cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Join Customer Connection to register!
423
Views
10
Helpful
7
Replies
gomezesteban203
Beginner

Can we have access port with trunk allowed vlans?

 

Hello Dear experts,

 

I am new in corporation, I am seeing this config in a trunk inside a core switch catalyst 9300, is it possible to have a port as Access and at the same time with trunk allowed? does this make any sense?

 

interface TenGigabitEthernet2/0/40
switchport access vlan 90
switchport trunk native vlan 90
switchport trunk allowed vlan 90
switchport mode access

 

When checking the neighbor in this port it has directly connected another Switch from a different company:

 

Platform: cisco WS-C3650-48PS, Capabilities: Router Switch IGMP
Interface: TenGigabitEthernet2/0/40, Port ID (outgoing port): GigabitEthernet1/0/20

 

 

Switchport interface:

 

Switchport: Enabled
Administrative Mode: static access
Operational Mode: static access
Administrative Trunking Encapsulation: dot1q
Operational Trunking Encapsulation: native
Negotiation of Trunking: Off
Access Mode VLAN: 90
Trunking Native Mode VLAN: 90
Administrative Native VLAN tagging: disabled
Voice VLAN: none
Administrative private-vlan host-association: none
Administrative private-vlan mapping: none
Administrative private-vlan trunk native VLAN: none
Administrative private-vlan trunk Native VLAN tagging: enabled
Administrative private-vlan trunk encapsulation: dot1q
Administrative private-vlan trunk normal VLANs: none
Administrative private-vlan trunk associations: none
Administrative private-vlan trunk mappings: none
Operational private-vlan: none
Trunking VLANs Enabled: 90

Pruning VLANs Enabled: 2-1001
Capture Mode Disabled
Capture VLANs Allowed: ALL

 

Thanks for your help

7 REPLIES 7
balaji.bandi
VIP Master

Agreed not make any sense in terms of config, Switch can be Access port or Trunk port wth VLAN allowed in controlled manner.

 

if environment using differrent VLAN other VLAN 1, you can configure as native VLAN X

BB

***** Rate All Helpful Responses *****

How to Ask The Community for Help

Thanks Balaji, do you know by Any chance why they would put an access switchport facing another Switch 3650?

This is  history may be not sure what was the intenetion when some engineer configured or miss-configuraiton.

 

if this is connected to other switch - i would expect to be Trunk and controlled with allowed VLAN best Option (Looking at future may be some more VLAN required to extend).

 

BB

***** Rate All Helpful Responses *****

How to Ask The Community for Help

Giuseppe Larosa
Hall of Fame Master

Hello @gomezesteban203 ,

the switchport mode access makes all trunk related commands as they were not present.

The port is in access mode as confirmed by the show command.

 

There may be an historical reason : in the past they tried to use a trunk link and this can have caused some issues so they reverted to access mode. ( Cisco switches use proprietary STP BPDUs on trunk ports standard IEEE BPDUs on access ports)

You can remove all switchport trunk commands with no fear.

 

Hope to help

Giuseppe

 

Thanks Giusseppe, i appreciate your response, would you know why they would put an access switchport facing another Switch 3650? Is this a good configuration?

Hi @gomezesteban203 

 

If you take about the standards it's recommended to have a trunk link between the switches and from the switch to any end device it should be a access link

 

But again based on the requirement it will change and when and where they are using

chesterr
Beginner

You have static configuration of mode as "access" so your port will be work as "access".

In some cases you can have both statements for trunk (switchport trunk) and (switchport access) on the same port. If trunk connection has not negotiated by DTP the port would be work as "access".