01-20-2016 12:05 PM - edited 03-05-2019 03:09 AM
I have a legacy configuration, where my switch is connected to a firewall, via a trunk.
The firewall is showing a lot of overruns.
The switch config is:
Int f0/7
switchport access 52
switchport trunk native 52
switchtrunk trunk allow vlan 52
switchport mode trunk
I understand the "switchport access 52" command is meaningless, since it is manually set to trunking.
And I know that the "switchport trunk native 52" is bad, but I'm not sure why.
Can someone explain the practical effect?
Thanks.
Solved! Go to Solution.
01-20-2016 12:55 PM
The control plane protocols would go on vlan 1 tagged because you have changed the native vlan except for DTP which always uses the native vlan.
And they would go across the link even if you don't allow the vlan on the trunk which you haven't.
Personally if it does not have to be a trunk ie. it is not a requirement of the firewall then I would simply make it an access port because you are only passing one vlan anway. .
Jon
01-20-2016 12:24 PM
It's not particularly bad ie. you can set the native vlan to anything you want and people often change it but the question is why is the port configured as a trunk when you are only allowing vlan 52 ?
Jon
01-20-2016 12:27 PM
It's a legacy I inhereted; I'd like a good explanation before I get authorization to remove it.
Wouldn't all the untagged data go out this port, like control plane stuff, that would normally be on VLAN 1 ??
01-20-2016 12:55 PM
The control plane protocols would go on vlan 1 tagged because you have changed the native vlan except for DTP which always uses the native vlan.
And they would go across the link even if you don't allow the vlan on the trunk which you haven't.
Personally if it does not have to be a trunk ie. it is not a requirement of the firewall then I would simply make it an access port because you are only passing one vlan anway. .
Jon
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide