cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3125
Views
10
Helpful
28
Replies

VLANs, Native vs. Access

maldavis3697
Level 1
Level 1

I am trying to replace an older switch with a new switch but whoever configured the old switch configured the interfaces with this:

interface FastEthernet0/12

description Center Lab

switchport access vlan 214

switchport trunk encapsulation dot1q

switchport trunk native vlan 112

switchport trunk allowed vlan 1,112,1002-1005

spanning-tree portfast

There are about 12 ports set up this way for a computer lab. This really confuses me and I'm trying to figure out what they were trying to accomplish with this. If I'm remembering correctly both the native vlan command and the access vlan command put untagged traffic on the vlan it's configured with...so if both commands are on the same interface then which takes precedence? If I'm remembering wrong please tell me. Either way I need help figuring this out. Please help. :)

Thanks in advance.

1 Accepted Solution

Accepted Solutions

"So you think that the interface is using the VLAN set up in the access command (VLAN 214) to transmit the data?"

Yes i think it does but more importantly if you are sure they are meant to be access ports then don't worry about current config, just configure as access ports ie.

switchport mode access

switchport access vlan

Jon

View solution in original post

28 Replies 28

Jon Marshall
Hall of Fame
Hall of Fame

Malinda

Yes it's confusing. There is no "switchport mode " configuration line so i assume it will default to an access port in one vlan only.

You need to decide whether these ports need to be trunks or not. If they need to be trunks then you can set the native vlan with the "switchport trunk native vlan " commmand. If they are not meant to be trunks then don't include any "switchport trunk ..." commands.

Jon

They are for the computer lab so they will have PCs connected to them. They shouldn't need to be trunking...I'm not sure why they did that in the first place. The only port that connects to another switch is one of the fiber interfaces which isn't configured like this and I don't have a problem with it.

So you think that the interface is using the VLAN set up in the access command (VLAN 214) to transmit the data?

"So you think that the interface is using the VLAN set up in the access command (VLAN 214) to transmit the data?"

Yes i think it does but more importantly if you are sure they are meant to be access ports then don't worry about current config, just configure as access ports ie.

switchport mode access

switchport access vlan

Jon

I appreciate the help. I know they are supposed to be access ports...I was just trying to figure out exactly which VLAN was primary and being used for the data transmission currently so that when I configured the new switch interfaces I would have the correct VLAN configured. I'd hate to have configured the wrong one and then have the PCs connect into a part of the network they aren't supposed to be able to go to. :)

Thanks much!

Jon:

Whats up, buddy....

Are you sure that the PC is supposed to be in vlan 214? I mean, I see why you would think that (namely, because that is the fallback vlan the administrator configured in the event that the port stops trunking), but Im curious that vlan 214 is not allowed on the trunk.

Im also wondering why he made the native vlan 112...?

Hi Victor

To be honest without testing on a switch i'm not 100% sure what it will do. The "switchport mode .." command is what determines what it is but that isn't used.

As you allude to it's not a very clear config and so i was more concerned with establishing what exactly what was needed.

On a side note should get my new laptop this week so dynamips/CCIE R&S here i come !!

Jon

Yo yo yoooo!!!!! R&S CCIE -- its about time, man.

BTW, are you working again? lol

No not working yet but still through choice rather than due to economic situation :-)

"its about time, man." - well we'll see how it goes. Maybe when i start serious study i'll realise how much rubbish i have been talking so far :-)

Jon

You are right...the config isn't very clear and the person that configured it hasn't been working here for quite a while so no telling what he intended with that config.

I guess the main thing I was trying to figure out whas which command took precedence...

If I'm understanding the commands right they both take untagged traffic coming to the interface and put it on the vlan specified by the command. Since both commands can't be functioning at the same time it seems like one would have to take precedence over the other and that would be the vlan being used by the traffic... Or am I misremembering what these commands do?

BTW...good luck on the CCIE! :)

Malinda

"I guess the main thing I was trying to figure out whas which command took precedence... "

To be honest without the "switchport mode .. " command i don't really know. You are right in that the native vlan is to do with untagged traffic on a trunk link but the bit i am unsure of is whether the port will try to become a trunk or not.

"BTW...good luck on the CCIE! :)"

Thank you. From what i have heard i'm going to need it :-).

Jon

Ms. M:

Check it out....

Usually, an interface is configured to do trunking or it's an access interface, right?

This guy configured it as a trunk AND an access port, but left out both "mode" commands.

"switchport mode access/trunk"

You can do a "sh int trunk" on this switch to see if it is trunking.

Maybe he didnt finish configuring it.

Maybe he was on crack when he did it. :-)

Who cares, really..., right?

Just find out what the requirements are and configure it the way you KNOW it should be.

HTH

Victor

LOL, either could be true.

Actually I tried the "show int trunk" command and it didn't work..maybe the code it too old (it's a 3500 switch running 12.0 code). :P

But when that didn't work I did a "show vlan" and realized I was being a dummy not to do that in the first place because that clearly showed that those 12 ports are using the 214 and aren't on 112.

Sorry to put you both through that when I should have done more viewing of show commands instead! :)

Its OK, Madame M...but please give me 5 points for my post. Its been a slow day and Im feeling sorry for myself..:-)

Thanks

Oh for crying out loud - this is pitiful. Here have the 5 points :-)

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco