Another Question regarding Switchport trunk, mode, and Trunk.

Answered Question
May 9th, 2007
User Badges:

All, here is a config I inherited. It is an end user port: Because its an end user port, isnt the commands switchport trunk, bad for the config? See below for the config:


interface FastEthernet1/0/7

switchport access vlan 202

switchport trunk encapsulation dot1q

switchport trunk native vlan 205

switchport mode dynamic desirable

switchport voice vlan 246

srr-queue bandwidth share 10 10 60 20

srr-queue bandwidth shape 10 0 0 0

mls qos trust device cisco-phone

mls qos trust cos

auto qos voip cisco-phone

spanning-tree portfast

Correct Answer by jahilnt10 about 10 years 1 month ago

hmmm very bad. You don't need spanning-tree portfast on the port the one you are using as trunk port.

As you said that this port is connected to user device not trunked switch. You can remove all of this....


no switchport trunk encapsulation dot1q

no switchport trunk native vlan 205

no switchport mode dynamic desirable


you may add:

switchport mode access


Cheers,

Masood Ahmad Shah

BLOG: http://www.weblogs.com.pk/jahil/




  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
Correct Answer
jahilnt10 Wed, 05/09/2007 - 12:22
User Badges:

hmmm very bad. You don't need spanning-tree portfast on the port the one you are using as trunk port.

As you said that this port is connected to user device not trunked switch. You can remove all of this....


no switchport trunk encapsulation dot1q

no switchport trunk native vlan 205

no switchport mode dynamic desirable


you may add:

switchport mode access


Cheers,

Masood Ahmad Shah

BLOG: http://www.weblogs.com.pk/jahil/




mohammedmahmoud Wed, 05/09/2007 - 12:35
User Badges:
  • Green, 3000 points or more

Hi,


If it is an end user port, you don't need any trunk configuration, and by the way the command "switchport mode dynamic desirable" explains why the interface accepted the trunk configuration, this command means "desirable" that the interface will try to be trunk, and if it fails to be a trunk it will act as an access switchport.


HTH, please do rate if it does helps,

Mohammed Mahmoud.

chris.lepa Wed, 05/09/2007 - 14:39
User Badges:

I agree, you should take any trunking commands off of the access port. It is a pretty big security hole too. A user with malicious intent could set up a trunking session with the port and view traffic on all VLANs if they pleased.


-Chris

Actions

This Discussion