Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
876
Views
0
Helpful
1
Replies

Using Trunk Ports for End User Desktops?

MikeChavez06
Level 1
Level 1

‎06-13-2019 10:04 AM

Hi Everyone,

 

I often hear that end user desktops should be configured with access ports, not trunk ports.  I understand that this is for security reasons.

 

However, on my SG300/350 series switches, there is a preconfigured Smartport value for desktops.  This configuration configures a trunk port, then assigns the port membership native VLAN to a value you specify.

1.PNG

 

So in the end, the port is configured as a trunk, but only one VLAN is accessible.  This sounds pretty similar to an access port.  For example, if I configure a SmartPort for desktop and specify VLAN 152, it looks like this:

2.PNG

 

Questions

1. Is it wrong to configure an end-user desktop port in this fashion?

2. Any downside to using a trunk port for an end-user desktop as long as no other VLANs are joined?

Labels:
0 Helpful
1 Reply 1

Sujoy Paria
Cisco Employee
Cisco Employee

‎06-14-2019 06:08 AM

Hi Mike,

The default Switchport mode is ‘Trunk’ in Cisco Small Business 300 series Switches and ‘Access’ in Cisco Small Business 350 series Switches. By default no VLAN is allowed in trunk ports (only VLAN 1) in 300 series switches however in 350 series Switches by default trunk ports are members of all VLANs regardless of whether the VLANs are active or inactive on the switch.

So in 300 series Switches you need to specifically add any additional VLAN (apart from the only VLAN allowed on that port) to allow the traffic for that VLAN even though the port is configured as ‘Trunk’. Due to that it seems like an access port.

Regarding your first query, it is not a wrong configuration for the end user desktop connected ports (considering the 300 series Switches) as long as only one VLAN is allowed however it is recommended to use ‘Access’ mode as the desktop will be part of one VLAN.

And regarding your second query (not restricted to Cisco Small Business Switches), you may refer the below mentioned link…

 https://community.cisco.com/t5/switching/the-effect-of-plugging-an-end-device-into-a-trunk-port/td-p/2708478

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Switch products supported in this community
Cisco Business Product Family
  • CBS110
  • CBS220
  • CBS250
  • CBS350
Cisco Switching Product Family
  • 110
  • 200
  • 220
  • 250
  • 300
  • 350
  • 350X
  • 550X
Customers Also Viewed These Support Documents