02-05-2010 06:34 AM - edited 03-06-2019 09:35 AM
I'm trying to clean-up some configs and wanted to confirm some info. A port that is configured as SWITCHPORT MODE ACCESS, has no reason to have SWITCHPORT TRUNK ENCAPSULATION DOT1Q also configured, correct?
02-05-2010 06:44 AM
I would see no reason why it would need to be. The encapsulation command is used for trunking ports and trunking ports are configured to connect to other infrastrucutre devices (switches, routers,etc). The switchport mode access command is used on ports that connect to workstations, printers, etc.
I am not 100%sure, but I think when you remove the encapsulation command it may bounce that port. So you may not want to do it during production hours if the device connected to that port is critical. You'll have to do some more digging to find out or perform the commands in a test lab..
Hope that helps;
Rounk
02-05-2010 07:09 AM
Okay. We just about have the opposite. Examples:
1) We have a router with two ether ports coming in. One running data, one voice.
int f0/1
desc Data
switchport mode access
switchport access vlan 10
spanning-tree portfast
int f0/2
desc Voice
switchport mode access
switchport access vlan 172
spanning-tree portfast
In the case where we have a router with one ether port, we'd do this:
int f0/1
desc Data/Voice
switchport mode trunk
switchport trunk native vlan 10
switchport trunk encapsulation dot1q
spanning-tree portfast
2) For workstations/phones, we do this:
int f0/10
desc workstation/phone
switchport mode trunk
switchport trunk native vlan 10
switchport trunk encapsulation dot1q
switchport voice vlan 172
spanning-tree portfast
Now, as I understand it, in trunking mode, the frames are tagged. In access mode, frames are not tagged. The questions I have are:
1) If the frames aren't tagged, isn't that a bad thing?
2) What is the most efficient way to move voice/data traffic in the scenario where we have just two vlans besides the default?
3) Spanning-tree portfast--necessary on ALL ports, or just workstations/phones?
4) Servers (shoretel voicemail server in particular): how to handle port configuration?
5) What commercial will stand out on Super Bowl Sunday?
02-05-2010 07:35 AM
What type of switches do you have in place? Can you upload a diagram of your layout? Once I see what you are trying to do; I can better answer your questions.
02-05-2010 08:10 AM
3560s. I'll post the diag shortly.
02-05-2010 08:46 AM
Pardon the thrown together, rudimentary diagram, but I think you'll get the idea. In short, we have a multi-site network running VoIP and data. All locations are connected via a mesh network through Cisco 2811s and on the local level, 3560 Catalyst switches. All locations will have shoretel switches, phones/pcs. Our remote locations generally just have file/print. Our data center has many servers--apps, database, file/print, email and voicemail.
Thanks,
Chris
02-05-2010 11:11 AM
Pardon the thrown together, rudimentary diagram, but I think you'll get the idea. In short, we have a multi-site network running VoIP and data. All locations are connected via a mesh network through Cisco 2811s and on the local level, 3560 Catalyst switches. All locations will have shoretel switches, phones/pcs. Our remote locations generally just have file/print. Our data center has many servers--apps, database, file/print, email and voicemail.
Thanks,
Chris
Attachments:
- Basic diagram.jpg (58.2 K)
Hi Chris,
To the original post the diiference between switchport mode access is configured then only passes traffic for the vlan specified on the port and your query is you have trunk encapsulation with mode access just check out the port is connected to other switch if yes then i hope it should be trunk port if not with a end user then it should be only access port.
Hope to help
If helpful do rate the post
Ganesh.H
02-05-2010 02:17 PM
Since you are running Cisco 3560 switches, may I ask why you are running the VLANs from the router and not from the
(layer 3) switch. We run 3560s in our network and use them to distribute VLANs and route between. I am not familiar with the configuring of Shoretel switches though.
I would configure the VLANs on your main 3560 switch at each location, set it as the VTP server (the rest as VTP clients) and configure the switches for ip routing. Using VTP this way allows you to manage VLANs on one switch instead of all of them. This way you can add your voice vlan and data vlanone one switch (not on the router) and configure to each port (adding data/vlans only on the ports needed and configure the ports connecting the router/switches as trunk ports). You can also configure each port that is not a trunk port for spanning-tree portfast.
HTH
Rounk
02-05-2010 02:22 PM
We do manage vlans on our switches. And use VTP.
02-06-2010 03:11 AM
Hello Christopher,
you are using modern IOS switches C3560.
I guess you are using non Cisco IP phones so the switchport mode trunk is needed on ports where there are phones.
there is no need to configure as a trunk ports to routers unless the router is performing inter-vlan routing and it has one subinterface for each existing layer 2 vlan.
The mini trunk works with cisco IP phones by relying on CDP. For this reason swithport mode trunk is needed when using third party phones.
If the router has only one ip address just put the port on the correct vlan.
As noted by other colleagues a C3560 can provide a great performance gain in intervlan routing. When you have been asked for where the vlans are defined the question should be rewritten as: "have you configured SVI interfaces for each existing L2 Vlan on C3560 ?"
about initial question:
switchport mode access puts the port in access mode
additional commands like
switchport trunk enc dot1q
are not effective until the switchport mode is not changed
Hope to help
Giuseppe
02-07-2010 08:06 AM
Thanks for the replies!
Chris
02-05-2010 02:56 PM
Every environment is different, but to answer your original question; in most cases you shouldn’t have ‘switchport trunk encapsulation dot1q’ on the same port that has ‘switchport mode access’
As far as the 5 extra questions you later added:
1. Frames that have already reached their destination vlan have no reason to be tagged anymore
2. Using a voice vlan (which you are) is an ideal way to configure this regardless how many vlans there are.
3. Spanning-tree portfast should only be used on port connected to pcs/phones; be careful with this, it changes how spanning-tree operates on a port when it is starting up; I usually will also set ‘spanning-tree bpdugaurd enable’ also if I enable portfast
4. Don’t know anything about shoretel; sorry
5. n/a; not a football person
02-05-2010 03:05 PM
Thanks everyone for the replys.
Houstonrob,
So, is there a general rule of thumb or best practice for port config for phones/workstations? Switchport mode access or switchport mode trunk? I think what I've seen earlier, it's switchport mode access. If the port is set to access and we have to run data & voice, how does that work? You mention in #2 that using a voice vlan is ideal...would you be specifically saying switchport voice vlan 172 or is it 'better' to use switchport mode access, switchport access 172?
TIA,
C
02-05-2010 03:28 PM
It depends on what kind of IP phone you are using.
With Cisco IP phone, you can do
switchport mode access
switchport access vlan xx
switchport voice vlan yy
I've seen other vendor's requirement to be different like
switchport mode trunk
switchport trunk encap dot1q
switchport native vlan xx
switchport trunk allow vlan xx,yy
Regards,
jerry
02-06-2010 01:30 PM
I really wouldn't say there is one general rule of thumb when configuring ports for voice and data because like others have noted, different vendors have different phone requirements. Like jeye said, some vendors' phones have issues understanding what the 'switchport voice vlan xx' command is actually doing. I know Cisco phones understand this and I think Avaya can also but I'm not totally sure about Shoretel. With Cisco phones attached my usual port config looks something like:
int gi01
switchport host
switchport access vlan xx
switchport voice vlan yy
spanning-tree bpdu-guard enable
note that the command 'switchport host' will configure both 'switchport mode access' and 'spanning-tree portfast'
I guess as long as you know what the different commands are doing, you should be able to figure out what's best for your specific situation. 'switchport mode access' is turning the port into an access port, meaning it isn't a trunk. 'switchport mode trunk' does the opposite. 'switchport trunk encap dot1q' is just telling it what type of encapsulation to use, but this is really only relevant on a trunk port. 'switchport native vlan xx' is just telling the port to use xx as the native vlan (where to send untagged traffic) vs the default vlan (vlan 1 out of the box). 'switchport trunk allowed vlan xx,yy' is just telling it to listen to traffic on only vlans xx and yy, if you have all ports set as trunks and you don't do this command you're pretty much defeating the purpose of having vlans. you should check with your phone vendor to see if they understand cdp, which in turn would make them understand 'switchport voice vlan yy' which is a nice built in way for Cisco ports to see traffic on two different vlans without actually making it a trunk. If they don't then the commands:
switchport mode trunk
switchport trunk encap dot1q
switchport native vlan xx
switchport trunk allow vlan xx,yy
are pretty much just another way of writing
switchport access vlan xx
switchport voice vlan yy
spanning-tree typically does a great job of keeping your network loop free so when you’re issuing spanning-tree commands it’s really important to know how they’re going to affect the spanning-tree initialization or operating process. ‘spanning-tree portfast’ makes the port skip some of the initialization steps and ‘spanning-tree bpdu-guard enable’ will shut the port off if it starts seeing bpdu’s.
For #2, I was saying that separating voice traffic from data traffic by having them in different logical networks is the best way to go. You always want to minimize the effects that nasty data traffic will have on your sensitive voice traffic.
hth
-rob
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide