allowed VLAN list includes the needed VLANs.

3

Check STP state on the trunk port

show spanning-tree interface gigabitEthernet 0/1
Vlan                Role Sts Cost      Prio.Nbr Type
------------------- ---- --- --------- -------- -------------------------
VLAN0001            Desg FWD 4         128.1    P2p
VLAN0010            Desg FWD 4         128.1    P2p
VLAN0020            Desg FWD 4         128.1    P2p

If the native VLAN mismatch exists, STP may block the port for the native VLAN (VLAN 1) or cause inconsistent states. Look for 'BLK' or 'BKN' roles. In a mismatch, the native VLAN's STP instance may be blocked or show inconsistencies.

4

Check interface status for errors or discards

show interfaces gigabitEthernet 0/1
GigabitEthernet0/1 is up, line protocol is up (connected)
  Hardware is Gigabit Ethernet, address is 0011.2233.4455 (bia 0011.2233.4455)
  MTU 1500 bytes, BW 1000000 Kbit/sec, DLY 10 usec,
     reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation 802.1Q Virtual LAN, Vlan ID 1.
  Full-duplex, 1000Mb/s
  input errors 0, CRC 0, frame 0, overrun 0, ignored 0
  output errors 0, collisions 0, interface resets 0
  ...

The interface may show no errors, but the native VLAN mismatch can cause intermittent connectivity because untagged frames (native VLAN) are placed into the wrong VLAN. Look for any input/output errors, but often the interface appears clean.

Root Cause

The native VLAN on the trunk link between SW1 and SW2 is mismatched: SW1's trunk port Gi0/1 has native VLAN 1 (default), while SW2's trunk port Gi0/1 has native VLAN 99 configured. This causes CDP to report a mismatch, and more critically, untagged frames (including BPDUs for the native VLAN) are placed into different VLANs on each switch, leading to STP inconsistencies and potential loops or loss of connectivity for VLAN 10 traffic.

Resolution

On SW2, change the native VLAN on the trunk port to match SW1's native VLAN (VLAN 1). SW2(config)# interface gigabitEthernet 0/1 SW2(config-if)# switchport trunk native vlan 1 Alternatively, if the design intends native VLAN 99, change SW1's trunk port to match: SW1(config)# interface gigabitEthernet 0/1 SW1(config-if)# switchport trunk native vlan 99 Ensure both switches have the native VLAN defined (VLAN 1 always exists; VLAN 99 must be created if not present).

Verification

After applying the fix, verify the native VLAN mismatch is resolved: SW1# show cdp neighbors detail | include Native VLAN mismatch (No output expected — the mismatch message should be gone) SW1# show interfaces trunk Port Mode Encapsulation Status Native vlan Gi0/1 on 802.1q trunking 1 SW2# show interfaces trunk Port Mode Encapsulation Status Native vlan Gi0/1 on 802.1q trunking 1 Also verify STP is stable: SW1# show spanning-tree interface gigabitEthernet 0/1 All VLANs should show Role: Desg or Root, Sts: FWD.

Prevention

1. Always configure the native VLAN explicitly on trunk ports rather than relying on the default VLAN 1. Use a dedicated, unused VLAN (e.g., VLAN 999) for native VLAN to avoid security risks and misconfigurations. 2. Implement a consistent native VLAN across all trunk links in the network. Document and standardize the native VLAN in the network design. 3. Enable CDP or LLDP on trunk ports to detect native VLAN mismatches early, and monitor syslog for mismatch messages.

CCNA Exam Relevance

On the CCNA 200-301 exam, native VLAN mismatch scenarios appear in troubleshooting questions, often as a multiple-choice or drag-and-drop where you must identify the cause of connectivity issues between switches. The exam tests your ability to interpret 'show interfaces trunk' and 'show cdp neighbors detail' output to spot the mismatch. Key fact: A native VLAN mismatch can cause STP to block the port for the native VLAN, leading to loss of connectivity for that VLAN.

Exam Tips

1.

Memorize that 'Native VLAN mismatch' appears in CDP output and is a common trunk issue.

2.

Remember that the native VLAN is used for untagged frames; a mismatch causes those frames to be placed into different VLANs on each side, breaking connectivity.

3.

Know that 'show interfaces trunk' displays the native VLAN; compare both ends to find mismatches.

Commands Used in This Scenario

show cdp neighbors detail

Displays detailed information about directly connected Cisco devices discovered via CDP, including IP addresses, IOS version, platform, and interface details, useful for verifying neighbor relationships and troubleshooting Layer 2 connectivity.

show interfaces trunk

Displays trunk interface status, allowed VLANs, and pruning information for all trunk ports on a Cisco switch, used to verify trunking configuration and VLAN membership.

show spanning-tree

Displays the Spanning Tree Protocol (STP) state and configuration for all VLANs or a specific VLAN, used to verify root bridge, port roles, and STP topology.

Test Your CCNA Knowledge

Practice with scenario-based questions to prepare for the CCNA 200-301 exam.

Practice CCNA Questions