10 Gig Trunk Port

Similar Messages

• MTU on FE/GigE trunk ports

  Is setting the 'mpls mtu' sufficient for increasing the MTU size for tagged packets or do I need to modify the MTU on the master interface also ? We are using trunking (dot1q) as well.
  Also, once I've set the mpls MTU, will I need to go to all the ethernet switches and configure jumbo frame support ?
  What the max MTU size I should set ?
  Thanks for any help.
  = K

  From the router perspective, setting the "mpls mtu" is all you need.
  You need to make sure the switch is configured to support baby giants. The following URL can help you with that task.
  http://www.cisco.com/en/US/products/hw/switches/ps700/products_configuration_example09186a008010edab.shtml
  Tha maximum MTU you should set is dependent on what type of MPLS application you are running (number of labels involved). It is safe though to set it to 1524, which would basically allow you to hold 6 labels (more than you really need bu won't hurt).
  Hope this helps,

• Access to trunk port clarification

  Hello-
  I am looking to clarify a point of confusion for myself regrading connecting an access port to a trunk port. Consider the following switchport config on switch1:
  Switch#1
  interface GigabitEthernet0/5
   switchport
   switchport access vlan 6
  ....and the corresponding config on it's neighbor:
  Switch#2
  Interface GigabitEthernet10/8
  switchport
  switchport mode trunk
  switchport trunk allowed vlan 1,6,100
  My first question is- Is this a valid configuration? Secondly, what would the expected results be? I am curious about what vlans would be allowed to pass through..
  Thanks in advance-
  Brian

  This would work fine but not recommended.
  Also the traffic between the switches would be only Native Vlan and vlan 6 will pass through.
  SW1-----F0/1----------f0/1----SW2
  SW1#sh int trunk 
  Port        Mode         Encapsulation  Status        Native vlan
  Fa0/1       auto         n-802.1q       trunking      1
  Port        Vlans allowed on trunk
  Fa0/1       1-1005
  Port        Vlans allowed and active in management domain
  Fa0/1       1,6
  Port        Vlans in spanning tree forwarding state and not pruned
  Fa0/1       1,6
  SW1#
  SW2
  SW2#sh int trunk 
  Port        Mode         Encapsulation  Status        Native vlan
  Fa0/1       on           802.1q         trunking      1
  Port        Vlans allowed on trunk
  Fa0/1       1,6,100
  Port        Vlans allowed and active in management domain
  Fa0/1       1,6,100
  Port        Vlans in spanning tree forwarding state and not pruned
  Fa0/1       1,6,100
  SW2#
  2) Part of this config is that any vlans which are been configured under the SW1 would be allowed through that access port.
  ex:
  SW1#sh int trunk 
  Port        Mode         Encapsulation  Status        Native vlan
  Fa0/1       auto         n-802.1q       trunking      1
  Port        Vlans allowed on trunk
  Fa0/1       1-1005
  Port        Vlans allowed and active in management domain
  Fa0/1       1,6,10,20,30,40,50,60,70,80,90,100
  Port        Vlans in spanning tree forwarding state and not pruned
  Fa0/1       1,6,10,20,30,40,50,60,70,80,90,100 ...>>>>>>>>>>all vlans are allowed here.
  b)
  Were as on Switch 2 if you create all these vlans and u dont allow that to go through the trunk interface which you have configured those vlans would nt be flowing through.
  eg;
  SW2#sh int tr
  Port        Mode         Encapsulation  Status        Native vlan
  Fa0/1       on           802.1q         trunking      1
  Port        Vlans allowed on trunk
  Fa0/1       1,6,100
  Port        Vlans allowed and active in management domain
  Fa0/1       1,6,100
  Port        Vlans in spanning tree forwarding state and not pruned
  Fa0/1       1,6,100>>>>>>>>>>>>>>>.Only 3 vlans would be flowing through due to explicit defined. but if you defined allowed all then all vlans would be shown here.
  i created all the vlans above on sw2 but you can see only 3 vlans are allowd as you have explicitly defined it.
  Hope this clarifies your query.
  Regards
  Inayath
  *************Plz dont forget to rate posts***********

• Can I use straight cable to connect trunk ports between 2 switches?

  Hi,
  Am I able to use straight instead of cross cable to connect trunk ports between 2 switches??
  thanks!

  Hi Devang,
  When a 10/100 Fast Ethernet interface is enabled, one end of the link must perform media dependent interface (MDI) crossover (MDIX), so that the transmitter on one end of the data link is connected to the receiver on the other end of the data link (a crossover cable is typically used).
  The Auto-MDIX feature eliminates the need for crossover cabling by performing an internal crossover when a straight cable is detected during the auto-negotiation phase.
  HTH, if yes please rate the post.
  Ankur

• Best practices for configure Rogue Detector AP and trunk port?

  I'm using a 2504 controller.  I dont have WCS.
  My questions are about the best way to configure a Rogue Detector AP.
  In my lab environment I setup the WLC with 2 APs.  One AP was in local mode, and I put the other in Rogue Detector mode.
  The Rogue Detector AP was connected to a trunk port on my switch.  But the AP needed to get its IP address from the DHCP server running on the WLC.  So I set the native vlan of the trunk port to be the vlan on which the WLC management interface resides.  If the trunk port was not configured with a native vlan, the AP couldn't get an address through DHCP, nor could the AP communicate with the WLC.  This makes sense because untagged traffic on the trunk port will be delivered to the native vlan.  So I take it that the AP doesn't know how to tag frames.
  Everything looked like it was working ok.
  So I connected an autonomous AP (to be used as the rogue), and associated a wireless client to it.  Sure enough it showed up on the WLC as a rogue AP, but it didn't say that it was connected on the wire.  From the rogue client I was able to successfully ping the management interface of the WLC.
  But the WLC never actually reported the rogue AP as being connected to the wired network.
  So my questions are:
  1. What is the correct configuration for the trunk port?  Should it not be configured with a native vlan?  If not, then I'm assuming the rogue detector AP will have to have a static IP address defined, and it would have to be told which vlan it's supposed to use to communicate with the WLC.
  2.  Assuming there is a rogue client associated with the rogue AP, how long should it reasonably take before it is determined that the rogue AP is connected to the wired network?  I know this depends on if the rogue client is actually generating traffic, but in my lab environment I had the rogue client pinging the management interface of the WLC and still wasn't being picked up as an on-the-wire rogue.
  Thanks for any input!!

  #what's the autonomous AP's(as Rogue AP) Wired and Wireless MAC address?
  it has to be +1 or -1 difference. If Wired MAC is x.x.x.x.x.05 and the wireless mac should be x.x.x.x.x.04 or 06. It is not going to detect if the difference is more than + 1 or - 1.
  #Does the switch sees the Rogue AP's wired MAC on its MAC table.
  Rogue Detector listens to ARPs to get all the Wired MAC info and forwards to WLC, It compares with Wireless MAC, if there is a +1 or -1 difference then it will be flagged as Rogue on wire. And the client that connected to it is also marked as found on wire.
  Regards to Trunking, Only Native vlan matters per trunk link, just configure the right vlan as native and we're done.
  It is not mandatory to keep the Rogue detector on Management vlan of wlc. It can also be on L3 vlan also as long as it can join the WLC to forward the learnt wired MACs.
  So if we don't have +1, -1 difference on Rogues then you've to use RLDP which will work with your existing setup to find Rogue on wire. there's a performance hit when we use this feature on local mode APs.
  Note: For AP join - AP can't understand Trunk, meaning if AP connected to Trunk it'll only talk to its native vlan irrespective of AP mode, however rogue detector listens to the Trunk port to learn MACs via ARPs from different VLANs and forwards to WLC using native vlan.

• How to check trunk port on 3548 xl switch

  Hi all,
  i have 3548 xl switch  i know on other switches i can use command
  sh int trunk  but on this switch it  does not work.
  do anyone knows which command we can use  to check trunk ports other then this
  sh int fa switchport???????????
  thanks
  mahesh

  Hi all,
  i have 3548 xl switch  i know on other switches i can use command
  sh int trunk  but on this switch it  does not work.
  do anyone knows which command we can use  to check trunk ports other then this
  sh int fa switchport???????????
  thanks
  mahesh
  Hi Mahesh,
  What error it shows when you issue show interface trunk on switches ..
  Ganesh.H

• Port protected on trunk ports

  I have a router to a 3550 switch feeding in a star toplogy one 2950 off each port.  I have port protprected on the ports of each of the 2950s.  The question is can I do port protected on all my trunk ports except the uplink port on the 3550?  I am wanting to stop any user on the network from seeing another.  My other option is to do a vlan per switch but would perfer not to bring down the network as it is already live and in heavy usage.
  Thank you for your help in advance. 

  Yes, you can enable protected mode on trunk ports
  Configuring Protected Ports
  Some applications require that no traffic be forwarded between ports on the same switch so that one neighbor does not see the traffic generated by another neighbor. In such an environment, the use of protected ports ensures that there is no exchange of unicast, broadcast, or multicast traffic between these ports on the switch.
  Protected ports have these features:
  •A protected port does not forward any traffic (unicast, multicast, or broadcast) to any other port that is also a protected port. Data traffic cannot be forwarded between protected ports at Layer 2; only control traffic, such as PIM packets, is forwarded because these packets are processed by the CPU and forwarded in software. All data traffic passing between protected ports must be forwarded through a Layer 3 device.
  •Forwarding behavior between a protected port and a nonprotected port proceeds as usual.
  •Protected ports are supported on 802.1Q trunks.
  link:
  http://www.cisco.com/en/US/docs/switches/lan/catalyst2950/software/release/12.1_20_ea2/configuration/guide/swtrafc.html#wp1158863
  HTH

• Service instance and trunk ports

  hi I have the following configuration:
  interface Port-channel1
   description SHN-AX1-1-2-CNRY
   switchport trunk allowed vlan none
   switchport mode trunk
   load-interval 30
   no keepalive
   service instance 1 ethernet
    encapsulation untagged
    l2protocol peer lacp
    bridge-domain 1
   service instance 2 ethernet
    description IDP_VLAN_2
    encapsulation dot1q 2
    bridge-domain 3998
   service instance 3 ethernet
    description BBR_VLAN
    encapsulation dot1q 420
    bridge-domain 3998
   service instance 4 ethernet
    description MGMT_VLAN
    encapsulation dot1q 95
    bridge-domain 3998
   service instance 5 ethernet
    description STATIC_VLAN
    encapsulation dot1q 3641,3644,3777,3291
    bridge-domain 3998
   service instance 6 ethernet
    description SME_VLAN
    encapsulation dot1q 2098,2339
    bridge-domain 3998
  interface Port-channel1
   description SHN-AX1-1-2-CNRY
   switchport trunk allowed vlan none
   switchport mode trunk
   load-interval 30
   no keepalive
   service instance 1 ethernet
    encapsulation untagged
    l2protocol peer lacp
    bridge-domain 1
   service instance 2 ethernet
    description IDP_VLAN_2
    encapsulation dot1q 2
    bridge-domain 3998
   service instance 3 ethernet
    description BBR_VLAN
    encapsulation dot1q 420
    bridge-domain 3998
   service instance 4 ethernet
    description MGMT_VLAN
    encapsulation dot1q 95
    bridge-domain 3998
   service instance 5 ethernet
    description STATIC_VLAN
    encapsulation dot1q 3641,3644,3777,3291
    bridge-domain 3998
   service instance 6 ethernet
    description SME_VLAN
    encapsulation dot1q 2098,2339
    bridge-domain 3998
  interface GigabitEthernet0/1
   switchport trunk allowed vlan none
   switchport mode trunk
   channel-group 1 mode on
  interface GigabitEthernet0/2
   switchport trunk allowed vlan none
   switchport mode trunk
   channel-group 1 mode on
  interface Port-channel12
   description SHN-AGG-BX1
   switchport trunk allowed vlan 34,50,76,3998
   switchport mode trunk
   mtu 9000
  interface GigabitEthernet0/23
   switchport trunk allowed vlan 34,3998
   switchport mode trunk
   mtu 9000
   channel-group 12 mode active
  interface GigabitEthernet0/24
   switchport trunk allowed vlan 34,3998
   switchport mode trunk
   mtu 9000
   channel-group 12 mode active
  the input interfaces are gigEth0/1 and gigEth0/2 and the output interfaces are gigEth0/23 and gigEth0/24.
  the ingress traffic at the input port has a single tag and the ingress traffic at the output port has two tags.
  please explain me, where tags would be pushed/popped and why??
  thank you.

  Hello.
  You might have confused service instance configuration and usual switchport mode trunk.
  Please refer figure 11-10 in the document http://www.cisco.com/c/en/us/td/docs/switches/metro/me3600x_3800x/software/release/12-2_52_ey/configuration/guide/3800x3600xscg/swevc.html
  >But there is a typo - per description it should be "enc doat1q 20" under service instance 9on the picture).
  Also under Figure 11-2 we have following example:
   QinQ is also supported when sending packets between an EFP and a switchport trunk, because the switchport trunk is implicitly defined as rewrite ingress tag pop 1 symmetric. The same external behavior as Method 1 can be achieved with this configuration:
  Switch (config)# interface gigabitethernet0/1 
  Switch (config-if)# service instance 1 Ethernet 
  Switch (config-if-srv)# encapsulation dot1q 1-100 
  Switch (config-if-srv)# bridge-domain 30
  Switch (config)# interface gigabitethernet0/2 
  Switch (config-if)# switchport mode trunk
  Again, service instance 1 on Gigabit Ethernet port 0/1 is configured with the VLAN encapsulations used by the customer: C-VLANs 1-100. These are forwarded on bridge-domain 30. The service provider facing port is configured as a trunk port. The trunk port implicitly pushes a tag matching the bridge-domain that the packet is forwarded on (in this case S-VLAN 30). 

• Switch trunking ports

  Hello,
  If I have switch A that has 3 vlans with ip addresses in other words 3 switch virtual interfaces and I configure one  port as a switchport trunk that has the following commands switchport trunk mode and encapulasation dot1q.   Now if I want connect to another switch B to allow those same vlans to go accross and then put 5 ports in those 3 vlans. The port from switch B that connects to switch A I would configure with the following commands  switchport mode trunk and  encapulasation dot1 my question is do I just configure on both switch ports switchport trunk allowed vlan all for devices from both switches in the same vlans to talk to each other or do I still need to add more commands to both switches like add the same svi from switch A to Switch B?

  Hi Horacio
  It sounds like you are pretty much there from reading your original post.
  Using the following commands creates a trunk port between the switches:
  #switchport trunk encapsulation dot1q
  #switchport mode trunk
  If you use these commands on both the switches you are connecting together, you should get a trunk port form and by default this allows all vlans to pass traffic across it.
  If you want to restrict the trunk so that it only passes traffic for specific vlans, this can be achieved using the following command:
  #switchport trunk allowed vlan [X]
  Replace the [X] with the vlans you want to allow. Make sure you do this both sides otherwise you may find one side sending traffic which is dropped by the other side.
  Make sure the Layer 2 Vlans exist on both switches. The SVI you mentioned with be the default gateway for hosts in that Vlan and only needs to exist on the switch which is performing the intervlan routing, you do not need an SVI on each switch for every Vlan.
  Hope this helps

• 10 gig iSCSI port in MDS 9509

  Hi all,
  I have a requirement of 128 port SAN switch (Director class)
  -          15 ports should be iSCSI 10g
  -          Rest 113 port should be 8 Gbps FC
        I am planning to go with two DS-X9248-96K9 module and one DS-X9224-96K9 to meet 120 ports.But I didnt find any 10 gig iSCSI port which is suported in 9509/9506 chassis. Can you please suggest? I can see only GE modules like DS-X9316-SSNK9.
        Also please suggest whether we get line speed in 48-Port 8-Gbps  Fibre Channel Switching Modules?
  Thanks in advance,
        Raghavendra

  Correct...the key is that the 48 port line card has the 96 in the p/n.  That indicates is it a performance module and has the 6 port groups.  There is also what is called a 48 port 8 gig host optimized line card.  That one only has 4 groups of 12, in which 1 of those (4 total) can operate in 8gig mode.
  The 24 port line card has 8 groups of 3 port...and 1 of those (8 total) can operate in 8 gig mode.
  As for the 10 gig iSCSI ports on the MDS...that will probaly not be a feature that the MDS will ever adopt.  The MDS is an iSCSI gateway, where by iSCSI initiator can access a native FC target.  With the advent of more and more natice iSCSI targets, and the move to 10GE, the Nexus 5K is the swtich to use.  It can host iSCSI targets and initiators and provide 10GE for both.  The MDS is not a 10GE switch.
  -hope this helps,
  Mike

• Trunk port problem

  Dear
  I have problem, I need to config trunk port on SLM2048 but I can not see any options in web gui
  How can I do this problem my switch informations are on below
  Model Name 
  SLM2048
  Hardware Version 
  00.03.00
  Boot Version 
  1.0.1
  Firmware Version 
  1.0.1

  The router does not like the combination of cards you have in the chassis.
  In order for a PRI configuration to work, the controller slot should support both voice and data capabilities. This is possible only on slot 0 and slot 1 in the 1760.
  Make sure you are inserting the VWIC module into slot 0 or slot 1 in order for the PRI to work properly. MAke sure you have a PVDM in the chassis by looking for the "PVDM OK" LED on the back of the chassis.
  Anther reason you are seeing this is that you don't have enough DSP resources to support 30 B channels.
  See this doc on CCO for details:
  http://www.cisco.com/en/US/products/hw/routers/ps221/products_tech_note09186a0080094a66.shtml

• Report of trunk ports

  Hi
  Is it possible to make a report that list my trunk ports and what switch / interface its on ?
  I have a large network. I know i have lot of switches where trunk interface is in fastethernet ports. I would like to change that and make that all trunk is on gigabit ports. So would be nice to have a list with that. 
  I have tried the report Wired Detailed Device Inventory. Under trunk it says false/true.. But the interface the report says true to is not always true its a trunk port, and vice versa. So cant use that one.
  If its not possible to run a report that do this is it then possible to make a job with cli commands my self ?
  Im thinking that the: sh int status cli command could work. There i can see wich ports are access and trunks. And then a cli command to give me hostname or IP of switch as well.. if i could get that exported to a csv file i could import that to excel and clean it up my self and sort it so i only had trunk ports on fastethernet interfaces.
  Thanks :)
  / Carsten

  This is Part2 (strange results of recursive with clause)
  from wrong result of 11gR2 Recursive with clause part3
  SQL> with tmp(day1) as(select date '2009-06-01' from dual),
    2  rec(day1) as(
    3  select day1 from tmp
    4  union all
    5  select add_months(day1,1)
    6    from rec
    7   where add_months(day1,1) < date '2010-05-05')
    8  select * from rec;
  select add_months(day1,1)
  ERROR at line 5:
  ORA-01790: expression must have same datatype as corresponding expression
  SQL> with rec(dayc,LV) as(
    2  select cast(date '2010-04-15' as date),1 from dual
    3  union all
    4  select cast(dayc+1 as date),LV+1
    5    from rec
    6   where LV<= 3)
    7  select * from rec;
  DAYC      LV
  10-04-15   1
  10-04-14   2
  10-04-13   3
  10-04-12   4

• Can't apply ALC to trunk port

  Hi,
  I'm trying to configure a Cisco Catalyst 6500 switch to not allow traffic from our traffic generators to go over the trunk link to the rest of the network. Currently I have multiple VLANs that correspond to different lab setups, each having traffic generators on them. The trunk port is used to connect VMs to each of the setups (on different VLANs) but I'm seeing that the traffic generators sometimes flood the trunk link and cause management be unusable.
  I want to configure a port-based ACL to block traffic from the traffic generators from going over the trunk port but I don't see the "ip access-group" command available on this interface.
  Here's the config for my trunk interface:
  CATALYST2#show run int gi1/1
  Building configuration...
  Current configuration : 124 bytes
  interface GigabitEthernet1/1
   switchport
   switchport trunk encapsulation dot1q
   switchport mode trunk
   no ip address
  end
  When I go into config mode and try to tie an ACL to the interface, the command isn't available:
  CATALYST2#conf t
  Enter configuration commands, one per line.  End with CNTL/Z.
  CATALYST2(config)#int gi1/1
  CATALYST2(config-if)#ip access-group ?
  % Unrecognized command
  Any idea why? I need a way to block this traffic (either via IP or MAC ACLs). My understanding is that trunk ports are able to have port-based ACLs applied to them that will act on all VLANs but I can't seem to do it.  
  Thanks for your help in advance!

  After some more research, I noticed that to configure a PACL on a trunk port, you must first configure port prefer mode. The command to put a trunk port in port prefer mode is "access-group mode prefer port" on the interface. Unfortunately that command isn't available in my CLI either... Still stuck. 

• SG-300 CLI How to display trunk ports

  Hello
  I have a very simple question about CLI on SG-300. How to display trunk ports via cli? I have switch with 28 ports and I wanted to see what switchport mode is applied to every port - or simply we can just focus on trunk ports. On Cisco Catalysts there is "show trunk" command in order to get list of ports in Trunk mode. Is there any way to do it on SG-300?
  srv-sw-1#show version
  SW version    1.3.0.62 ( date  02-May-2013 time  14:55:01 )
  Boot version    1.1.0.6 ( date  11-May-2011 time  18:31:00 )
  HW version    V02
  thank you
  michal

  Hi,
  I remember something at least that works port by port:
  >#sh int switchport fa 1
  Port : fa1
  Port Mode: Trunk
  Gvrp Status: disabled
  Ingress Filtering: true
  Acceptable Frame Type: admitAll
  Ingress UnTagged VLAN ( NATIVE ): 1
  Port is member in:
  Vlan               Name               Egress rule Port Membership Type
  1                  1                  Untagged          System
  Displays detailed info about each port, range command will not work, but it's something.
  You can check for vlans and or tags with:
  sh vlan
  sh vlan tag 1.
  NTex

• OVM 3:Monitor a trunk port/create a dedicated NIC

  Hi,
  I need to monitor a trunk port from within a guest. Does OVM offer the ability to tie a network card directly to a guest? I don't want other guests to have access to the same nic at the same time.

  Understood.
  I have now setup a simple network with bonds/ports only and attached that to the NIC that is connected to the SPAN port on my Cisco switch. This SPAN port mirrors a trunk port and thus carries of course all the VLANs.
  Next, I have setup a guest running ntop and that has a vnic attached to it, that is connected to the new network. Now, when I run tcpdump against that port I am only seeing broadcast and multicast traffic. Is there a way to capture the whole network traffic that is mirrored to the SPAN port?
  I have also taken a look at the network with ports and vans, but that doesn't seem to fit either.