access vlan on a trunk?

Priston

I found the following configured on a port

interface GigabitEthernet0/28
switchport access vlan 230
switchport trunk encapsulation dot1q
switchport mode trunk
switchport nonegotiate

I was wondering since the port is running as a trunk if there was any reason for the switchport access vlan 230 in the config.

show interfaces gi0/28 switchport
Name: Gi0/28
Switchport: Enabled
Administrative Mode: trunk
Operational Mode: trunk
Administrative Trunking Encapsulation: dot1q
Operational Trunking Encapsulation: dot1q
Negotiation of Trunking: Off
Access Mode VLAN: 230
Trunking Native Mode VLAN: 1 (default)
Administrative Native VLAN tagging: enabled

Magic Johnson

Legacy config? The 'switchport mode' will tell the port what to do, if you changed it to 'switchport mode access' it would be an access port in VLAN 230.

broli720

Switchport mode is used to define the state of a trunk (auto, on, off, nonnegotiate ect.) Now the switchport command is used to specify encapsulation e.g. dot1q. Hope that helps.

Heero

When you statically set the link to a trunk link, the access vlan statement will have no effect. If you change it back to switchport mode access, it will use that vlan.

It is useful if you are actively using DTP. If DTP negotiates a trunk, it will use the trunk settings such as "switchport trunk encap dot1q" and "switchport trunk allowed vlan X." If DTP negotiates an access port, it will use the access port setting "switchport access vlan X."

Priston

Heero wrote: »

When you statically set the link to a trunk link, the access vlan statement will have no effect. If you change it back to switchport mode access, it will use that vlan.

Thanks, this is what I was hoping to here.

jeff113

Looks the like correct answer was giving. A good idea would be to lab it out yourself to get the hands on feel of what it does. You can probably find packet tracers online or get a couple cheap switches. Look at the sh int (int) switchport

TechGuru80

I would never want that command in the config in the real world...

theodoxa

TechGuru80 wrote: »

I would never want that command in the config in the real world...

Perhaps, you could set the access vlan to an unused VLAN, just in case the mode somehow gets changed back to Access mode. That way, if the trunk should somehow become an access link, it won't be usable.

TechGuru80

Doh...yes always a good idea to change from default. That's what I get for multi tasking.

chopsticks

theodoxa wrote: »

Perhaps, you could set the access vlan to an unused VLAN, just in case the mode somehow gets changed back to Access mode. That way, if the trunk should somehow become an access link, it won't be usable.

How about setting it to VLAN 1 (default VLAN)?

Ertaz

I've seen this happen from time to time on the service provider side (AirRiver). The design engineers don't check the preexisting port configs, and the Customer Engineers don't check it after they've put in the command. They throw it in production and turn it over to the ops folks to clean up.

rowelld

That command was probably put in place in case the port was to change out of trunking mode. The best option would be to change that access VLAN to a blackhole, or a VLAN that is not routable and has access to nothing.