Solved: port says access but appears to be a trunk?

robertkwild · ‎08-15-2019

hi all,

i have a question in that when i do a "sh run" on my cat 3850 one port its both an access and a trunk but i thought it could either be a trunk or a access port and NOT both (see below)

interface GigabitEthernet1/0/37
switchport access vlan 22
switchport mode trunk
switchport nonegotiate
switchport voice vlan 35
switchport port-security mac-address sticky
trust device cisco-phone
auto qos voip cisco-phone
spanning-tree portfast
service-policy input AutoQos-4.0-CiscoPhone-Input-Policy
service-policy output AutoQos-4.0-Output-Policy

but then when i do a "sh int status" its listed as a trunk

Gi1/0/37 connected trunk a-full a-100 10/100/1000BaseTX

thanks,

rob

Giuseppe Larosa · ‎08-16-2019

Hello Robert,

Cisco IOS switches allow switchport commands related to different type of port to co - exist on the same interface.

However, the command that says what commands are considered and implemented is the

switchport mode

In your case the port is configured with switchport mode trunk so all commands related to access mode are ignored.

For sure switchport access vlan 22 is ignored.

As noted by Martin most of the commands are intended for a port that should work as an access port with an IP phone and a PC downstream the phone.

Not only the voice vlan command also the QoS commands refer to this scenario.

You can check with

show cdp neighbor

or

show lldp neighbor

If there is an IP phone connected to the port you may want to revert to switchport mode access.

IF instead there is a switch or a server using multiple Vlans connected to the port you may want to change the QoS configuration.

Note:

The worst misleading configuration I have seen instead of using access port was the following

interface gi0/10

swithport mode trunk

switchport trunk native vlan 22

Instead of using

int gi0/10

switchport mode access

switchport access vlan 22

This was done on many ports with different native Vlans depending on the access switch.

We were trying to make STP stable and we wanted to control what Vlans are permitted to /from each access switch to minimize the number of PVST instances running on each box.

Looking only at show vlan provides you only the access ports.

So we had to add a check also on show run | inc native vlan

Hope to help

Giuseppe

View solution in original post

Martin L · ‎08-15-2019

because of switchport mode trunk command. this is access port (or should be) since u have Voice and data vlans.

try removing mode trunk command with no switchport mode trunk

or change trunk to access with switchport mode access

For more detailed info, use interface GigabitEthernet1/0/37 switchport command. it will show u Admin and Operational modes. Admin is what u configured and Operational is what port is doing now.

Regards, ML
**Please Rate All Helpful Responses **

Mark Malone · ‎08-16-2019

also good command to use for this show int gx/x switchport
This will provide more detail

sh int g1/1/9 switchport
Name: Gi1/1/9
Switchport: Enabled
Administrative Mode: static access
Operational Mode: down
Administrative Trunking Encapsulation: dot1q
Negotiation of Trunking: Off
Access Mode VLAN: 164 (DHCP-172.21.164.0)
Trunking Native Mode VLAN: 1 (default)
Administrative Native VLAN tagging: enabled
Voice VLAN: 196 (XIR_Cisco_Voice_Vlan)
Administrative private-vlan host-association: none
Administrative private-vlan mapping: none
Administrative private-vlan trunk native VLAN: none
Administrative private-vlan trunk Native VLAN tagging: enabled
Administrative private-vlan trunk encapsulation: dot1q
Administrative private-vlan trunk normal VLANs: none
Administrative private-vlan trunk associations: none
Administrative private-vlan trunk mappings: none
Operational private-vlan: none
Trunking VLANs Enabled: ALL
Pruning VLANs Enabled: 2-1001
Capture Mode Disabled
Capture VLANs Allowed: ALL

Unknown unicast blocked: disabled
Unknown multicast blocked: disabled
Appliance trust: none

Giuseppe Larosa · ‎08-16-2019