Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Community Member

using trunk mode on port to isolate traffic

Hey guys,

need a little assistance here, not sure if i am totally off base here, and if this is normal to do something like this:

cisco catalyst 2960, cisco asa, 2 DSL modems from different providers:

DSL modem #1: plugged into catalyst on port 1

DSL modem #2: plugged into catalyst on port 2

ASA uplink for modem #1: plugged into catalyst on port 5

ASA uplink for modem #2: plugged into catalyst on port 6

the  rest of the port on the switch using vlans like, 1/10/400

for different reasons i have no control over dsl modems, and all i get is a public ip from them. naturally, since it's only one switch i have, i have to separate networks, here is my approach (based on my understanding, TRUNK can carry only tagged traffic, with exception of native vlan, which can be untagged):

ports on catalyst: 1,2,5,6 are configured:

Interface FastEthernet 0/1, 0/5

switchport mode trunk

switchport native vlan 120

swithport trunk allowed vlan 120

Interface FastEthernet 0/2, 0/6

switchport mode trunk

switchport native vlan 122

swithport trunk allowed vlan 122

this in my mind should work (and actually worked for like a few years, untill vendor upgraded on of the DSL modems). What happen in this scenario is that both public networks are isolated on the switch with this configuration and no conflicts of overlaps.....

am i doing this ass-backwards ? please let me know your opinion.

1 REPLY
Cisco Employee

Re: using trunk mode on port to isolate traffic

Kiryl,

What you have effectively accomplished with this configuration is having your ports fa0/1 and fa0/5 carry only traffic in VLAN 120, and your ports fa0/2 and fa0/6 carry only traffic in VLAN 122, in both cases untagged. This is by definition the exact behavior of an access port. You have effectively "downgraded" your trunks to access ports.

The correct configuration should be:

interface range Fa0/1 , Fa0/6

switchport mode access

switchport access vlan 120

interface range Fa0/2 , Fa0/6

switchport mode access

switchport access vlan 122

There is no point in having a trunk towards a device that knows nothing about trunking, and in addition, limit the trunk to carry only its native VLAN. Do you believe the suggested configuration above would work for you?

Best regards,

Peter

203
Views
0
Helpful
1
Replies
CreatePlease to create content