Ive been looking at the config on a cisco 4506 (not one that ive setup). And i noticed that several of the interfaces have both "switchport access vlan 10" and "switchport mode trunk" configured. I thought that this wasnt possible. I thought the switchport could only be "access" or "trunk". e.g.
switchport access vlan 10
switchport trunk encapsulation dot1q
switchport trunk native vlan 10
switchport mode trunk
This shows as a trunk link in "sh int status" so im guessing the "trunk" overrides "access"?
Can anyone help explain why the ports might have been configured like this?
Appreciate any help
Let's say someone decided to unplug the cable and plug their laptop into the port. The port would come up as an access port and be in VLAN 10, which should have no access (since VLAN 10 is also the native VLAN I am assuming there is no L3 gateway for vlan 10). Some see this as a security enhancement, locking the port in a secure vlan.
Hope that helps.