also the command, "switchport mode trunk | access" decided which mode the port is operating as.

Hope that helps

Edison, thank you very much.

Ill tell you what this switchport is being used for.

It supports a connection to a MAN circuit -- a TLS circuit -- to a hub site. In other words, there are 2 "spokes," each with their dedicated connections into the TLS multipoint-to-multipoint cloud. Coming out of the cloud and into the "hub" is one leg with aggregate traffic from both remote spokes.

furthermore, the "hub" is a 6509 switch port that is configured as a trunk and is taking the traffic and trunking it once again to another switch (6513), which is the true destination of the traffic. In other words, instead of just connecting the TLS circuit directly into the 6513 (the true destination), they didnt want to 'waste' a dedicated fiber going up a riser, so they trunked up the traffic with other vlans on an already-existing fiber riser between the 6509 and the 6513.

The only problem is that the traffic coming from one of the sites is VoIP traffic and its getting killed on that shared riser. Now they want to go nuts and implement QoS over the fiber riser/trunk.

Am I making sense?

Check out the 2 attachments.

Now, given what I just told you, why the hell is that port at the DR site (3560) configured the way it is??? LOL

Vlan 21 represents your Metro-Vlan given by the provider.

Your edge switches are connected to the provider's switches which are configured for dot1q-tunneling and they only accept packets from you if they are tagged with Vlan 21 (that's the metro-tag). This same switch is servicing other customers and each customer is assigned a different metro-tag. Yours happen to be 21.

HTH,

In your first post, "switchport access vlan 21" command is ignored, since trunk is established.

When trunk is established, all packets are being tagged with 802.1Q.

If for some reason you don't want packets from a certain VLAN to be tagged with 802.1Q, you would use "switchport trunk native vlan". In your case Command "switchport trunk native vlan 21" sends all the packets from VLAN 21 as-is.

Trunks are made to differentiate traffic in different VLANs, so only one VLAN can be untagged at the time.

In your particular case 3560 will be able to communicate with WAN router, but not with 6509 or 6513.

To make it work, you would have to configure subinterface with encapsulation dot1Q on your wan router, and remove native VLAN configuration on your 3560.

Or you would have to type "switchport trunk native vlan 21" on your 6509 port.

But because it's CATOS the command will look different.

Pavlo,

The 3560 is connected to a service provider's switch. He mentioned his connection is via TLS (Transparent LAN Services) which is also known as metro-ethernet.

The native Vlan (on this case 21) was assigned by the provider. I'm sure he has this Vlan 21 as native in other spoke and at the hub.

This 3560 should be able to communicate to the 6509 via Layer2 and to the 6513 via Layer3.

There isn't any WAN router on this config. It's strictly a switched MAN.