Native VLAN mismatch clarification

[molecul3]

Hi all,

I have a question that needs clarification.
We have an old block of switches with a native vlan of 1. Most of the servers and routers run off this stack of switches and they are all in VLAN 1.
We recently added a new block of switches for users and these users are VLANed by department. This new block of switches needs to talk to the old block in order to "get out" and for access to certain servers. VLAN 1 on the new block points nowhere and is not used.
The way it is configured now is by using a static route from the new block to point to the old block via VLAN 5 created on the new block.
1st question.. why does this work if there is no such thing as VLAN 5 on the old block.
2nd question.. what are the implications of this?

 

[joeyrego]

You really shouldnt use vlan 1.shut it down. security risk. create another vlan on your core router L3 and get your servers on that new vlan. then create another vlan on the core router and put your switches on a separate vlan. then change your switch IPs to be on that vlan. just to segment them as much as possible.

then depending on how the switches are connected via fiber or crossover make the uplinks to look like this with no native vlan associated.

switchport trunk encapsulation dot1q
switchport mode trunk

this will get rid of your native vlan mismatch. the mismatch is only telling you that the switches connected together are not on the same vlan. If you want to configure a vlan just make sure that the uplinks on each switch that are connected are on the same vlan.

switchport trunk encapsulation dot1q
switchport mode trunk

then make sure that all switches have the vlans that need to be. so if switch 2 has vlan 2 and has clients plugged into a port that is assigned to vlan 2 make sure that the uplink switch also has vlan 2 in its vlan database unless you are using VTP. if you are then they will propagate automatically.

what is your router? is is a l3 switch? or is it your external router?

 

[molecul3]

Hi,

It is a layer 3 switch and there is a static route pointing all traffic destined to the server's ip range from the new block to the server block (hope that makes sense). Unfortunately, due to the scope and the changes that need to occur for your recommendation, it would not be possible. And we also do not wish to trunk that link as vlan 5 on the new block is essentially vlan 1 on the server block and things would get messed up real bad.
I guess it has to be how it is at the moment until there is an opportunity to clean things up.
To sum it all up, would it be right to say that if you are not trunking, vlan IDs do not matter and will only result in a mismatch error being generated. As long as the physical switchports are binded together, they will "talk" even though their VLANs do not match???

 

[vipergg]

That is correct if they are tied together they will talk . You can create a mess for yourself if you do a lot of this and makes troubleshooting that much harder so it is better to match vlans on each end .