Introduction

As a general rule you want the VLAN settings on connections between switches to match.

The first thing that usually needs to match is trunking: you want the switches trunked or in access mode on both sides. If trunked, the same protocol should be used. Some switches have a “general” or similar mode that detects which setup to use, but to be effective trunking mode needs to match.

If trunked, you generally would expect the allowed list (and native if declared) to match as well. If you have an allowed list on one side that is 2,3,4,5 and on the other side 3,4,5,6, then vlan’s 2 and 6 will not communicate across that trunk. You may or may not see errors, but more likely not.

If in access mode and you have something like VLAN 3 access on one side and VLAN 5 on the other side, then VLAN 3 will leak into 5 and vice versa — it will implicitly convert VLAN ID’s across the link because the link is in access mode and nothing is tagged. The same sort of thing can happen if the native VLAN is different on each end.

The above scenario, though not ideal, can sometimes be found in use, however. For example, if you need to translate VLAN ID’s and do not have a switch capable of it, the mis-matched access mode will work.

It is important to note that there is a lot more to making sure things are compatible; from spanning tree compatibility to VLAN definition protocols (e.g. cisco VTP). But as a starting point, trunks between switches that do not have a matching allowed (and native) list on each side at minimum deserve a careful look, which is the purpose of the VLAN mismatch report.