Confusing config
Need your help understanding this config, my fellow techies. This is on one of our core routers (Cat 4500), and I just don't get it. Check out this port-channel config:
interface Port-channel4
description *** Server Farm #4 (ThinClient) ***
switchport
switchport access vlan 1200
switchport trunk encapsulation dot1q
switchport trunk native vlan 999
switchport trunk allowed vlan 2-8,15,16,18-49,53-74,76-199,201-214,217-1199
switchport trunk allowed vlan add 1201-4094
switchport mode dynamic desirable
end
Can you believe I working on my NP and I can't figure this out... where's that "banging your head against a wall" emoticon? I need it.
This etherchannel is set up as a trunk, and sure enough it's trunking... but I understood that the "switchport" and "switchport access vlan 1200" commands would rule out the possibility of a trunk, and make the channel a member of one vlan... in this case, 1200.
What am I missing?
By the way, port-channel 4 is made up of two ports, and their config's confirm they're in trunk mode... for example:
TCI-C2#sh int g5/13 trunk
Port Mode Encapsulation Status Native vlan
Gi5/13 desirable 802.1q trunk-inbndl (Po4) 999
Port Vlans allowed on trunk
Gi5/13 2-8,15-16,18-49,53-74,76-199,201-214,217-1199,1201-4094
Thanks,
Mike
interface Port-channel4
description *** Server Farm #4 (ThinClient) ***
switchport
switchport access vlan 1200
switchport trunk encapsulation dot1q
switchport trunk native vlan 999
switchport trunk allowed vlan 2-8,15,16,18-49,53-74,76-199,201-214,217-1199
switchport trunk allowed vlan add 1201-4094
switchport mode dynamic desirable
end
Can you believe I working on my NP and I can't figure this out... where's that "banging your head against a wall" emoticon? I need it.
This etherchannel is set up as a trunk, and sure enough it's trunking... but I understood that the "switchport" and "switchport access vlan 1200" commands would rule out the possibility of a trunk, and make the channel a member of one vlan... in this case, 1200.
What am I missing?
By the way, port-channel 4 is made up of two ports, and their config's confirm they're in trunk mode... for example:
TCI-C2#sh int g5/13 trunk
Port Mode Encapsulation Status Native vlan
Gi5/13 desirable 802.1q trunk-inbndl (Po4) 999
Port Vlans allowed on trunk
Gi5/13 2-8,15-16,18-49,53-74,76-199,201-214,217-1199,1201-4094
Thanks,
Mike
There are only 10 kinds of people... those who understand binary, and those that don't.
CCIE Studies: Written passed: Jan 21/12 Lab Prep: Hours reading: 385. Hours labbing: 110
Taking a time-out to add the CCVP. Capitalizing on a current IPT pilot project.
CCIE Studies: Written passed: Jan 21/12 Lab Prep: Hours reading: 385. Hours labbing: 110
Taking a time-out to add the CCVP. Capitalizing on a current IPT pilot project.
Comments
-
gojericho0
Member Posts: 1,059 ■■■□□□□□□□
in the show in whats the administrative mode and operational mode?
is it auto-negotiating?
*Edit* from the output above it looks like it did negotiate the trunk with the other switch. If it would stop negotiating and the trunk is broken it should resort back to the access port you have configed -
dtlokee
Member Posts: 2,378 ■■■■□□□□□□
"switchport" command will make it a L2 interface instead of L3 interface, and the "switchport access vlan 1200" says *if* the interface is an access port then it will be in vlan 1200, the command does not make it an access port. If you added the command "switchport mode access" then it will be an access port in vlan 1200, not a trunk. Also if you disabled negoitation with the "switchport nonegotiate" or changed the DTP mode to an incompatible mode it will become and access port in vlan 1200.The only easy day was yesterday! -
mikearama
Member Posts: 749
Ah, got it. I forgot about "mode access". Thanks for the explanations.There are only 10 kinds of people... those who understand binary, and those that don't.
CCIE Studies: Written passed: Jan 21/12 Lab Prep: Hours reading: 385. Hours labbing: 110
Taking a time-out to add the CCVP. Capitalizing on a current IPT pilot project. -
joshgibson82
Member Posts: 80 ■■□□□□□□□□
Looks to me like someone didn't clean up an old config. There's no point in having that command in there if it isn't an access port.Josh, CCNP CWNA -
dtlokee
Member Posts: 2,378 ■■■■□□□□□□
joshgibson82 wrote:Looks to me like someone didn't clean up an old config. There's no point in having that command in there if it isn't an access port.
Perhaps, but what if somone plugged in a device that does not support DTP? Then it will become an access port in the default VLAN (1) which may not be what you wanted. In this case it will drop the device into VLAN 1200 which may be less of a security issue.The only easy day was yesterday!