cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
5518
Views
0
Helpful
15
Replies

Encapsulation question

I'm trying to clean-up some configs and wanted to confirm some info. A port that is configured as SWITCHPORT MODE ACCESS, has no reason to have SWITCHPORT TRUNK ENCAPSULATION DOT1Q also configured, correct?                  

15 Replies 15

jrounkles
Level 1
Level 1

I would see no reason why it would need to be. The encapsulation command is used for trunking ports and trunking ports are configured to connect to other infrastrucutre devices (switches, routers,etc). The switchport mode access command is used on ports that connect to workstations, printers, etc.

I am not 100%sure, but I think when you remove the encapsulation command it may bounce that port. So you may not want to do it during production hours if the device connected to that port is critical. You'll have to do some more digging to find out or perform the commands in a test lab..

Hope that helps;

Rounk

Okay. We just about have the opposite. Examples:

1) We have a router with two ether ports coming in. One running data, one voice.

int f0/1

desc Data

switchport mode access

switchport access vlan 10

spanning-tree portfast

int f0/2

desc Voice

switchport mode access

switchport access vlan 172

spanning-tree portfast

In the case where we have a router with one ether port, we'd do this:

int f0/1

desc Data/Voice

switchport mode trunk

switchport trunk native vlan 10

switchport trunk encapsulation dot1q

spanning-tree portfast

2) For workstations/phones, we do this:

int f0/10

desc workstation/phone

switchport mode trunk

switchport trunk native vlan 10

switchport  trunk encapsulation dot1q

switchport voice vlan 172

spanning-tree portfast

Now, as I understand it, in trunking mode, the frames are tagged. In access mode, frames are not tagged. The questions I have are:

1) If the frames aren't tagged, isn't that a bad thing?

2) What is the most efficient way to move voice/data traffic in the scenario where we have just two vlans besides the default?

3) Spanning-tree portfast--necessary on ALL ports, or just workstations/phones?

4) Servers (shoretel voicemail server in particular): how to handle port configuration?

5) What commercial will stand out on Super Bowl Sunday?

What type of switches do you have in place? Can you upload a diagram of your layout? Once I see what you are trying to do; I can better answer your questions.

3560s. I'll post the diag shortly.

Pardon the thrown together, rudimentary diagram, but I think you'll get the idea. In short, we have a multi-site network running VoIP and data. All locations are connected via a mesh network through Cisco 2811s and on the local level, 3560 Catalyst switches.  All locations will have shoretel switches, phones/pcs. Our remote locations generally just have file/print. Our data center has many servers--apps, database, file/print, email and voicemail.

Thanks,

Chris

Pardon the thrown together, rudimentary diagram, but I think you'll get the idea. In short, we have a multi-site network running VoIP and data. All locations are connected via a mesh network through Cisco 2811s and on the local level, 3560 Catalyst switches.  All locations will have shoretel switches, phones/pcs. Our remote locations generally just have file/print. Our data center has many servers--apps, database, file/print, email and voicemail.

Thanks,

Chris

           
        Attachments:        
  •                 Attachment                 Basic diagram.jpg                 (58.2 K)                
       

Hi Chris,

To the original post the diiference between switchport mode access is configured then only passes traffic for the vlan specified on the port and your query is you have trunk encapsulation with mode access just check out the port is connected to other switch if yes then i hope it should be trunk port if not with a end user then it should be only access port.

Hope to help

If helpful do rate the post

Ganesh.H

Since you are running Cisco 3560 switches, may I ask why you are running the VLANs from the router and not from the

(layer 3) switch. We run 3560s in our network and use them to distribute VLANs and route between. I am not familiar with the configuring of Shoretel switches though.

I would configure the VLANs on your main 3560 switch at each location, set it as the VTP server (the rest as VTP clients) and configure the switches for ip routing. Using VTP this way allows you to manage VLANs on one switch instead of all of them. This way you can add your voice vlan and data vlanone one switch (not on the router) and configure to each port (adding data/vlans only on the ports needed and configure the ports connecting the router/switches as trunk ports). You can also configure each port that is not a trunk port for spanning-tree portfast.

HTH

Rounk

We do manage vlans on our switches. And use VTP.

Hello Christopher,

you are using modern IOS switches C3560.

I guess  you are using non Cisco IP phones so the switchport mode trunk is needed on ports where there are phones.

there is no need to configure as a trunk ports to routers unless the router is performing inter-vlan routing and it has one subinterface for each existing layer 2 vlan.

The mini trunk works with cisco IP phones by relying on CDP. For this reason swithport mode trunk is needed when using third party phones.

If the router has only one ip address just put the port on the correct vlan.

As noted by other colleagues a C3560 can provide a great performance gain in intervlan routing. When you have been asked for where the vlans are defined the question should be rewritten as: "have you configured SVI interfaces for each existing L2 Vlan on C3560 ?"

about initial question:

switchport mode access puts the port in access mode

additional commands like

switchport trunk enc dot1q

are not effective until the switchport mode is not changed

Hope to help

Giuseppe

Thanks for the replies!

Chris

houstonrob
Level 1
Level 1

Every environment is different, but to answer your original question; in most cases you shouldn’t have ‘switchport trunk encapsulation dot1q’ on the same port that has ‘switchport mode access’

As far as the 5 extra questions you later added:

1. Frames that have already reached their destination vlan have no reason to be tagged anymore

2. Using a voice vlan (which you are) is an ideal way to configure this regardless how many vlans there are.

3. Spanning-tree portfast should only be used on port connected to pcs/phones; be careful with this, it changes how spanning-tree operates on a port when it is starting up; I usually will also set ‘spanning-tree bpdugaurd enable’ also if I enable portfast

4. Don’t know anything about shoretel; sorry

5. n/a; not a football person

Thanks everyone for the replys.

Houstonrob,

So, is there a general rule of thumb or best practice for port config for phones/workstations? Switchport mode access or switchport mode trunk? I think what I've seen earlier, it's switchport mode access. If the port is set to access and we have to run data & voice, how does that work? You mention in #2 that using a voice vlan is ideal...would you be specifically saying switchport voice vlan 172 or is it 'better' to use switchport mode access, switchport access 172?

TIA,

C

It depends on what kind of IP phone you are using.

With Cisco IP phone, you can do

switchport mode access

switchport access vlan xx

switchport voice vlan yy

I've seen other vendor's requirement to be different like

switchport mode trunk

switchport trunk encap dot1q

switchport native vlan xx

switchport trunk allow vlan xx,yy

Regards,

jerry

I really wouldn't say there is one general rule of thumb when configuring ports for voice and data because like others have noted, different vendors have different phone requirements. Like jeye said, some vendors' phones have issues understanding what the 'switchport voice vlan xx' command is actually doing. I know Cisco phones understand this and I think Avaya can also but I'm not totally sure about Shoretel. With Cisco phones attached my usual port config looks something like:

int gi01

switchport host

switchport access vlan xx

switchport voice vlan yy

spanning-tree bpdu-guard enable

note that the command 'switchport host' will configure both 'switchport mode access' and 'spanning-tree portfast'

I guess as long as you know what the different commands are doing, you should be able to figure out what's best for your specific situation. 'switchport mode access' is turning the port into an access port, meaning it isn't a trunk. 'switchport mode trunk' does the opposite. 'switchport trunk encap dot1q' is just telling it what type of encapsulation to use, but this is really only relevant on a trunk port. 'switchport native vlan xx' is just telling the port to use xx as the native vlan (where to send untagged traffic) vs the default vlan (vlan 1 out of the box). 'switchport trunk allowed vlan xx,yy' is just telling it to listen to traffic on only vlans xx and yy, if you have all ports set as trunks and you don't do this command you're pretty much defeating the purpose of having vlans. you should check with your phone vendor to see if they understand cdp, which in turn would make them understand 'switchport voice vlan yy' which is a nice built in way for Cisco ports to see traffic on two different vlans without actually making it a trunk. If they don't then the commands:


switchport mode trunk

switchport trunk encap dot1q

switchport native vlan xx

switchport trunk allow vlan xx,yy

are pretty much just another way of writing

switchport access vlan xx

switchport voice vlan yy

spanning-tree typically does a great job of keeping your network loop free so when you’re issuing spanning-tree commands it’s really important to know how they’re going to affect the spanning-tree initialization or operating process. ‘spanning-tree portfast’ makes the port skip some of the initialization steps and ‘spanning-tree bpdu-guard enable’ will shut the port off if it starts seeing bpdu’s.

For #2, I was saying that separating voice traffic from data traffic by having them in different logical networks is the best way to go. You always want to minimize the effects that nasty data traffic will have on your sensitive voice traffic.

hth

-rob

Review Cisco Networking for a $25 gift card