Solved: Best Practice commands on a trunk port

dtipps · ‎08-17-2017

Long story short: main network guy left immediately, didn't show me much, learning trial-by-fire.

Setting up some replacement switches. Connecting them via trunking. Was wondering if there were any "Best Practice" commands that I should have on a trunk port.

He had no spanning-tree bpduguard enable and ST guard root.

Doing some reading and maybe spanning-tree commands aren't good for trunk ports?

This might be as dumb a question as they come, but just in case it's answerable... what is a "Best Practice" command(s) for trunk ports?

All cisco switches.

Thanks! If this question is too opened (stupid), I'll just close it/let it die.

Reza Sharifi · ‎08-17-2017

Hi,

No, the question is not stupid. Its a good question.

For trunk ports connecting one switch to another, best practice is to identify the vlans you have and just add them to the trunk; For example:

Interface te1/1/1

description link-to switch-1 (or whatever description you want to add here)

switchport

switchport mode trunk

switchport trunk allowed vlan 2,3 5-10

The lase line say, you have vlan 2 and 3 and 5 through 10.

If you don't add the last command, all 4096 vlans will be on the trunk and that is not best practice.

HTH

View solution in original post

Reza Sharifi · ‎08-17-2017

Hi,

Are there any other commands that are helpful? Maybe something in place to shut the port down if there's a loop or help direct traffic better? (for a trunk port)

Spanning tree will prevent loop when there are multiple connections between the switches or multiple switches are daisy changed together. So, it all depends on your design. If you have for example an access switch connecting to one or 2 other switches in the core, the spanning tree will block one link while the other one is forwarding. That said, you do want to have a good spanning tree configuration among your switches so they can prevent loop.

right now, I just do "switchport mode trunk" (and now the vlan commands) nothing else

This is good enough. If you are connecting a tunk port or 2 to a server, you can add this command to the port "spanning-tree portfast trunk" This command is NOT recommended if you are connecting switches together.

(sometimes I have to use mode dynamic desirable, and I don't know why/what the difference is. Still looking into that)

There is no need to worry about this command unless you know exactly why you are doing it.

HTH

View solution in original post

Reza Sharifi · ‎08-17-2017

Hi,

No, the question is not stupid. Its a good question.

For trunk ports connecting one switch to another, best practice is to identify the vlans you have and just add them to the trunk; For example:

Interface te1/1/1

description link-to switch-1 (or whatever description you want to add here)

switchport

switchport mode trunk

switchport trunk allowed vlan 2,3 5-10

The lase line say, you have vlan 2 and 3 and 5 through 10.

If you don't add the last command, all 4096 vlans will be on the trunk and that is not best practice.

HTH

info@msj.vic.edu.au · ‎08-06-2018

Hi there
Great post one more question do we need to apply the allow command at both ends or just the edge switch?
Regards
Adam

dtipps · ‎08-17-2017

This is wonderful. Thank you.

I've been looking for months on how to choose which vlans are shared/shown in which location.

THANK YOU!

Are there any other commands that are helpful? Maybe something in place to shut the port down if there's a loop or help direct traffic better? (for a trunk port)

right now, I just do "switchport mode trunk" (and now the vlan commands) nothing else

(sometimes I have to use mode dynamic desirable, and I don't know why/what the difference is. Still looking into that)

Reza Sharifi · ‎08-17-2017

Hi,

Are there any other commands that are helpful? Maybe something in place to shut the port down if there's a loop or help direct traffic better? (for a trunk port)

Spanning tree will prevent loop when there are multiple connections between the switches or multiple switches are daisy changed together. So, it all depends on your design. If you have for example an access switch connecting to one or 2 other switches in the core, the spanning tree will block one link while the other one is forwarding. That said, you do want to have a good spanning tree configuration among your switches so they can prevent loop.

right now, I just do "switchport mode trunk" (and now the vlan commands) nothing else

This is good enough. If you are connecting a tunk port or 2 to a server, you can add this command to the port "spanning-tree portfast trunk" This command is NOT recommended if you are connecting switches together.

(sometimes I have to use mode dynamic desirable, and I don't know why/what the difference is. Still looking into that)

There is no need to worry about this command unless you know exactly why you are doing it.

HTH

dtipps · ‎08-17-2017

Absolutely fantastic. Thank you!

That's what I needed to know. You've been immensely helpful. Thank you.

Leo Laohoo · ‎08-17-2017

If you're going down the path of trunking, learn more about EtherChannel as well.

If the trunk ports are fibre optics, then think about enabling "udld port aggressive" (don't use this command if the trunk port is copper/radio link).

A lot of people love the command "no logging event link-status" and I tend to disagree because this will enable me to identify if there are link(s) that are unstable.

Another thing is to search for any error-disable auto-recovery commands and review them carefully. Things like auto-recovery of a port that has gone into error-disable due to UDLD is putting a gun to your head.

Reza Sharifi · ‎08-17-2017

Glad to help

Good Luck!