发一个在ciscoforum上看到的一个很好的故障分析帖子

拓扑：
2台DSLAM设备同时接到一个光端机的1和2口上，一对光纤到局里的一个光端机上，1和2口都用五类线连接到cisco3750的fa1/0/3和fa1/0/4上。

问题描述：
（1）在cisco3750上新建vlan420，把fa1/0/3和1/0/4都加到420里，交换机上的3口亮绿灯，但4口却一直亮橘黄色灯，也就是常见的spanning-tree转发等待时一样的颜色，用show spanning-tree命令一看，出现下面提示：
VLAN0420
Spanning tree enabled protocol ieee
Root ID Priority 33188
Address 0014.6afd.ab80
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 33188 (priority 32768 sys-id-ext 420)
Address 0014.6afd.ab80
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300

Interface Role Sts Cost Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Fa1/0/3 Desg FWD 19 128.5 P2p
Fa1/0/4 Desg BLK 19 128.6 P2p
应该是给bloking了，问题会是因为在同一个光端机里出来的吗？
所以，我做了以下操作：
inter fa1/0/4
spanning-tree bpdufilter enable

发现4口的灯变成绿色的了，高兴得大声欢呼，但不知道犯了个严重的错误，因为用了这条命令之后，fa1/0/4端口的环路阻塞功能取消了，所以就出现了环路，拨号用户都无法访问internet。
接着就no spanning-tree bpdufilter enable 在fa1/0/4，问题依旧那样，4口的灯无法变绿色。

（2）问题没有解决，就换个方法试试，于是就新建了vlan 403和vlan 404，
inter vlan 403
ip add 192.168.100.13 255.255.255.252 连接此端口的DSLAM地址是192.168.100.14 255.255.255.252

inter vlan 404
ip add 192.168.100.17 255.255.255.252 连接此端口的DSLAM地址是192.168.100.18 255.255.255.252

int fa1/0/3
sw mode acc
sw acc vlan 403

int fa1/0/4
sw mode acc
sw acc vlan 404

问题出现了，每隔30秒左右不停地发一下信息：
1d02h: %CDP-4-NATIVE_VLAN_MISMATCH: Native VLAN mismatch discovered on FastEthernet1/0/4 (404), with ADSLswitch FastEthernet1/0/3 (403).
1d02h: %CDP-4-NATIVE_VLAN_MISMATCH: Native VLAN mismatch discovered on FastEthernet1/0/3 (403), with ADSLswitch FastEthernet1/0/4 (404).
说明：此时的业务并没有停下来，我想应该也是个广播吧，但这样总不是个事呀，于是用：
inter fa1/0/4
no sw acc vlan 404

本想这回应该不会再有提示了吧，嘿，又出现了下面的提示：
1d02h: %CDP-4-NATIVE_VLAN_MISMATCH: Native VLAN mismatch discovered on FastEthernet1/0/4 (1), with ADSLswitch FastEthernet1/0/3 (403).
1d02h: %CDP-4-NATIVE_VLAN_MISMATCH: Native VLAN mismatch discovered on FastEthernet1/0/3 (403), with ADSLswitch FastEthernet1/0/4 (1).

结果：
面对以上情况，本人已没有招对付了，除非我在端口不划vlan，直接配地址了，但也不知道成不成，所以在这里向大伙请教请教，希望有经验的兄弟能够帮忙，谢谢了！

交换机配置：
ADSLswitch#sh run
Building configuration...

Current configuration : 4404 bytes
!
version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname ADSLswitch
!
enable secret 5 $1$XkRU$kfrkr6NvMqc681pUyqTWs1
!
no aaa new-model
switch 1 provision ws-c3750-24ts
ip subnet-zero
ip routing
!
!
!
!
no file verify auto
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
interface FastEthernet1/0/1
switchport access vlan 401
switchport mode access
!
interface FastEthernet1/0/2
switchport access vlan 402
switchport mode access
!
interface FastEthernet1/0/3
switchport access vlan 403
switchport mode access
!
interface FastEthernet1/0/4
switchport access vlan 404
switchport mode access
!
interface FastEthernet1/0/5
switchport access vlan 405
switchport mode access
!
interface FastEthernet1/0/6
switchport access vlan 406
switchport mode access
!
interface FastEthernet1/0/7
switchport access vlan 407
switchport mode access
!
interface FastEthernet1/0/8
switchport access vlan 409
switchport mode access
!
interface FastEthernet1/0/9
switchport access vlan 410
switchport mode access
!
interface FastEthernet1/0/10
switchport mode access
!
interface FastEthernet1/0/11
switchport access vlan 411
switchport mode access
!
interface FastEthernet1/0/12
switchport access vlan 412
switchport mode access
!
interface FastEthernet1/0/13
switchport access vlan 412
switchport mode access
!
interface FastEthernet1/0/14
!
interface FastEthernet1/0/15
!
interface FastEthernet1/0/16
!
interface FastEthernet1/0/17
!
interface FastEthernet1/0/18
!
interface FastEthernet1/0/19
!
interface FastEthernet1/0/20
!
interface FastEthernet1/0/21
!
interface FastEthernet1/0/22
!
interface FastEthernet1/0/23
!
interface FastEthernet1/0/24
no switchport
ip address 192.168.100.2 255.255.255.252
!
interface GigabitEthernet1/0/1
switchport access vlan 408
switchport mode access
!
interface GigabitEthernet1/0/2
!
interface Vlan1
no ip address
!
interface Vlan401
ip address 192.168.100.5 255.255.255.252
ip access-group 112 in
!
interface Vlan402
ip address 192.168.100.9 255.255.255.252
ip access-group 112 in
!
interface Vlan403
ip address 192.168.100.13 255.255.255.252
ip access-group 112 in
!
interface Vlan404
ip address 192.168.100.17 255.255.255.252
!
interface Vlan405
ip address 192.168.100.21 255.255.255.252
ip access-group 112 in
!
interface Vlan406
ip address 192.168.100.25 255.255.255.252
ip access-group 112 in
!
interface Vlan407
ip address 192.168.100.29 255.255.255.252
ip access-group 112 in
!
interface Vlan408
ip address 192.168.100.33 255.255.255.252
ip access-group 112 in
!
interface Vlan409
ip address 192.168.100.37 255.255.255.252
ip access-group 112 in
!
interface Vlan410
ip address 192.168.100.41 255.255.255.252
ip access-group 112 in
!
interface Vlan411
ip address 192.168.100.45 255.255.255.252
ip access-group 112 in
!
interface Vlan412
ip address 172.16.16.94 255.255.255.224
ip access-group 112 in
!
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.100.1
ip route 172.16.0.0 255.255.254.0 192.168.100.6
ip route 172.16.2.0 255.255.254.0 192.168.100.14
ip route 172.16.4.0 255.255.254.0 192.168.100.22
ip route 172.16.6.0 255.255.254.0 192.168.100.26
ip route 172.16.8.0 255.255.254.0 192.168.100.30
ip route 172.16.10.0 255.255.254.0 192.168.100.34
ip route 172.16.12.0 255.255.255.0 192.168.100.38
ip route 172.16.13.0 255.255.255.0 192.168.100.42
ip route 172.16.14.0 255.255.255.0 192.168.100.46
ip route 172.16.18.0 255.255.254.0 192.168.100.10
ip route 172.16.24.0 255.255.254.0 192.168.100.18
ip http server
!
access-list 112 deny tcp any any eq 4444
access-list 112 deny udp any any eq tftp
access-list 112 deny tcp any any eq 135
access-list 112 deny udp any any eq 135
access-list 112 deny tcp any any eq 139
access-list 112 deny udp any any eq netbios-ss
access-list 112 deny tcp any any eq 445
access-list 112 deny udp any any eq 445
access-list 112 deny tcp any any eq 593
access-list 112 deny udp any any eq 593
access-list 112 deny udp any any eq 1434
access-list 112 deny tcp any any eq 1025
access-list 112 deny tcp any any eq 3127
access-list 112 deny tcp any any eq 6129
access-list 112 deny tcp any any eq 2745
access-list 112 permit ip any any
!
control-plane
!
!
line con 0
line vty 0 4
password 0000000
login
line vty 5 15
no login
!
!
end

ADSLswitch#sh vlan

VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Fa1/0/10, Fa1/0/14, Fa1/0/15, Fa1/0/16, Fa1/0/17, Fa1/0/18, Fa1/0/19,

Fa1/0/20
Fa1/0/21, Fa1/0/22, Fa1/0/23, Gi1/0/2
401 VLAN0401 active Fa1/0/1
402 VLAN0402 active Fa1/0/2
403 VLAN0403 active Fa1/0/3
404 VLAN0404 active Fa1/0/4
405 VLAN0405 active Fa1/0/5
406 VLAN0406 active Fa1/0/6
407 VLAN0407 active Fa1/0/7
408 VLAN0408 active Gi1/0/1
409 VLAN0409 active Fa1/0/8
410 VLAN0410 active Fa1/0/9
411 VLAN0411 active Fa1/0/11
412 VLAN0412 active Fa1/0/12, Fa1/0/13
413 VLAN0413 active
1002 fddi-default act/unsup
1003 token-ring-default act/unsup
1004 fddinet-default act/unsup
1005 trnet-default act/unsup

VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
1 enet 100001 1500 - - - - - 0 0
401 enet 100401 1500 - - - - - 0 0
402 enet 100402 1500 - - - - - 0 0
403 enet 100403 1500 - - - - - 0 0
404 enet 100404 1500 - - - - - 0 0
405 enet 100405 1500 - - - - - 0 0
406 enet 100406 1500 - - - - - 0 0
407 enet 100407 1500 - - - - - 0 0
408 enet 100408 1500 - - - - - 0 0
409 enet 100409 1500 - - - - - 0 0
410 enet 100410 1500 - - - - - 0 0
411 enet 100411 1500 - - - - - 0 0
412 enet 100412 1500 - - - - - 0 0
413 enet 100413 1500 - - - - - 0 0
1002 fddi 101002 1500 - - - - - 0 0
1003 tr 101003 1500 - - - - srb 0 0
1004 fdnet 101004 1500 - - - ieee - 0 0
1005 trnet 101005 1500 - - - ibm - 0 0

Remote SPAN VLANs
------------------------------------------------------------------------------


Primary Secondary Type Ports
------- --------- ----------------- ------------------------------------------

ADSLswitch#sh ip int bri
Interface IP-Address OK? Method Status Protocol
Vlan1 unassigned YES NVRAM up down
Vlan401 192.168.100.5 YES NVRAM up up
Vlan402 192.168.100.9 YES NVRAM up up
Vlan403 192.168.100.13 YES NVRAM up up
Vlan404 192.168.100.17 YES manual up up
Vlan405 192.168.100.21 YES NVRAM up down
Vlan406 192.168.100.25 YES NVRAM up up
Vlan407 192.168.100.29 YES NVRAM up up
Vlan408 192.168.100.33 YES NVRAM up down
Vlan409 192.168.100.37 YES NVRAM up down
Vlan410 192.168.100.41 YES NVRAM up up
Vlan411 192.168.100.45 YES NVRAM up up
Vlan412 172.16.16.94 YES NVRAM up down
FastEthernet1/0/1 unassigned YES unset up up
FastEthernet1/0/2 unassigned YES unset up up
FastEthernet1/0/3 unassigned YES unset up up
FastEthernet1/0/4 unassigned YES unset up up
FastEthernet1/0/5 unassigned YES unset down down
FastEthernet1/0/6 unassigned YES unset up up
FastEthernet1/0/7 unassigned YES unset up up
FastEthernet1/0/8 unassigned YES unset down down
FastEthernet1/0/9 unassigned YES unset up up
FastEthernet1/0/10 unassigned YES unset down down
FastEthernet1/0/11 unassigned YES unset up up
FastEthernet1/0/12 unassigned YES unset down down
FastEthernet1/0/13 unassigned YES unset down down
FastEthernet1/0/14 unassigned YES unset down down
FastEthernet1/0/15 unassigned YES unset down down
FastEthernet1/0/16 unassigned YES unset down down
FastEthernet1/0/17 unassigned YES unset down down
FastEthernet1/0/18 unassigned YES unset down down
FastEthernet1/0/19 unassigned YES unset down down
FastEthernet1/0/20 unassigned YES unset down down
FastEthernet1/0/21 unassigned YES unset down down
FastEthernet1/0/22 unassigned YES unset down down
FastEthernet1/0/23 unassigned YES unset down down
FastEthernet1/0/24 192.168.100.2 YES NVRAM up up
GigabitEthernet1/0/1 unassigned YES unset down down
GigabitEthernet1/0/2 unassigned YES unset down down
ADSLswitch#
fa1/0/3和1/0/4下联设备肯定有环路！
1、在cisco3750上新建vlan420，把fa1/0/3和1/0/4都加到420里，交换机上的3口亮绿灯，但4口却一直亮橘黄色灯
说明spanning-tree在工作，选择root端口，你可以只连一个接口，另一个接口shutdown，打断环路，应该下联设备应正常使用。
2、（2）问题没有解决，就换个方法试试，于是就新建了vlan 403和vlan 404，
inter vlan 403
ip add 192.168.100.13 255.255.255.252 连接此端口的DSLAM地址是192.168.100.14 255.255.255.252

inter vlan 404
ip add 192.168.100.17 255.255.255.252 连接此端口的DSLAM地址是192.168.100.18 255.255.255.252

int fa1/0/3
sw mode acc
sw acc vlan 403

int fa1/0/4
sw mode acc
sw acc vlan 404

问题出现了，每隔30秒左右不停地发一下信息：
1d02h: %CDP-4-NATIVE_VLAN_MISMATCH: Native VLAN mismatch discovered on FastEthernet1/0/4 (404), with ADSLswitch FastEthernet1/0/3 (403).
1d02h: %CDP-4-NATIVE_VLAN_MISMATCH: Native VLAN mismatch discovered on FastEthernet1/0/3 (403), with ADSLswitch FastEthernet1/0/4 (404).
说明：此时的业务并没有停下来，我想应该也是个广播吧，但这样总不是个事呀，于是用：
inter fa1/0/4
no sw acc vlan 404
说明下联是有环路的！！！建议你检查，最好端掉一根。
在你vlan 420里指定root根桥
spanning-tree vlan 420 priority 0
另一个端口应该可以断掉