Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
480
Views
15
Helpful
4
Replies

Uplink Configuration

kochjason
Level 1
Level 1

‎01-26-2023 01:06 PM

Hello,

I'm trying to learn more about switches, and I had some questions about the configuration on the following uplinks: First off should the 9500 also have a configuration including encapsulation dot1q, and should nonegotiate be added to disable DCP?  I also noticed vlans did not match as well. What is the best practice for trunk configuration?

3750x with 10G module:

interface GigabitEthernet2/1/3
description xxx
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,16,32,160,161,172,900
switchport mode trunk

9500:

description < xxx>
switchport trunk allowed vlan 1,16,32,161,172,900
switchport mode trunk

 

Labels:
0 Helpful
4 Replies 4

balaji.bandi
Hall of Fame
Hall of Fame

‎01-26-2023 01:47 PM

When you doing Trunk between always suggest having identical information, if not you keep getting Logs of inconsistency

So better to create VLAN Locally and add those VLANs into Trunk in the allowed List.

make sure you choose the right device to be a spanning-tree root, and also use RPVST for quicker convergence.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Joseph W. Doherty
Hall of Fame
Hall of Fame

‎01-26-2023 02:50 PM - edited ‎01-26-2023 02:53 PM

"First off should the 9500 also have a configuration including encapsulation dot1q . . ."

Possibly not.  On the 9500, 1q encapsulation might now be the default (which Cisco does sometimes changes over the years) and/or Cisco's ISL might no longer supported (if the latter is true, there might not be any encapsulation choice, making assigning it, moot).

". . . should nonegotiate be added to disable DCP?"

Did you mean DTP?  If so, I generally don't bother to deactivate it, but if you're not using it, deactivation is likely good.

"I also noticed vlans did not match as well."

Likely an error.

"What is the best practice for trunk configuration?"

Unsure I've ever seen "best practice" recommendations, for trunks, but likely they exist, although how "best" they are might be debatably.

For example I'm guessing @balaji.bandi might consider best practice explicitly allowing specific VLANs on a trunk, but I lean toward allowing all VLANs to default across a trunk.

Years ago, when large L2 topologies were the norm, and switches, and port bandwidths, not as capable as they are today, pruning unnecessary VLANs could be a worthwhile optimization.  (Heck, even VTP supports an auto prune feature.)

If your topology is much more L3 oriented, you shouldn't have numerous VLANs "available" for crossing trunks, i.e. pruning by design.  To me, mucking about with VLAN assignments, is just one more way to manually make an error (like, perhaps, your OP example).

Of course, another reason for assigning allowed VLANs is for "security", but if your security really relies on this feature, I would wonder about your VLAN usage and/or your overall security posture.

As I say, what's "best" is likely debatable.  As there's not a whole lot to standardize for trunk interfaces "best" might best (laugh) be done considering what's best (another laugh) for your network.

BTW, whether I'm right or wrong about @balaji.bandi's opinion (only chose him as he already posted on this, and he's one of our VIPs - i.e. worth paying particular attention to his posts) on using a trunk VLAN allowed list, I'm sure he too could provide pros and cons, and considers whatever his choice is as "best" (which is perfectly fine).

balaji.bandi
Hall of Fame
Hall of Fame
In response to Joseph W. Doherty

‎01-26-2023 03:03 PM 

Years ago, when large L2 topologies were the norm, and switches, and port bandwidths, not as capable as they are today, pruning unnecessary VLANs could be a worthwhile optimization.  (Heck, even VTP supports an auto prune feature.)

If your topology is much more L3 oriented, you shouldn't have numerous VLANs "available" for crossing trunks, i.e. pruning by design.  To me, mucking about with VLAN assignments, is just one more way to manually make an error (like, perhaps, your OP example).

This very good point and interesting, I know old days - what travel. I know recent days are different, but sometimes we do not have any visibility of what their Layer 2 domain looks like, so that is the reason I was suggesting a controlled manner that allowed VLAN my views.  

Yes, you are right, if the Link is only between these 2 rests all Layer 3 networks, I am not much bothered about VLAN adding, just the trunk config is good enough.

 

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Joseph W. Doherty
Hall of Fame
Hall of Fame
In response to balaji.bandi

‎01-26-2023 04:00 PM

". . . but sometimes we do not have any visibility of what their Layer 2 domain looks like, so that is the reason I was suggesting a controlled manner that allowed VLAN . . ."

An excellent point, too.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card