Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
9870
Views
30
Helpful
7
Replies

Access and Trunk configurations on the same port.

Go to solution
Mike Bowers
Level 1
Level 1

‎12-21-2012 02:36 AM - edited ‎03-07-2019 10:44 AM

I was hoping someone could help point me in the right direction here. I thought i had a good grasp of access and trunk mode (a port can be one or the other, right?), but I've run into a client setup that seems to use both.  Below are two examples, fa0/22 is in access mode but has a trunk command and fa0/24 is in trunk mode but has an access command. If the port is in access mode and set to tag all traffic coming in as vlan 3, what in the world does the switchport trunk native vlan 2 command do?

In what ways can this configuration be used for?  Thanks!

interface FastEthernet0/22

description connected to Pix Firewall

switchport access vlan 3

switchport trunk native vlan 2

switchport mode access

spanning-tree portfast

2960-1#show interfaces fastEthernet 0/22 switchport
Name: Fa0/22
Switchport: Enabled
Administrative Mode: static access
Operational Mode: static access
Administrative Trunking Encapsulation: dot1q
Operational Trunking Encapsulation: native
Negotiation of Trunking: Off
Access Mode VLAN: 3 (internet)
Trunking Native Mode VLAN: 2 (companylan)
Administrative Native VLAN tagging: enabled
Voice VLAN: none
Administrative private-vlan host-association: none
Administrative private-vlan mapping: none
Administrative private-vlan trunk native VLAN: none
Administrative private-vlan trunk Native VLAN tagging: enabled
Administrative private-vlan trunk encapsulation: dot1q
Administrative private-vlan trunk normal VLANs: none
Administrative private-vlan trunk private VLANs: none
Operational private-vlan: none
Trunking VLANs Enabled: ALL
Pruning VLANs Enabled: 2-1001
Capture Mode Disabled
Capture VLANs Allowed: ALL

Protected: false
Unknown unicast blocked: disabled
Unknown multicast blocked: disabled
Appliance trust: none

interface FastEthernet0/24

description connected to Cisco AP

switchport access vlan 2

switchport trunk native vlan 2

switchport mode trunk

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
cadet alain
VIP Alumni
VIP Alumni

‎12-21-2012 03:17 AM

Hi,

interface FastEthernet0/22

description connected to Pix Firewall

switchport access vlan 3

switchport trunk native vlan 2

switchport mode access

spanning-tree portfast

2960-1#show interfaces fastEthernet 0/22 switchport

Name: Fa0/22

Switchport: Enabled

Administrative Mode: static access

This port is an access port and the  switchport trunk native vlan 2 command will have no effect until it is a trunk port.

Regards.

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.

View solution in original post

Go to solution
Peter Paluch
Cisco Employee
Cisco Employee
In response to jimmysands73_2

‎12-23-2012 10:26 AM

Hi Jimmy,

In addition to Alain's perfect replies, recall that the switchports on Cisco Catalyst switches can operate in dynamic modes, i.e. they will negotiate their operating mode with the connected device. This means that a single port can act as an access port to a normal PC but when a Cisco switch is connected to it, the port can become a trunk automatically. This in turn means that you should be able to have both access mode and trunk mode configurations present on this port so that the appropriate configuration can be chosen whenever the port comes up and negotiates a particular operating mode. Hence the possibility of having both access and trunk mode config on a single switchport. The rationale is really simple here but many people are still confused quite often.

Best regards,
Peter

Sent from Cisco Technical Support iPad App

View solution in original post

7 Replies 7

Go to solution
cadet alain
VIP Alumni
VIP Alumni

‎12-21-2012 03:17 AM

Hi,

interface FastEthernet0/22

description connected to Pix Firewall

switchport access vlan 3

switchport trunk native vlan 2

switchport mode access

spanning-tree portfast

2960-1#show interfaces fastEthernet 0/22 switchport

Name: Fa0/22

Switchport: Enabled

Administrative Mode: static access

This port is an access port and the  switchport trunk native vlan 2 command will have no effect until it is a trunk port.

Regards.

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.

Go to solution
Mike Bowers
Level 1
Level 1
In response to cadet alain

‎12-22-2012 02:54 PM

Thanks alain for the quick response. I was 90% sure but I wanted to verify. So it looks like when changing that port it in the past from a trunk port to an access port, all of the commands weren't cleaned out.

In the same way, the following switchport access vlan 2 has zero effect and can be removed without affecting anything?

interface FastEthernet0/24

description connected to Cisco AP

switchport access vlan 2

switchport trunk native vlan 2

switchport mode trunk

Thanks again!

0 Helpful

Go to solution
cadet alain
VIP Alumni
VIP Alumni
In response to Mike Bowers

‎12-23-2012 01:07 AM

Hi,

yes it can be removed if the port is a trunk port,it will only take effect when the port is an access port( operational mode).

In previous example the administrative mode was access( switchport mode access) so it could nevr be in operational mode trunk

but here the administrative mode is trunk(switchport mode trunk) so it could be in operational mode access and then the command

would take effect.But in your  case it was in operational mode trunk so it has no effect as of now.

Regards.

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.

Go to solution
jimmysands73_2
Level 5
Level 5
In response to cadet alain

‎12-23-2012 09:55 AM

Ive seen these configs on devices and always wondered about them, thanks for the explanation.

0 Helpful

Go to solution
Peter Paluch
Cisco Employee
Cisco Employee
In response to jimmysands73_2

‎12-23-2012 10:26 AM

Hi Jimmy,

In addition to Alain's perfect replies, recall that the switchports on Cisco Catalyst switches can operate in dynamic modes, i.e. they will negotiate their operating mode with the connected device. This means that a single port can act as an access port to a normal PC but when a Cisco switch is connected to it, the port can become a trunk automatically. This in turn means that you should be able to have both access mode and trunk mode configurations present on this port so that the appropriate configuration can be chosen whenever the port comes up and negotiates a particular operating mode. Hence the possibility of having both access and trunk mode config on a single switchport. The rationale is really simple here but many people are still confused quite often.

Best regards,
Peter

Sent from Cisco Technical Support iPad App

Go to solution
jimmysands73_2
Level 5
Level 5
In response to Peter Paluch

‎12-23-2012 10:08 PM

Aye, aye, ty.  Great explanation.

0 Helpful

Go to solution
Mike Bowers
Level 1
Level 1
In response to Peter Paluch

‎12-24-2012 12:08 AM

Hi Peter,

Thanks for adding to the discussion and expanding on the answer. I appreciate it!

0 Helpful
Customers Also Viewed These Support Documents