Switch Configuration

michaelzhq · ‎03-31-2009

Hi Gurus,

I have a question about switch configuration for IP Phone.

I usually configure the switch port as followings:

interface FastEthernet1/0/1

switchport access vlan 12

switchport mode access

switchport voice vlan 100

spanning-tree portfast

But I saw the following configuration in two Cisco Tech notes today.

interface FastEthernet0/3/0

switchport trunk native vlan 100

switchport mode trunk

switchport voice vlan 192

spanning-tree portfast

The major difference is the port mode -- access or trunk. I believe both should work, but what are the pros/cons with different configuration or they are actually same? thanks.

david-lima · ‎03-31-2009

Hi, I always use the first configuration mode. I think with the first one you are only able to handle 2 vlans (voice and data) and it can be configured as a secure port.

The second one (as a trunk) allows you to handle multiple vlans and the port cannot be configured as a secure port, also if the vlan access are no limited, the PC could have access to all vlans on the switch.

Hope this help

David

allan.thomas · ‎04-01-2009

The primary concern with any trunk interface is broadcast supression. For example, VLANs enable you to segment you network, however if you don't prune or clear vlans of trunk ports, then those ports will listen to broadcasts.

Switchports configured as trunks ports for IP PHones are no exception, therefore it is best practice to configure these ports as per the first example.

Regards

Allan.

sipr_ttgp · ‎04-01-2009

I use your configuration as well and I implement port security:

switchport portsecurity

switchport portsecurity max 2

Using the second config will make you vulnerable to vlan hoping since you are sending the native/untag vlan.