trunk and access simultaneously

Jamesch85 · ‎07-24-2008

Hello

I'm a little new to this whole switching and I want to learn, but I'm getting opposing opinions and examples.

So I'm working for a company where we have a distribution switch, in the config of which I have found this:

interface Port-channel14

description -> UBR001 7609 (core router)

no ip address

mls qos trust dscp

switchport

switchport access vlan 509

switchport trunk encapsulation dot1q

switchport mode access

So how come it is defined as access mode port, but dot1q trunk encapsulation is also defined?

(My colleagues who are present also don't understand this)

My other problem:

On an access switch we have this config:

interface FastEthernet1/10

switchport access vlan 99

switchport trunk native vlan 99

switchport mode trunk

switchport voice vlan 98

mls qos trust dscp

spanning-tree portfast

On this port we have a IP-phone with a possibly connected PC.

First of all http://www.cisco.com/en/US/docs/switches/lan/catalyst3750/software/release/12.2_25_sea/configuration/guide/swvoip.html#wp1030825 says that voice vlan can only be configured on access ports and this is a trunk port, isn't it? And what does "access vlan 99" command do here?

Thanks in advance

srue · ‎07-24-2008

you can define trunk encapsulation without making it a trunk port - likewise, you can define an access vlan even if its in trunk mode.

this port is definitely in trunk mode. i've never tried to attach a phone/pc to port that's been trunked like this, but here's what the config should look like:

switchport access vlan 99

switchport voice vlan 98

mls qos trust dscp

spanning-tree portfast

ie, you don't really need the trunk encapsulation set (though its not hurting) and you definitely don't need trunk mode on (at least with cisco ip phones).

Jamesch85 · ‎07-24-2008

Why is it any good to define access on a trunking port? Doesn't that limit the traffic to that one and only access vlan?

lee.reade · ‎07-24-2008

Hi,

As mentioned by the previous poster, you can config the encapsulation on both trunk and access ports, if had not configured the port as a static access port, via switchport mode access, then the switch would negotiate the port type with other side, and if agreed to trunk then your side would only trunk if 802.1q.

The other question, basically the port is a trunk port as it has to carry two vlans, the data vlan and the voice vlan, switchport access vlan 99 basically defines the data access vlan for non voip traffic.

HTH

LR

Jamesch85 · ‎07-24-2008

There is a bit of confusion here: "switchport mode access" is actually configured, so there can't be as you say negotiation. But if you configure neither access nor trunk, then what will it be?

lee.reade · ‎07-24-2008

Hi,

I mentioned "if you had not" with regard to switchport mode access, then the port would negotiate with its peer.

But in this case, the switchport mode access command does not have an effect on the phone, aslong as it is a cisco phone, as it will use cdp to discover the voice vlan and tag the packets accordingly.

If you had 3rd party phones then I suspect they would not work with switchport mode access, and they need to negotiate a 802.1q in order to determine voip vlan parameters.

ps. this subject is not a well documented one.

LR

andrew.butterworth · ‎07-24-2008

No vendors IP Phones 'negotiate' 802.1q. Cisco (& Mitel) use CDP to discover the 802.1q tag to use as the Voice VLAN. Negotiation of a trunk is a Cisco proprietary thing and uses the DTP protocol between switches that support it. No IP Phones support DTP.....

Other vendors IP Phones can use DHCP Vendor options to discover the Voice VLAN (options in the access VLAN DHCP Scope) or more recently LLDP. LLDP is a standardised CDP-like protocol so has inter-vendor operability.

YOU DO NOT NEED TO HARD-CODE A CISCO SWITCHPORT AS A TRUNK TO CONNECT AN IP PHONE.

This is a common misconception and unfortunatley was true with the older Catalyst 2900XL/3500XL series switches, however anything newer and it isn't required (or recommended). I have seen other IP Phone vendors documentation still state trunks MUST be configured (Avaya & Nortel) to deploy Voice VLANs. This is incorrect and these Vendors should update their documentation.

Andy

andrew.butterworth · ‎07-24-2008

As the other posters have said the line 'switchport trunk encapsulation dot1q' is redundant since the port is configured as an access port. This command would only take effect if the port was to become a trunk (either by hard-coding it or configuring it as dynamic and it negotiating a trunk with it's neighbor).

With regards to the 2nd question this will work for connecting an IP Phone (whatever manufactuer...). However it is not best practise and without the additional commands to restrict what VLANs are allowed on the trunk you could potentially have issues here. Type the command 'show interface fastethernet1/10 trunk' and see how many VLANs are allowed on that interface....

What you should have really is this:

interface FastEthernet1/10

switchport access vlan 99

switchport voice vlan 98

switchport mode access

mls qos trust dscp

spanning-tree portfast

The equivalent of this if hard-coded as a trunk would be:

interface FastEthernet1/10

switchport trunk native vlan 99

switchport voice vlan 98

switchport trunk encapsulation dot1q

switchport mode trunk

switchport trunk allowed vlan 98,98

mls qos trust dscp

spanning-tree portfast trunk

You see an access port with a voice VLAN is a psuedo trunk - it has an access VLAN (Native) and a single 802.1q Tagged VLAN (Voice VLAN). Adding the 'switchport voice vlan xx' command additionally makes the switchport advertise the Voice/Auxilliary VLAN via CDP to the attached device.

The answer to your question 'what does the "access vlan 99" do here?' is it does nothing since the port is hard-coded as a trunk. It would take effect if the port was to become an access port.

HTH

Andy