VLANs, Native vs. Access

Answered Question
Apr 1st, 2009
User Badges:

I am trying to replace an older switch with a new switch but whoever configured the old switch configured the interfaces with this:


interface FastEthernet0/12

description Center Lab

switchport access vlan 214

switchport trunk encapsulation dot1q

switchport trunk native vlan 112

switchport trunk allowed vlan 1,112,1002-1005

spanning-tree portfast


There are about 12 ports set up this way for a computer lab. This really confuses me and I'm trying to figure out what they were trying to accomplish with this. If I'm remembering correctly both the native vlan command and the access vlan command put untagged traffic on the vlan it's configured with...so if both commands are on the same interface then which takes precedence? If I'm remembering wrong please tell me. Either way I need help figuring this out. Please help. :)


Thanks in advance.

Correct Answer by Jon Marshall about 7 years 12 months ago

"So you think that the interface is using the VLAN set up in the access command (VLAN 214) to transmit the data?"


Yes i think it does but more importantly if you are sure they are meant to be access ports then don't worry about current config, just configure as access ports ie.


switchport mode access

switchport access vlan


Jon

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (3 ratings)
Loading.
Jon Marshall Wed, 04/01/2009 - 12:23
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Malinda


Yes it's confusing. There is no "switchport mode " configuration line so i assume it will default to an access port in one vlan only.


You need to decide whether these ports need to be trunks or not. If they need to be trunks then you can set the native vlan with the "switchport trunk native vlan " commmand. If they are not meant to be trunks then don't include any "switchport trunk ..." commands.


Jon

maldavis3697 Wed, 04/01/2009 - 12:28
User Badges:

They are for the computer lab so they will have PCs connected to them. They shouldn't need to be trunking...I'm not sure why they did that in the first place. The only port that connects to another switch is one of the fiber interfaces which isn't configured like this and I don't have a problem with it.


So you think that the interface is using the VLAN set up in the access command (VLAN 214) to transmit the data?

Correct Answer
Jon Marshall Wed, 04/01/2009 - 12:33
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

"So you think that the interface is using the VLAN set up in the access command (VLAN 214) to transmit the data?"


Yes i think it does but more importantly if you are sure they are meant to be access ports then don't worry about current config, just configure as access ports ie.


switchport mode access

switchport access vlan


Jon

maldavis3697 Wed, 04/01/2009 - 12:41
User Badges:

I appreciate the help. I know they are supposed to be access ports...I was just trying to figure out exactly which VLAN was primary and being used for the data transmission currently so that when I configured the new switch interfaces I would have the correct VLAN configured. I'd hate to have configured the wrong one and then have the PCs connect into a part of the network they aren't supposed to be able to go to. :)


Thanks much!

lamav Wed, 04/01/2009 - 13:53
User Badges:
  • Blue, 1500 points or more

Jon:


Whats up, buddy....


Are you sure that the PC is supposed to be in vlan 214? I mean, I see why you would think that (namely, because that is the fallback vlan the administrator configured in the event that the port stops trunking), but Im curious that vlan 214 is not allowed on the trunk.


Im also wondering why he made the native vlan 112...?

Jon Marshall Wed, 04/01/2009 - 13:58
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Hi Victor


To be honest without testing on a switch i'm not 100% sure what it will do. The "switchport mode .." command is what determines what it is but that isn't used.


As you allude to it's not a very clear config and so i was more concerned with establishing what exactly what was needed.


On a side note should get my new laptop this week so dynamips/CCIE R&S here i come !!


Jon

lamav Wed, 04/01/2009 - 14:35
User Badges:
  • Blue, 1500 points or more

Yo yo yoooo!!!!! R&S CCIE -- its about time, man.


BTW, are you working again? lol

Jon Marshall Wed, 04/01/2009 - 14:42
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

No not working yet but still through choice rather than due to economic situation :-)


"its about time, man." - well we'll see how it goes. Maybe when i start serious study i'll realise how much rubbish i have been talking so far :-)


Jon

maldavis3697 Wed, 04/01/2009 - 14:38
User Badges:

You are right...the config isn't very clear and the person that configured it hasn't been working here for quite a while so no telling what he intended with that config.


I guess the main thing I was trying to figure out whas which command took precedence...


If I'm understanding the commands right they both take untagged traffic coming to the interface and put it on the vlan specified by the command. Since both commands can't be functioning at the same time it seems like one would have to take precedence over the other and that would be the vlan being used by the traffic... Or am I misremembering what these commands do?


BTW...good luck on the CCIE! :)

Jon Marshall Wed, 04/01/2009 - 14:46
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Malinda


"I guess the main thing I was trying to figure out whas which command took precedence... "


To be honest without the "switchport mode .. " command i don't really know. You are right in that the native vlan is to do with untagged traffic on a trunk link but the bit i am unsure of is whether the port will try to become a trunk or not.


"BTW...good luck on the CCIE! :)"


Thank you. From what i have heard i'm going to need it :-).


Jon

lamav Wed, 04/01/2009 - 14:47
User Badges:
  • Blue, 1500 points or more

Ms. M:


Check it out....


Usually, an interface is configured to do trunking or it's an access interface, right?


This guy configured it as a trunk AND an access port, but left out both "mode" commands.


"switchport mode access/trunk"


You can do a "sh int trunk" on this switch to see if it is trunking.


Maybe he didnt finish configuring it.


Maybe he was on crack when he did it. :-)


Who cares, really..., right?


Just find out what the requirements are and configure it the way you KNOW it should be.


HTH


Victor

maldavis3697 Wed, 04/01/2009 - 14:55
User Badges:

LOL, either could be true.


Actually I tried the "show int trunk" command and it didn't work..maybe the code it too old (it's a 3500 switch running 12.0 code). :P


But when that didn't work I did a "show vlan" and realized I was being a dummy not to do that in the first place because that clearly showed that those 12 ports are using the 214 and aren't on 112.


Sorry to put you both through that when I should have done more viewing of show commands instead! :)

lamav Wed, 04/01/2009 - 15:02
User Badges:
  • Blue, 1500 points or more

Its OK, Madame M...but please give me 5 points for my post. Its been a slow day and Im feeling sorry for myself..:-)


Thanks

Jon Marshall Wed, 04/01/2009 - 15:04
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Oh for crying out loud - this is pitiful. Here have the 5 points :-)



lamav Wed, 04/01/2009 - 15:06
User Badges:
  • Blue, 1500 points or more

Shucks....Im touched...thanks, folks (tears in my eyes)...

maldavis3697 Wed, 04/01/2009 - 15:06
User Badges:

LOL! Well I'll give you 5 too since you led me to putting in the command I should have in the first place. :) Now you have 10 points..hope your day is looking up! :D

Jon Marshall Wed, 04/01/2009 - 15:10
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Malinda


Can't believe you succumbed to Victors pleading - he's always dong this, that's how he got his gold star :-)



lamav Wed, 04/01/2009 - 15:17
User Badges:
  • Blue, 1500 points or more

LOLOLOL...You REALLY made me laugh that time! LOLOL

maldavis3697 Wed, 04/01/2009 - 15:22
User Badges:

Sorry Jon...I just couldn't resist. I know I'm too softhearted but what r u gunna do? It's just the way I am. :P


Besides I don't know Victor like you do. I'll try to resist better next time. ;)

Jon Marshall Wed, 04/01/2009 - 15:27
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

No problem Malinda, that's how Victor gets to people with his pleading. Not your fault but hopefully next time you'll think twice before rating him :-)

lamav Wed, 04/01/2009 - 15:30
User Badges:
  • Blue, 1500 points or more

OK, now you're hurting my feelings -- and you KNOW how sensitive us New Yorkers can be! >:-(


I did genuinely try to help her. Were it not for the comments I made after she was about to take your skewed advice, she would have never run the "sh vlan" command!


LOL

Jon Marshall Wed, 04/01/2009 - 15:33
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

"Were it not for the comments I made after she was about to take your skewed advice"


So true, that's why i've decided to study for R&S so i can actually give decent advice in the future ....


"and you KNOW how sensitive us New Yorkers can be! >:-("


Yeah heard rumours about this. Us brits have the famous stiff upper lip so no problem for me :-)



maldavis3697 Wed, 04/01/2009 - 15:54
User Badges:

ROTHLMAO! You both are hilareous and have given me quite a laugh (in addition to helping me with my question). So a big thanks to you both!


In all fairness to you Jon, you did say that you thought the interfaces would be using VLAN 214 and not 112 so your advice wasn't really skewed. :)

I think anyone would have trouble figuring this out with the convoluted config that the interfaces had on them!



Jon Marshall Wed, 04/01/2009 - 15:59
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Malinda


No problem, glad to have helped and i've enjoyed this thread.


As a final point, notice how dignified us Brits are ie. no pleading/begging for points :-).


Jon

lamav Wed, 04/01/2009 - 16:10
User Badges:
  • Blue, 1500 points or more

"notice how dignified us Brits are ie. no pleading/begging for points :-)"


OK...now ya went did it! Dems' fightin' words, ya varment!


Did I spell that right? I hate when I have to jump out of my "tough American" bag! :-(

Jon Marshall Wed, 04/01/2009 - 16:13
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

"Did I spell that right?"]


Who the hell knows ?


Been a pleasure as always Victor :-)



maldavis3697 Wed, 04/01/2009 - 16:31
User Badges:

Point noted and laughed over! :D


I, on the other hand, am nothing near dignified. I'm laughing at these messages like someone slipped me some laughing gas and my co-workers are wondering what I'm up to over here. I'm from Seattle and we're just laid back and enjoy life!


Thanks Jon and Victor for the laughs and advise!

lamav Wed, 04/01/2009 - 18:36
User Badges:
  • Blue, 1500 points or more

You're welcome, Malinda. You're a good sport. It was my pleasure. Jon is a cool guy and talking to him is always fun and very interesting.


Actions

This Discussion