Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Can switch port be "access" and "trunk" at a time?

We have following config on one of corporate switch.
Is it Ok to configure access and trunk on same switch port?

Below is the config.

interface GigabitEthernet0/3
 switchport access vlan 166
 switchport trunk encapsulation dot1q
 switchport trunk allowed vlan 16,58,59,160-163,166,204
 switchport mode trunk
 speed 1000
 spanning-tree portfast
end

 

26 REPLIES
VIP Purple

The configured port is a

The configured port is a trunk. And it's a valid config. The command "switchport access vlan 166" doesn't mean that the port is trunk and access at the same time. Only when you switch from "mode trunk" to "mode access", the command will get active and the port will be in VLAN 166.


--
Don't stop after you've improved your network! Improve the world by lending money to the working poor: http://www.kiva.org/invitedby/karsteni

Hello Your current

Hello

 

Your current configuration could potentially cause a loop in the network - basically having a trunk  for all those vlans and with stp portfast enabled is not a very good idea?

 

Please don't forget to rate any posts that have been helpful. Thanks.

Trunks can be used for host

Trunks can be used for host connections too.

New Member

Trunks can be used for host

Trunks can be used for host connections too, but it isn't advisable to run the portfast command on a trunking port; specifically when that port trunks with another switch.  It skips the listening and learning stages of STP in order to get the port forwarding traffic more quickly but in doing so has the potential to create loops. 

New Member

HI Paul, Thanks for

HI Paul,

 

Thanks for information.

Is it advisable to remove below commands from configuration to resolve slowness issue?

no switchport access vlan 166
no spanning-tree portfast

Thanks

Ashok

VIP Purple

It's unlikely that these

It's unlikely that these commands have anything to do with a slow connection.


--
Don't stop after you've improved your network! Improve the world by lending money to the working poor: http://www.kiva.org/invitedby/karsteni
New Member

I agree remove the port fast

I agree remove the port fast

Cisco Employee

Hi,switchport can be either

Hi,

switchport can be either trunk or access port, as per you configuration you have both the command on the interface so dont get confused it is a trunk port if trunk command is there. 

And why you are seeing both commands because if you have configured a port as access port and then add trunk command or vice versa it will not remove the other command. you need to manually remove the command with no keyword.

 

Thanks & Regards

Sandeep

 

Silver

Hi, As the others mentioned

Hi,

 

As the others mentioned the port is working in trunk mode, the only thing is that as pointed out using port fast on a trunk link is not recommended since it can cause a loop condition.

 

Regards,

VIP Purple

For the danger of creating a

For the danger of creating a loop with that config:

The port will still go through the full spanning-tree listening and learning states. Although "spanning-tree portfast" is configured on the port, it's not active in trunk-mode. To have portfast active the command "spanning-tree portfast trunk" is needed.


--
Don't stop after you've improved your network! Improve the world by lending money to the working poor: http://www.kiva.org/invitedby/karsteni
New Member

Agreed, leaving 'spanning

Agreed, leaving 'spanning-tree portfast' is not creating a potential issue of creating a loop when the switchport is configured in trunking mode as the switch will not enable portfast on the switch until it is in non-trunking mode.  Example:

%Portfast has been configured on GigabitEthernet2/0/1 but will only
have effect when the interface is in a non-trunking mode.

Cisco Employee

Hi Abasapure,What are you

Hi Abasapure,

What are you trying to achieve configuring the access port and trunk on the same port? Any specific reason you are thinking of.

Secondly:

The port is trunk , as you see the "switchport mode" command. All the commands related to trunk will be taken into consideration, but also the default configuration of a trunk port :  802.1q protocol, native vlan 1 and vlans allowed on this trunk 1,16,58,59,160-163,166,204. The access vlan will be used only in case of switching from trunk to access.

So you can delete the " switchport access vlan 166" from this interface. 

Also you might be aware that cisco recommends not to use Portfast on the trunk interfaces.There are other few STP features which are designed to be used on trunk ports.

 

HTH

regards

Inayath

 

 

New Member

Hello Inayath,Thanks for

Hello Inayath,

Thanks for detailed information.

 Above cnofiguration was pre-configured and it is production. While troubleshooting for slowness issue I obsereved that server is connected to this switch port and we saw above config on the port.

Thanks

Ashok

Hall of Fame Super Silver

Ashok Almost certainly the

Ashok

 

Almost certainly the configuration of the interface with both access port characteristics and trunk characteristics is not causing the slowness issue. While you might want to remove the extra commands as a matter of good management (simplified config is almost always better) they are not impacting performance of the interface. And while have both access port and trunk port config on the interface may be somewhat confusing for humans reading the config there is not an impact of the switch of having these.

 

HTH

 

Rick

New Member

Hi Richard,

Hi Richard,

What need to be configured on a switch  to connect a Server to it?

Which one is better to configure in switch port? Access or Trunk?

Kindly advise?

If that configured as Access port will it cause flapping?

Thanks

"What need to be configured

"What need to be configured on a switch  to connect a Server to it?"

It depends on the server.

Some servers running VMware ESX-i may need to be Trunk ports as they host multiple virtual machines so the network cards are capable of tagging frames. Stand alone servers running a single operating system can be access ports in whichever Vlan their IP address is part of.

"Which one is better to configure in switch port? Access or Trunk?"

Its not a case of which one is better, its dependent on the requirements. An Access Port is a single vlan, designed for end hosts like servers, PC's, printers etc. A Trunk Port is designed to pass traffic for multiple vlans, usually a connection between Layer 2 switches.

"If that configured as Access port will it cause flapping? 

Not sure what you mean by this, the original post was about having a port configured as a Trunk  and an Access Port. If your question is related to this then no, it will not cause flapping. The port has been statically configured as a Trunk so that is what it will be, the Access commands are redundant. 

New Member

Hi Thank you.

Hi Thank you.

               You made me clear on Access or Trunk ,depends requirement.

Clarify me the below also,

Switches only send/Receive BPDU as I knew it before.

So a server connected to a switch port ,will that port receive BPDU from server?

switch port           connected to              receive BPDU

Access                 Server                         Yes/No

Trunk                     Server                         Yes/No

or it's depends on any protocols ?

Thankyou

No, a server will not send a

No, a server will not send a BPDU.

BPDU's are only sent by devices which are STP capable, which servers are not.

I would recommend having a read of the Cisco Press CCNA R&S book, its very detailed and will clear up and confusion you have. 

VIP Purple

> No, a server will not send

> No, a server will not send a BPDU.

This assumption is not always valid. A VM-host could run a virtual switch that speaks Spanning-Tree. Perhaps not that common, but possible.


--
Don't stop after you've improved your network! Improve the world by lending money to the working poor: http://www.kiva.org/invitedby/karsteni

Fair point, I guess my reply

Fair point, I guess my reply was based on the fact that by default a server would not send a BPDU.

The poster was asking about the difference between an Access and a Trunk port so I didn't want to confuse him/her by going into detail about a configuration which is not very common. 

New Member

Hi vasanth77, 

Hi vasanth77

An access port receives untagged traffic and assigns a specific vlan to ALL traffic flowing over that port.  Access ports are best when attaching a host directly to a switch.  They are nice because not all hosts have the ability to do 802.1q vlan tagging, and it saves configuring vlan tagging on every host.

Trunking ports receive vlan tagged traffic (with one exception) and allows for forwarding of traffic from multiple vlans.  Vlan tagging must be done at the host however.  

The exception is the switchport trunk native vlan xxxx where "xxxx" is the vlan number.  The switchport trunk native command allows for untagged traffic to be assigned a vlan tag as if it were connected to an access port.  By default, the native vlan is vlan 1.

I would use access ports unless you need to forward traffic from multiple vlans over a single port. ESXi uplinks are a good example of a scenario where trunking will likely need to be configured.  When interconnecting multiple switches or connecting a router to the switch, you'll probably also want to configure trunking.

Hope this helps!

please copy paste heresh

please copy paste here

sh interface GigabitEthernet0/3  switc

sh run all | b interface GigabitEthernet0/3

New Member

Hello ttemirgaliyev,Below are

Hello ttemirgaliyev,

Below are the details.

sw27#sh int gi0/3 switc
Name: Gi0/3
Switchport: Enabled
Administrative Mode: trunk
Operational Mode: trunk
Administrative Trunking Encapsulation: dot1q
Operational Trunking Encapsulation: dot1q
Negotiation of Trunking: On
Access Mode VLAN: 166
Trunking Native Mode VLAN: 1 (default)
Administrative Native VLAN tagging: enabled
Voice VLAN: none
Administrative private-vlan host-association: none
Administrative private-vlan mapping: none
Administrative private-vlan trunk native VLAN: none
Administrative private-vlan trunk Native VLAN tagging: enabled
Administrative private-vlan trunk encapsulation: dot1q
Administrative private-vlan trunk normal VLANs: none
Administrative private-vlan trunk associations: none
Administrative private-vlan trunk mappings: none
Operational private-vlan: none
Trunking VLANs Enabled: 16,58,59,160-163,166,204
Pruning VLANs Enabled: 2-1001
Capture Mode Disabled
Capture VLANs Allowed: ALL

Protected: false
Unknown unicast blocked: disabled
Unknown multicast blocked: disabled
Appliance trust: none
sw27#


sw27#sh run | begin interface GigabitEthernet0/3
interface GigabitEthernet0/3
 switchport access vlan 166
 switchport trunk encapsulation dot1q
 switchport trunk allowed vlan 16,58,59,160-163,166,204
 switchport mode trunk
 speed 1000
 spanning-tree portfast
!

sw27#

Cisco Employee

okay to summarize you are

okay to summarize you are seeing slowness issue accesing the server connected to this port on this switch.

 

Few things to check:

1- how many servers are connected to this device?.

2- Are all servers having this issue or only 1 server?

3- What do you mean by slow access to the server( I mean application issue or Server pinging to any other network)?

4- Can you check if the interface status:

show int g0/3

show int g0/3 counters errors /details

show queuing interface G0/3

show counter int g0/3

show proc cpu sorted | ex 0.00

 

Regards

Inayath

Hall of Fame Super Silver

I notice in the configuration

I notice in the configuration that you are setting the speed of the port but not the duplex. That sometimes results in the interface operating in half duplex mode, which can certainly cause performance problems. What does the output of show interface say about duplex? I would suggest that if you are going to hard code speed that you also hard code the duplex.

 

HTH

 

Rick

Cisco Employee

It's ok to configure the port

It's ok to configure the port in trunk and access but that doesn't mean the port will be working as a trunk and access at the same time. since  "switchport mode trunk" cmd is issued then the switchport will be negotiated as a trunk and the cmd  switchport access vlan 166 will have no effect.

Also it's not recommended to configure port fast feature for a trunk as it may cause loops when used on trunks between switches.

If this trunk is going to a pc or end user then the command that willwork with the trunk is the 'spanning-tree portfast trunk'

17879
Views
41
Helpful
26
Replies