I often hear that end user desktops should be configured with access ports, not trunk ports. I understand that this is for security reasons.
However, on my SG300/350 series switches, there is a preconfigured Smartport value for desktops. This configuration configures a trunk port, then assigns the port membership native VLAN to a value you specify.
So in the end, the port is configured as a trunk, but only one VLAN is accessible. This sounds pretty similar to an access port. For example, if I configure a SmartPort for desktop and specify VLAN 152, it looks like this:
1. Is it wrong to configure an end-user desktop port in this fashion?
2. Any downside to using a trunk port for an end-user desktop as long as no other VLANs are joined?
The default Switchport mode is ‘Trunk’ in Cisco Small Business 300 series Switches and ‘Access’ in Cisco Small Business 350 series Switches. By default no VLAN is allowed in trunk ports (only VLAN 1) in 300 series switches however in 350 series Switches by default trunk ports are members of all VLANs regardless of whether the VLANs are active or inactive on the switch.
So in 300 series Switches you need to specifically add any additional VLAN (apart from the only VLAN allowed on that port) to allow the traffic for that VLAN even though the port is configured as ‘Trunk’. Due to that it seems like an access port.
Regarding your first query, it is not a wrong configuration for the end user desktop connected ports (considering the 300 series Switches) as long as only one VLAN is allowed however it is recommended to use ‘Access’ mode as the desktop will be part of one VLAN.
And regarding your second query (not restricted to Cisco Small Business Switches), you may refer the below mentioned link…
A consumer router may support a virtual private network (VPN) connection, but that's a far cry from the network and security capabilities that a business-class router can provide. All it takes is some IT talent and know-how to set one up. You're hear...
Cisco RV340 Series Secure Router
Security License Features and Performance
Today, secure networking is imperative for every business, even the smallest one. The RV340 series security routers provides business users with advanced connectivity and...
Recorded Live at SpiceWorld 2018!With the increasing complexity of technology lengthy configurations, dealing with multiple vendors, constant updates and maintenance –it can feel like you are navigating an unruly IT jungle. Join Cisco's Amy Blanchard as s...
Small Business Networking Products
Network and Smart Storage
FindIT Network Management
Voice and Conferencing
ATAs, Gateways,and Accessories
This document is attempt to recreate content of original document created by famous @Patrick Born. Cisco has considered to destroy such valuable document for an unknown reason.In order to capture debug and syslog messages from your SPA1x2 and SPA232D phon...