RV220W - Setting Up Trunk Ports

Similar Messages

• Automatic errordisable on trunk ports with errors

  Hi
  What's the best way, in CatOS, to set a trunk port to become errordisabled if there is excessive number of errors on the port (faulty sfp/gbic/cable)?
  "udld aggresive mode" seems to be able to errordisable port when it can't re-establish link with the remote side, however it doesn't work when errors come in bursts and not constant.
  Thanks

  You can use the command "set errordetecion link-errors action errdisable" to errdisbale the linke based on the number of rx or tx crc errors due to the link being bad. This command was introduced in 8.4 release.
  You can set several parameters of the command like setting up a thresold , recovery action , timers etc.
  For more details , take a look here.
  http://www.cisco.com/en/US/products/hw/switches/ps708/products_command_reference_chapter09186a008022f4a3.html#wp1063837
  Thanks
  salman Z.

• Best practices for configure Rogue Detector AP and trunk port?

  I'm using a 2504 controller.  I dont have WCS.
  My questions are about the best way to configure a Rogue Detector AP.
  In my lab environment I setup the WLC with 2 APs.  One AP was in local mode, and I put the other in Rogue Detector mode.
  The Rogue Detector AP was connected to a trunk port on my switch.  But the AP needed to get its IP address from the DHCP server running on the WLC.  So I set the native vlan of the trunk port to be the vlan on which the WLC management interface resides.  If the trunk port was not configured with a native vlan, the AP couldn't get an address through DHCP, nor could the AP communicate with the WLC.  This makes sense because untagged traffic on the trunk port will be delivered to the native vlan.  So I take it that the AP doesn't know how to tag frames.
  Everything looked like it was working ok.
  So I connected an autonomous AP (to be used as the rogue), and associated a wireless client to it.  Sure enough it showed up on the WLC as a rogue AP, but it didn't say that it was connected on the wire.  From the rogue client I was able to successfully ping the management interface of the WLC.
  But the WLC never actually reported the rogue AP as being connected to the wired network.
  So my questions are:
  1. What is the correct configuration for the trunk port?  Should it not be configured with a native vlan?  If not, then I'm assuming the rogue detector AP will have to have a static IP address defined, and it would have to be told which vlan it's supposed to use to communicate with the WLC.
  2.  Assuming there is a rogue client associated with the rogue AP, how long should it reasonably take before it is determined that the rogue AP is connected to the wired network?  I know this depends on if the rogue client is actually generating traffic, but in my lab environment I had the rogue client pinging the management interface of the WLC and still wasn't being picked up as an on-the-wire rogue.
  Thanks for any input!!

  #what's the autonomous AP's(as Rogue AP) Wired and Wireless MAC address?
  it has to be +1 or -1 difference. If Wired MAC is x.x.x.x.x.05 and the wireless mac should be x.x.x.x.x.04 or 06. It is not going to detect if the difference is more than + 1 or - 1.
  #Does the switch sees the Rogue AP's wired MAC on its MAC table.
  Rogue Detector listens to ARPs to get all the Wired MAC info and forwards to WLC, It compares with Wireless MAC, if there is a +1 or -1 difference then it will be flagged as Rogue on wire. And the client that connected to it is also marked as found on wire.
  Regards to Trunking, Only Native vlan matters per trunk link, just configure the right vlan as native and we're done.
  It is not mandatory to keep the Rogue detector on Management vlan of wlc. It can also be on L3 vlan also as long as it can join the WLC to forward the learnt wired MACs.
  So if we don't have +1, -1 difference on Rogues then you've to use RLDP which will work with your existing setup to find Rogue on wire. there's a performance hit when we use this feature on local mode APs.
  Note: For AP join - AP can't understand Trunk, meaning if AP connected to Trunk it'll only talk to its native vlan irrespective of AP mode, however rogue detector listens to the Trunk port to learn MACs via ARPs from different VLANs and forwards to WLC using native vlan.

• 10 Gig Trunk Port

  I'm setting up two 3750E switches on a bench prior to installing them  - with a ten Gig port trunk port between them. I am running PVST and have pretty standard switch configuration.   Show span indicates that all my vlans are forwarding between the ports but the packet rate keeps increasing as if its in a loop.  Must be something obvious but can't find it - is there anything special you have to do to those ten GIG Modules to get them to work.
  # interface ten gig 1/0/2
  # sw trunk enc dot1q
  # sw mode trunk
  # sw nonegotiate

  pardon me. I thought you are saying that packets are dropping but you are talking about STP loop.
  As mentioned in other post, check  if this link creating STP loop because of UDLD ?  Maybe one of your cable not working or some other reason.
  Though in LR you dont need an attenuator but check the power levels at both sides.Are they within receiver sensitivity? as you must be  connecting back to back just with patch cables.

• Trunk Port for 2950 and 2960G

  Hi Guys,
  I have tried connecting 2 switch using a trunk port in able for VLAN to run on 2950 switch, 2950 and 2960G, but the problem is, it keeps going up and down when I check the logs. The client experienced intermittent network connection by this problem. What seems to be the problem here? I already replaced the cables.
  Here is the config:
  They are connected via cross-cable
  2950:
  Int f0/24 --> 100mbps port
  switchport mode trunk
  2960G:
  Int G0/1 --> 1Gbps port
  switchport mode trunk
  *I believe they will auto negotiate their current speed and duplex.
  Thanks in advance.
  Cheers!

  Yes, they have the same settings.
  Here it is:
  int g0/2
  MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,
  reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation ARPA, loopback not set
  Keepalive set (10 sec)
  Full-duplex, 100Mb/s, media type is 10/100/1000BaseTX
  input flow-control is off, output flow-control is unsupported
  ARP type: ARPA, ARP Timeout 04:00:00
  Last input 00:00:23, output 00:00:00, output hang never
  Last clearing of "show interface" counters 5d18h
  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
  Queueing strategy: fifo
  Output queue: 0/40 (size/max)
  5 minute input rate 21000 bits/sec, 21 packets/sec
  5 minute output rate 495000 bits/sec, 180 packets/sec
  5180581 packets input, 1243581478 bytes, 0 no buffer
  Received 62493 broadcasts (0 multicast)
  0 runts, 0 giants, 0 throttles
  2 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
  0 watchdog, 30119 multicast, 0 pause input
  0 input packets with dribble condition detected
  179416978 packets output, 2694243274 bytes, 0 underruns
  0 output errors, 0 collisions, 0 interface resets
  0 babbles, 0 late collision, 0 deferred
  0 lost carrier, 0 no carrier, 0 PAUSE output
  0 output buffer failures, 0 output buffers swapped out
  int f0/24
  MTU 1500 bytes, BW 100000 Kbit, DLY 1000 usec,
  reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation ARPA, loopback not set
  Keepalive set (10 sec)
  Full-duplex, 100Mb/s, media type is 100BaseTX
  input flow-control is unsupported output flow-control is unsupported
  ARP type: ARPA, ARP Timeout 04:00:00
  Last input 00:00:00, output 00:00:00, output hang never
  Last clearing of "show interface" counters 5d18h
  Input queue: 2/75/0/0 (size/max/drops/flushes); Total output drops: 0
  Queueing strategy: fifo
  Output queue: 0/40 (size/max)
  5 minute input rate 504000 bits/sec, 180 packets/sec
  5 minute output rate 22000 bits/sec, 22 packets/sec
  179389710 packets input, 2690183405 bytes, 0 no buffer
  Received 26481884 broadcasts (0 multicast)
  0 runts, 0 giants, 0 throttles
  4510 input errors, 3566 CRC, 243 frame, 0 overrun, 0 ignored
  0 watchdog, 17984825 multicast, 0 pause input
  0 input packets with dribble condition detected
  5180070 packets output, 1243477217 bytes, 0 underruns
  0 output errors, 0 collisions, 0 interface resets
  0 babbles, 0 late collision, 0 deferred
  0 lost carrier, 0 no carrier, 0 PAUSE output
  0 output buffer failures, 0 output buffers swapped out

• Can I 'monitor session' trunk ports to a Cisco IDS?

  I ran across an existing config that has two trunk ports on a 3560 being port monitored to another port which is plugged in to a port on an ids 4515. Will the IDS be able to interpret that trunk traffic? The customer is complaining that they aren't able to see events on a local network (VLAN 1) and this is suppose to be the port they get that traffic from.
  Not sure why they chose to monitor trunk ports and I'm not sure it's even possible. I want to change the monitored port to some other local VLAN port that makes sense.
  Here are the existing lines:
  interface G0/47
  switchport turn encap dot1q
  switchport mode trunk
  interface G0/48
  switchport turn encap dot1q
  switchport mode trunk
  monitor session 2 source interface Gi0/47 - 48
  monitor session 2 destination interface Gi0/20
  ...port 20 goes to the ids.

  There are 3 modes of sensing supported on the sensors: promiscuous, inline interface pair, and inline vlan pair.
  Each mode interacts with vlan headers slightly differently.
  Promiscuous:
  A promiscuous sensor is fully capable of analyzing 802.1q trunk packets. The vlan will also be reported in any alerts generated.
  The trick when monitoring using a trunk is to ensure the span (or vacl capture) configuration is correct on the switch to get the packets you are expecting.
  Many types of switches have special caveats when a trunk is a source or destination port in the span.
  We also even support Vlan Group subinterfaces on the promiscuous interface.
  This allows sets of vlans on the same monitoring port to be monitored by different virtual sensors.
  So you could take vlans 1-10 and monitor with vs0, and then take vlans 11-20 and monitor with vs1, etc....
  However, to use this feature the switch must be very consistent in how packets are sent to the sensor. When monitoring a connection the sensor needs to see both client and server traffic. And when using Vlan Groups the sensor needs to see the client and server traffic ON THE SAME VLAN. It is this on the same vlan requirement that is not always possible with some span configurations when the switch itself is routing between vlans. Most switches are deployed with routing between vlans by the switch, and so in many cases you won't see the client and server traffic on the same vlans. This is very switch code dependant so you would need to do some research on your specific switch.
  Inline Interface Pair:
  With an inline interface you are pairing 2 physical interfaces together. A common deployment is to place the inline interface pair in the middle of an existing 802.1q trunk port. Interface 1 would be plugged into the switch, and interface 2 plugged into the other switch or other type of device (like router or firewall).
  In this setup the sensor is fully capable of monitoring these packets with 802.1q headers.
  However, there is something to keep in mind in these deployments. Often that other device (router, firewall, or switch) will route packets between vlans. So a packet going through the sensor on vlan 10 could be routed right back through the sensor again on vlan 20. Seeing the same packet again can cause TCP tracking confusion on the sensor (especially when the other device is doing small modifications to the packet like sequence number randomization).
  To address these we have 2 features.
  On InLine Interface Pairs we have the same Vlan Group feature as I discussed above in Promiscuous mode. (Do not confuse Vlan Groups with InLine Vlan Pairs discussed later in this response).
  So with Vlan Groups you could separate the vlans across virtual sensors. So if the packet gets routed back into the sensor you could configure it so that packet gets monitored by a separate virtual sensor and it will prevent the sensor confusion with state tracking.
  However, there will still be some situations where the packet may still need to cross the same virtual sensor twice. For this deployment scenario we have a configuration setting where you can tell the sensor to track tcp sessions uniquely per vlan. So long as the return packet is on a different vlan this should prevent the tcp tracking confusion. BUT there is a bug this code right now. It should be fixed in an upcoming service pack. The workaround is to go ahead and create a unique Vlan Group for each vlan (one vlan per group instead of multiple vlans in a group), and assign all of the Vlan Groups to the virtual sensor(s).
  And then you InLine Vlan Pairs:
  With InLine Vlan Pairs the monitoring interface Must be an 802.1q trunk port.
  Instead taking packets in one interface and passing to the next interface, the sensor actually takes packets in on one vlan and then sends it back on the other vlan of the pair on the same interface. It does this by modifying the vlan number in the 802.1q header.

• SRW2048 - trunk port

  Hi,
  I have a question according trunk port behavior.
  I need to connect Cisco Linksys to a Catalyst switch. On the Catalyst I have set up the port to trunk mode.
  I have also put the SRW2048 port to trunk mode. But the switches are not able to communicate to each other.
  Is there any possibility to set up on the SRW2048 to accept all tagged vlans on the trunk port. Because it looks like
  to be a bit different behavior from cisco switches where are all vlans available on the trunk mode port.
  I am talking about encapsulation dot1q (tagged Vlans)
  The switch has teh newest firmware: v1.2.2d
  Thank you for your response.
  Juraj

  Unlike the Catalyst, the SRW does not automatically add all VLANs on the switch to a trunk port. Instead you have to make all your VLANs member of the trunk mode port.

• TRUNK PORTS (HELP URGENT)

  Dear all
  Last night I configured the trunk ports between all my switches, Its a redundant circuit. I did the last one that plugs back into the core switch and it took all of my building out, I could not get to any other switch, For some reason spanning tree blocked the trunk ports that I set up on the last switch !!!!
  When setting up trunks between switches I presume you have to set 2 trunks per switch ? i.e 1 trunk to previous switch and another to the next switch !!!!
  I have never been so scared !!!!

  here are the configs,
  here is the backbone
  version 12.1
  no service pad
  service timestamps debug uptime
  service timestamps log uptime
  service password-encryption
  hostname TK-BACKBONE-3550
  enable secret xxxx
  enable password xxx
  ip subnet-zero
  spanning-tree mode pvst
  spanning-tree extend system-id
  interface GigabitEthernet0/1
  switchport mode dynamic desirable
  interface GigabitEthernet0/2
  switchport mode dynamic desirable
  interface GigabitEthernet0/3
  switchport mode dynamic desirable
  interface GigabitEthernet0/4
  switchport mode dynamic desirable
  interface GigabitEthernet0/5
  switchport mode dynamic desirable
  interface GigabitEthernet0/6
  switchport mode dynamic desirable
  interface GigabitEthernet0/7
  switchport trunk encapsulation dot1q
  switchport mode dynamic desirable
  interface GigabitEthernet0/8
  switchport mode dynamic desirable
  interface GigabitEthernet0/9
  switchport mode dynamic desirable
  interface GigabitEthernet0/10
  switchport mode dynamic desirable
  interface GigabitEthernet0/11
  switchport mode dynamic desirable
  interface GigabitEthernet0/12
  switchport mode dynamic desirable
  interface Vlan1
  ip address 10.1.2.30 255.0.0.0
  interface Vlan200
  no ip address
  ip default-gateway 10.1.1.1
  ip classless
  ip http server
  snmp-server community public RO
  line con 0
  line vty 0 4
  password xxx
  login
  line vty 5 15
  password xxx
  login
  end
  here is the last switch in the circuit
  version 12.1
  no service pad
  service timestamps debug uptime
  service timestamps log uptime
  no service password-encryption
  hostname BCR-2950-2
  enable secret xxxx
  enable password xxx
  ip subnet-zero
  no ip finger
  interface FastEthernet0/1
  interface FastEthernet0/2
  interface FastEthernet0/3
  interface FastEthernet0/4
  interface FastEthernet0/5
  interface FastEthernet0/6
  interface FastEthernet0/7
  interface FastEthernet0/8
  interface FastEthernet0/9
  interface FastEthernet0/10
  interface FastEthernet0/11
  interface FastEthernet0/12
  interface FastEthernet0/13
  interface FastEthernet0/14
  interface FastEthernet0/15
  interface FastEthernet0/16
  interface FastEthernet0/17
  interface FastEthernet0/18
  interface FastEthernet0/19
  spanning-tree portfast
  interface FastEthernet0/20
  interface FastEthernet0/21
  interface FastEthernet0/22
  interface FastEthernet0/23
  interface FastEthernet0/24
  interface GigabitEthernet0/1
  interface GigabitEthernet0/2
  interface Vlan1
  ip address 10.1.2.24 255.0.0.0
  no ip route-cache
  ip default-gateway 10.1.1.1
  no ip http server
  snmp-server engineID local xxxx
  snmp-server community private RW
  snmp-server community public RO
  line con 0
  exec-timeout 0 0
  transport input none
  line vty 0 4
  password parker2710
  login
  line vty 5 15
  password parker2710
  login
  end
  hope this helps
  Carl

• Trunk port vs Access port speed

  I am setting up a 4900M for a temporary training class, for 1Gb connected client PCs.  I used a 10Gb interface with an X2-10G-SR which will connect via 62.5 micron fiber, to a 4948 10Gb interface with an SFP-10Gb-SR.  As for the config, I have the 4900M te1/1 setup as an access port to the 4948.  The connectivity is fine, as is the routing.  But when we use the client PCs disk connectivity (connecting to 10Gb storage) we get great read speeds but when it tries writing it slows down and eventually errors out.  
  Question 1:  Would it make a difference if the 4900M was connected via a trunk port to the 4948?
  I believe the issue is the length of the 62.5 fiber, and the maximum transmit\receive length of the transceivers, but I want to rule out the switchport configuration.

  Thanks.  You were correct, as changing the port configuration from access to trunk produced the same R/W speeds.  The issue was with the fiber run being too long for the SR trancievers.

• "Multicast" Across a Trunk port

  I have a pair of Nokia firewalls connected to two 4006 switches running 7.6.3 code. The firewalls have a multicast virutal address that doesn't seem to pass across an etherchannel trunk between the switches even though the vlan they are in is being forwarded across the trunk. Do you know if a dot1q trunk would block a multicast packet from a Nokia firewall from passing ?

  Hi :
  Basically , by default multicast is only forwarded to the router ports or where an IGMP request is received. Now you have a Cat4000 and it has CGMP turned on by default . As long as it does not detect any router ports , multicast should basically be flooded in the entire vlan. In your case , multicast not being flooded makes me think the switch is detecting a multicast router at some other port other then the trunk port and certainly not receiving a CGMP join from that router for this particular group.
  Here is a hack that you can use.
  set multicast router
  where mod/port is a trunk port .
  Second thing is youc an disable CGMP only if you do not have other multicast traffic in your network and only traffic is this low volume keepalive traffic between the firewalls so that this traffic will be flooded in the entire vlan on both switches.
  set cgmp disable
  Hope this helps.
  Salman Z.

• Configure trunk port between 2 SG500 switches

  Hi all,
  I'm trying to do what seems to be a simple task but cannot get it to work.  I've very familiar with the Cisco commands on 2900 all the way up to 6500 series switches.  The SG500 has me stumped.  I have 3 switches, sw1, sw2, sw3.  sw1 and sw2 are stacked.  sw3 is standalone and in a different part of the building, maybe 25ft away.  All I want to do is set up a trunk port between the stack and the standalone.  In going by past experience, I would set the port as :
  - switchport mode trunk
  - switchport trunk allowed vlan 2,3,4
  The SG makes me specify tagged or untagged - which is fine.  So any vlan I want to move across the trunk i tag, obviously.  I do everything as I've done for years and it doesn't work.  VLAN1 is untagged, all VLANs I want to flow are allowed and tagged. 
  I'm quickly realizing I should have bucked up and just bought what I'm used to but I didn't have a choice in the matter.
  Any help would be great!
  Shawn

  Hi Shawn, something is the matter if the switch is asking you for tagged or untagged. The only reason it should be requesting a tag or untag statement is from a general port mode.
  The command syntax for the function is exactly the same as an IOS switch
  switchport mode trunk
  switchport trunk allowed vlan add 2,3,4
  Just like a Catalyst, if you use switchport trunk allowed vlan x,x,x it won't take the command as insufficient privilege or whatever the error it gives, suffice it say it doesn't really do anything without the add(or remove).
  -Tom
  Please mark answered for helpful posts

• Problems with vlan and dot1q trunking port

  Dear Folks,
  i have problems with my AccessPoint Konfiguration.
  Even when i set the Catalyst Port to trunk, i can only connect to VLAN 1 but not to VLAN 10.
  and if i change the port to statik vlan 10 i can not connect to the ap but it works...
  config below:
  User Access Verification
  version 12.2
  no service pad
  service timestamps debug datetime msec
  service timestamps log datetime msec
  service password-encryption
  hostname 1200_PP_1
  logging queue-limit 100
  enable secret xxxx
  clock timezone A 1
  ip subnet-zero
  bridge irb
  interface Dot11Radio0
  no ip address
  no ip route-cache
  ssid DEPACNGLW0HS
  vlan 10
  authentication shared
  infrastructure-ssid
  mobility network-id 10
  speed basic-1.0 2.0 5.5 11.0
  rts threshold 2312
  channel 2412
  antenna receive right
  antenna transmit right
  station-role root
  interface Dot11Radio0.1
  no ip route-cache
  interface Dot11Radio0.10
  encapsulation dot1Q 10 native
  no ip route-cache
  bridge-group 1
  bridge-group 1 subscriber-loop-control
  bridge-group 1 port-protected
  bridge-group 1 block-unknown-source
  no bridge-group 1 source-learning
  no bridge-group 1 unicast-flooding
  bridge-group 1 spanning-disabled
  interface FastEthernet0
  no ip address
  no ip route-cache
  speed 100
  full-duplex
  ntp broadcast client
  interface FastEthernet0.1
  encapsulation dot1Q 1
  no ip route-cache
  bridge-group 254
  no bridge-group 254 source-learning
  bridge-group 254 spanning-disabled
  interface FastEthernet0.10
  encapsulation dot1Q 10 native
  no ip route-cache
  bridge-group 1
  no bridge-group 1 source-learning
  bridge-group 1 spanning-disabled
  interface BVI1
  ip address 10.2.2.222 255.255.255.0
  no ip route-cache
  ip default-gateway 10.2.2.2
  ip http server
  ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag/122-15.JA/1100
  ip radius source-interface BVI1
  bridge 1 route ip
  line con 0
  line vty 0 4
  login local
  line vty 5 15
  login
  end
  it would be fine if anyone could help me....

  You configure Layer 3 Mobility with WLSM. No trunking is required on the CAT switch. However, you need to set the switch port on the CAT switch as access port in VLAN 10.
  Please post the WLSM and SUP720 configuration. Also, which VLAN do you want to access the AP?
  The following URL may be useful for you to verify the configuration:
  http://www.cisco.com/en/US/partner/products/hw/wireless/ps430/prod_technical_reference09186a00802a86a7.html

• Trunked port active in vlan

  Maybe there's an obvious answer, but I have this strange thing;
  Switchport config
  interface GigabitEthernet0/2
   description Trunk to CORE02
   switchport mode trunk
   shutdown
   srr-queue bandwidth share 10 10 60 20
   queue-set 2
   priority-queue out
   mls qos trust cos
   auto qos voip trust
  sh vlan brie
  VLAN Name                             Status    Ports
  1    default                          active    Gi0/2
  Why is it that this port, which is configured as a trunk port, shows up as active in vlan1? Also when I do a show interfaces trunk, this specific port is not listed as a trunked port. By the way I had to shutdown the port because it was causing issues. It's a redundant link, when enabled I would expect spanning tree to do it's magic, but somehow it does not and instead causes half of our lan to become unreachable. Not sure why.

  in my switch I can not delete it
  Switch Ports Model              SW Version            SW Image                 
  *    1 52    WS-C2960S-48TS-L   12.2(58)SE2           C2960S-UNIVERSALK9-M     
  interface GigabitEthernet1/0/41
   description 2960_24_POE_5_24
   switchport mode trunk
   spanning-tree portfast
  _Cat_2960s_5_1#sh vla br
  VLAN Name                             Status    Ports
  1    default                          active    Gi1/0/41, 
  _Cat_2960s_5_1#
  _Cat_2960s_5_1#sh runn all | b interface GigabitEthernet1/0/41
  interface GigabitEthernet1/0/41
   description 2960_24_POE_5_24
   switchport
   switchport access vlan 1
   switchport private-vlan trunk encapsulation dot1q
   switchport private-vlan trunk native vlan tag
   switchport mode trunk
   no switchport nonegotiate
   no switchport protected
   no switchport block multicast
   no switchport block unicast
   switchport port-security maximum 1
   no switchport port-security
  _Cat_2960s_5_1#conf t
  Enter configuration commands, one per line.  End with CNTL/Z.
  _Cat_2960s_5_1(config)#interface GigabitEthernet1/0/41
  _Cat_2960s_5_1(config-if)#no switchport access vlan 1
  _Cat_2960s_5_1(config-if)#^Z
  _Cat_2960s_5_1#
  _Cat_2960s_5_1#
  _Cat_2960s_5_1#
  _Cat_2960s_5_1#
  _Cat_2960s_5_1#
  _Cat_2960s_5_1#
  _Cat_2960s_5_1#sh runn all | b interface GigabitEthernet1/0/41
  interface GigabitEthernet1/0/41
   description 2960_24_POE_5_24
   switchport
   switchport access vlan 1
   switchport private-vlan trunk encapsulation dot1q
   switchport private-vlan trunk native vlan tag
   switchport mode trunk
  another trunk port with native vlan configured is not in vlan 1

• Trunk Port Threshold Best Practice?

  Using CiscoWorks LMS and I notice the notification threshold for switch port utilisation is set at 40%. I know I've seen this before, but I can't remember why 40% was the magic number. I've Googled and come up with nothing useful so I'm handing it over to the experts :)
  Does this have something to do with this value being an "average" rather than a peak? I'm struggling to understand why, in a fully switched network, 40% utilisation is something to be concerned about.
  Hope you can improve my education :)
  Cheers,
  Ben.

  Thanks Mohammed.
  I think I may have chosen my words poorly.
  What I'm really trying to understand is this:
  In a full-duplex, microsegmented network, which is essentially a collision-less environment, wouldn't it make more sense to set a utilisation threshold of around 80%? In that case, you'd actually be getting close to saturating your bandwidth and creating a bottleneck.
  At 40% utilisation, especially on a trunk port which you'd expect to run at a higher utilisation, you still have quite a large portion of free bandwidth.
  I'm still relatively new to the networking game, so I'm trying to get my head around something that others seem to take for granted. The question is really more general, about the 40% utilisation threshold figure, than about CW LMS specifically.
  Cheers,
  Ben.

• Access to trunk port clarification

  Hello-
  I am looking to clarify a point of confusion for myself regrading connecting an access port to a trunk port. Consider the following switchport config on switch1:
  Switch#1
  interface GigabitEthernet0/5
   switchport
   switchport access vlan 6
  ....and the corresponding config on it's neighbor:
  Switch#2
  Interface GigabitEthernet10/8
  switchport
  switchport mode trunk
  switchport trunk allowed vlan 1,6,100
  My first question is- Is this a valid configuration? Secondly, what would the expected results be? I am curious about what vlans would be allowed to pass through..
  Thanks in advance-
  Brian

  This would work fine but not recommended.
  Also the traffic between the switches would be only Native Vlan and vlan 6 will pass through.
  SW1-----F0/1----------f0/1----SW2
  SW1#sh int trunk 
  Port        Mode         Encapsulation  Status        Native vlan
  Fa0/1       auto         n-802.1q       trunking      1
  Port        Vlans allowed on trunk
  Fa0/1       1-1005
  Port        Vlans allowed and active in management domain
  Fa0/1       1,6
  Port        Vlans in spanning tree forwarding state and not pruned
  Fa0/1       1,6
  SW1#
  SW2
  SW2#sh int trunk 
  Port        Mode         Encapsulation  Status        Native vlan
  Fa0/1       on           802.1q         trunking      1
  Port        Vlans allowed on trunk
  Fa0/1       1,6,100
  Port        Vlans allowed and active in management domain
  Fa0/1       1,6,100
  Port        Vlans in spanning tree forwarding state and not pruned
  Fa0/1       1,6,100
  SW2#
  2) Part of this config is that any vlans which are been configured under the SW1 would be allowed through that access port.
  ex:
  SW1#sh int trunk 
  Port        Mode         Encapsulation  Status        Native vlan
  Fa0/1       auto         n-802.1q       trunking      1
  Port        Vlans allowed on trunk
  Fa0/1       1-1005
  Port        Vlans allowed and active in management domain
  Fa0/1       1,6,10,20,30,40,50,60,70,80,90,100
  Port        Vlans in spanning tree forwarding state and not pruned
  Fa0/1       1,6,10,20,30,40,50,60,70,80,90,100 ...>>>>>>>>>>all vlans are allowed here.
  b)
  Were as on Switch 2 if you create all these vlans and u dont allow that to go through the trunk interface which you have configured those vlans would nt be flowing through.
  eg;
  SW2#sh int tr
  Port        Mode         Encapsulation  Status        Native vlan
  Fa0/1       on           802.1q         trunking      1
  Port        Vlans allowed on trunk
  Fa0/1       1,6,100
  Port        Vlans allowed and active in management domain
  Fa0/1       1,6,100
  Port        Vlans in spanning tree forwarding state and not pruned
  Fa0/1       1,6,100>>>>>>>>>>>>>>>.Only 3 vlans would be flowing through due to explicit defined. but if you defined allowed all then all vlans would be shown here.
  i created all the vlans above on sw2 but you can see only 3 vlans are allowd as you have explicitly defined it.
  Hope this clarifies your query.
  Regards
  Inayath
  *************Plz dont forget to rate posts***********