From: James Ventre (messageboard@ventrefamily.com)
Date: Thu Feb 24 2005 - 21:29:17 GMT-3
Whenever possible I configure my trunks to dynamic desirable. I tend
not to hardcode them to on - so that I can trust my DTP messages. With
desirable, your port has 2 possible states - trunking and not trunking.
I make the native vlan on the trunk the same as switchport access vlan -
so that not matter the state (trunking or not) the most important vlan
can still forward traffic (hopefully). This also makes it easier if
it's a trunk between IOS and CatOS - since in CatOS the native vlan and
"access vlan (when not trunking)" are essentially the same thing and
aren't configured separately (lets forget about the new feature of dot1q
tagged all).
But also keep in mind any vlan hopping exploits that you may be
vulnerable to.
James
Jonathan ZD wrote:
> Sometimes I see in an example configuration that the switchport is
>configured with both "switchport access vlan x" and "switchport mode trunk" on
>the same port. Is this a normal practice? Should the port that configured with
>"switchport access vlan" be configured as "switchport mode access"? Or it is
>not neccesary and does not matter?
>
>Thanks.
>
>Jonathan.
>
>_______________________________________________________________________
>Subscription information may be found at:
>http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Thu Mar 03 2005 - 08:51:25 GMT-3