Switchport trunk encapsulation on L3 switches

                Why is 'switchport trunk encapsulation <dot1q or isl> required on L3 switches?  The default trunk encapsuation mode on 'modern' Cisco switches is to 'auto' negotiate, so why doesn't 'auto-negotiate' work when configured from the L3 switch port?  If I configure 'switchport mode trunk' on an L2 switch (capable of only dot1q) and don't configure the adjacent L3 port, the trunk is auto-negotiated.  However, if I configure 'switchport mode trunk' on the L3 port first, it gives the error we've all witnessed: Command rejected: An interface whose trunk encapsulation is "Auto" can not be configured to "trunk" mode. Interestingly, if I configure, 'switchport mode dynamic desirable' on the L3 port, the interface does indeed negotiate the trunk encapsulation and establish the trunk.  According to Cisco documentation, the 'switchport mode trunk' command is also supposed to negotiate the trunking status and encapsulation--so why doesn't this command work the same as 'switchport mode dynamic desirable?'

John,
You're absolutely correct.  My hope is that Cisco will change its definition for 'switchport mode trunk.'
This is from their documentation:
switchport mode dynamic desirable
Makes the interface actively attempt to convert the link to a trunk link. The interface becomes a trunk interface if the neighboring interface is set to trunk, desirable, or auto mode.
switchport mode trunk
Puts the interface into permanent trunking mode and negotiates to convert the neighboring link into a trunk link. The interface becomes a trunk interface even if the neighboring interface is not a trunk interface.
switchport nonegotiate
Prevents the interface from generating DTP frames. You can use this command only when the interface switchport mode is access or trunk. You must manually configure the neighboring interface as a trunk interface to establish a trunk link.
I've highlighted negotiates to point out that DTP frames are still sent to the neighboring device to negotiate the trunking status. Therefore, why doesn't it also negotiate the encapsulation type when desiring to trunk? My point being, if it's going to trunk unconditionally and not negotiate the trunking protocol, and since you'd have to have an ISL-only switch (non-extant), Cisco should simply get rid of ISL on their switches or have the 'negotiation' process or (unconditional state) select dot1Q as the trunking protocol.

Similar Messages

  • 2960 will not allow "switchport trunk encapsulation dot1q" CLI

    I have a Cisco 2960 switch that is not allowing me to setup switchport trunk encapsulation dot1q on a trunking interface.
    The show capabilities shows that the interface can use 802.1q, but when I try to CLI the command the work encapsulation is not an option.
    Please advise with a solution.
    Thanks, S
    Model - WS-C2960G-24TC-L  
    SW Version - 12.2(44)SE6          
    SW Image - C2960-LANBASEK9-M
    S1#
    S1#sh int gi0/23 capabilities
    GigabitEthernet0/23
    Model:                 WS-C2960G-24TC-L
    Type:                 1000BaseLX SFP
    Speed:                 1000
    Duplex:               full
    Trunk encap. type:     802.1Q
    Trunk mode:           on,off,desirable,nonegotiate
    Channel:               yes
    Broadcast suppression: percentage(0-100)
    Flowcontrol:           rx-(off,on,desired),tx-(none)
    Fast Start:           yes
    QoS scheduling:       rx-(not configurable on per port basis),
                             tx-(4q3t) (3t: Two configurable values and one fixed.)
    CoS rewrite:           yes
    ToS rewrite:           yes
    UDLD:                 yes
    Inline power:         no
    SPAN:                 source/destination
    PortSecure:           yes
    Dot1x:                yes
    Multiple Media Types: rj45, sfp, auto-select
    S1#
    S1#
    S1#
    S1(config-if)#switchport ?
    access         Set access mode characteristics of the interface
    backup         Set backup for the interface
    block         Disable forwarding of unknown uni/multi cast addresses
    host           Set port host
    mode           Set trunking mode of the interface
    nonegotiate   Device will not engage in negotiation protocol on this
                     interface
    port-security Security related command
    priority       Set appliance 802.1p priority
    protected     Configure an interface to be a protected port
    trunk         Set trunking characteristics of the interface
    voice         Voice appliance attributes
    S1#
    S1#
    S1#
    S1(config-if)#switchport trunk ?
    allowed Set allowed VLAN characteristics when interface is in trunking mode
    native   Set trunking native characteristics when interface is in trunking
               mode
    pruning Set pruning VLAN characteristics when interface is in trunking mode
    S1#
    S1#
    S1#

    Newer devices don't support ISL so you can only run 802.1Q. That means that there is no need for an encapsulation command because only one encapsulation is supported. If the device had support for ISL then you would also have that command.
    Daniel Dib
    CCIE #37149
    Please rate helpful posts.

  • Cisco catalyst 3850 switch won't take command: "switchport mode trunk encapsulation dot 1q"

    Hi all,
        I'am working on this switch's configuration. when I typed "switchport mode trunk encapsulation dot 1q", I got an error " invavid input". I'm guessing that this model already set encapsulation type to dot 1q, and that's why the switch won't take it, right? 
       Please help!

    According to the documents it supports both.
    You are however using the wrong command, it should be -
    "switchport trunk encapsulation dot1q"
    ie. no "mode" keyword.
    If it doesn't take that then do a "sh int <x> capabilities" and it should show you which encapsulation methods are supported.
    Jon

  • Switch trunk native and switchport trunk allowed commands

      Hello,
    What will be the result of having these two commands defined on trunk
    Switch(Config-if)# switchport trunk native vlan 500
    Switch(Config-if)# switchport trunk allowed vlan remove 500
    Thanks        

    The first command would send traffic untagged over vlan 500, but the second command removes vlan 500 from the trunk, so I think you would lose traffic for anything using vlan 500....
    HTH,
    John
    *** Please rate all useful posts ***

  • ASA5585-X Switchport Trunk ask security expert

    Hi, I have ASA5585-X version 9.1 and asdm version 7.1
    have alot of diffrent vlans on the asr router. asr router have a subif with vlans. asa 5585 are behind to asr router. want to setting up asa 5585 switch ports trunk mode. is it possible?
    Topology are below.
    ISP -> Cisco ASR with bgp and subif and gateway for the vlans -> ASA5585 all ip addresses security configrations -> Cisco 6500 aggregations switch -> Cisco 2960 cabinets switchs -> Servers

    I can't speak to the ASR router configuration, but you can definitely have trunk ports on the ASA side.  What has worked for me between 3750 switches and assorted generations of ASA hardware and software is configurations like:
    On the switch you set it to mode trunk with negotiation off:
    interface GigabitEthernet1/0/38
    switchport trunk encapsulation dot1q
    switchport trunk native vlan 400
    switchport trunk allowed vlan 1,430-435,543-545
    switchport mode trunk
    switchport nonegotiate
    On the ASA you put the parent physical interface into "no shutdown" state and then set up subinterfaces with vlan tags:
    interface GigabitEthernet0/3
    description trunk port
    no nameif
    no security-level
    no ip address
    interface GigabitEthernet0/3.543
    description first subinterface
    vlan 543
    nameif whatever
    security-level 80
    ip address 192.0.2.1 255.255.255.0
    -- Jim Leinweber, WI State Lab of Hygiene

  • Trunking on older 3500XL switches

    I probably already know the answer to this but is there a way to remove vlans 1 and 1002-1005 on a trunk port on a 3548-XL? I want to be able to connect an IP phone to the port and only allow traffic from my voice and the floor vlans (599 & 730) respectively. But when I run the command:
    switchport trunk allowed vlan remove 1-598,600-729,731-1024
    all the vlans are removed exept 1,599,730,1002-1005. I know that these are "special" vlans and these are older switches, but is there a way to remove them from a port on these switches?

    If you want to configure the port for just voice vlan and data vlan then you need not to clear vlans out of the trunk, just configure voice vlan. This platform should support voice vlan. for example:
    interface FastEthernet0/2
    description DOT1Q port to IP Phone
    switchport trunk encapsulation dot1q
    switchport trunk native vlan 730
    switchport mode trunk
    switchport voice vlan 599
    spanning-tree portfast
    For more information:
    http://www.cisco.com/en/US/tech/tk1077/technologies_configuration_example09186a00800ffdcc.shtml#vlanscat3500
    From 3500XL port configurations guide:
    http://www.cisco.com/univercd/cc/td/doc/product/lan/c2900xl/29_35wc6/scg/swports.htm#xtocid32
    Please rate helpful posts.

  • Etherchannel trunk with two cisco switch

    Hi, my company using only one Cisco 3750 switch with VLAN1,2,3,4,5. 
    Now my company bought another cisco switch and we would like to etherchannel trunk between both and create new VLAN in new switch.  We look over from partner, some of them suggested we use LACP, and some of them suggest we use PAgP.  We are so confuse which will be better in our environment.
    Previous: Router <> 3750 switch A (VLAN 1,2,3,4,5)
    Now we bought another Cisco Switch B:  Router <>3750 switch A <> switch B (add more VLAN 6,7,8,9,10)
    Which of below command is the best choice to suit our company ? suppose we use 2 port of gigabitethernet 1/0/1 and 1/0/2 trunk?  All VLAN 1-10 need to communicate with each other.
    interface GigabitEthernet1/0/1
     channel-group 1 mode active  <<< (use "active" or "desirable" is the best choice)
     switchport mode trunk
    interface GigabitEthernet1/0/2
     channel-group 1 mode active
     switchport mode trunk
    interface Port-channel 1
     switchport trunk encapsulation dot1q << (do we need put this? as we think this is by default after trunk?)
     switchport mode trunk
     switchport nonegotiate <<< (do we need "nonegotiate" if both switch setup same configure?)

    Hello
    My understanding is pagp and lacp basically perform the same features - however as PAGP is cisco propriety LACP is IEEE standard which can be used between different route/switch vendor platforms.
    As for disabling DTP ( switchport nonegotiate) - i would agree to do this suggestion, As so not to  have trunks being dynamically created.
    Lastly i would manually prune unused vlans across trunk interfaces, to save on cpu and memory usage because of the stp instances that coild be used ( however such a small vlan database  like yours would not be an issue)
    So to summarise:
    Cisco to Cisco ehterchannels =PAGP
    Cisco to other vendors = LACP
    L2 etherchannel
    ================
    1) default physical interfaces (if possible)
    2) configure port-channel in physical interfaces
    -- port-channel will be created automatically
    3)create trunking encapsulation or access port mode directly in port-channel interface
    4)enable physical interfaces "no shut"
    conf t
    default int ran fa0/1 -3 ( if applicable)
    int ran fa0/1 -3
    shut ( if applicable)
    channel-group 1 mode xxx
    int port-channel 1
    switchport trunk encap dot1q
    switchport- mode trunk
    switchport nonegotiate
    switchport trunk allowed vlan 1-10
    res
    Paul

  • Trunk encapsulation do1q failure

    Hi,
    I am trying to add command on 10/100/1000 Card, switch port trunk ^encapsulation dot1q
    It does not allow me enable encapsulation on the line card.
    Any idea if it is bug?
    The hardware card is WS-X6148-GE-TX
    The ios version is c6sup2-rp-3k203su-m12.1(26)ES
    thanks

    Hi Mikram,
    AFAIK when the switch is running in Native mode all the ports are in layer 3 mode which means they are routed ports and to configure trunking you have to first convert them into layer 2 mode with "switchport" command under interface config mode.
    And once you have converted these routed ports into layer 2 mode then you can configure trunking encapsulation on the interface with command "switchport trunk encapsulation dot1q"
    HTH, if yes please rate the post.
    Ankur

  • Switchport trunk

    De la siguiente configuración cual es la mas apropiada para que tarabajen en redundancia entre 2 equipos 4507.
    interface GigabitEthernet4/15
    switchport access vlan 110
    switchport trunk encapsulation dot1q
    switchport trunk allowed vlan 110
    switchport mode trunk
    duplex full
    speed 100
    interface GigabitEthernet4/15
    switchport trunk encapsulation dot1q
    switchport trunk allowed vlan 110
    switchport mode trunk
    duplex full
    speed 100

    Hi Frind,
    Can you please post the question in english. I tried translating it but was not very successfull.
    Your first config and second config is exactly the same with only one difference that in your first config you have configured native vlan as 110 and in your second config the native vlan is 1 which is bydefault.
    Native vlan is the vlan which is sent across the trunk without tagging.
    Make sure if you are connecting these 2 switches together try to make native vlan as same on both the end. Also for etherchannel or teaming to work config on both the ports shoould be same.
    HTH
    Ankur

  • Switchport trunk native vlan & switchport access vlan dual configuration

    I've discovered this dual configuration on a 3500xl switch while troubleshooting an incrementing runts issue. Could the config of this port be related to the issue at hand?
    port configuration:
    interface FastEthernet0/3
    duplex full
    speed 100
    switchport access vlan 203
    switchport trunk encapsulation dot1q
    switchport trunk native vlan 203
    switchport trunk allowed vlan 1,203,204,220,1002-1005
    switchport mode trunk
    spanning-tree portfast

    Hi,
    The 'switchport access vlan' command will have no effect on the configuration you have on this port. The port will operate as a trunk and will dis-regard any config that pertains to an access port.
    Hope that helps ...
    Paresh

  • Switchport trunk allowed - Cisco / HP

    Hi, I have a simple query and just seeking some clarification....
    I have a Cisco 3750X with various vlans configured. One interface has the command: "Switchport Trunk allowed vlan 100, 200". I understand it will ONLY forward packets for vlan 100 & 200 on this interface - certainly the case if connected to another Cisco device.
    On the other end of the interface is a HP1810 switch. The ports are configured for vlan 100, 200 and 300. I have looked at the config of the Cisco stack and there is no mention of vlan 300 at all. Is it safe to assume the Cisco switch is not doing any forwarding for vlan 300 to the HP if it is not defined in its config or the allowed command?
    Thanks, Harv

    yes, you can assume that the Cisco switch is not forwarding anything from itself to towards HP for vlan 300 but the HP will be sending the traffic for VLAN300 on the Tagged ports. 
    I think you can remove the Tagged PORTNAME on HP under the VLAN 300 configuration as well. Removing the Tagged PortXX under the vlan 300 configuration on HP where XX is the trunk port connecting to the Cisco will stop HP for forwarding any traffic towards the Cisco as well.
    Manish

  • VLAN DOT1Q, SWITCHPORT TRUNK NATIVE VLAN, and VLAN1

    Hi All,
    L2 security documents suggest to avoid using vlan1 and tagging all frames with vlan IDs using the global configuration of vlan dot1q. Other Cisco non-security documents suggest using the switchport trunk native vlan # which removes any vlan tagging. It seems to me that the global vlan dot1q command and the interface switchport trunk native vlan # are contradictory; therefore, both should not be used. Furthermore, my understanding is to avoid using vlan 1 to tighten L2 security. When vlan 1 is removed from all trunked uplinks, user access ports are other than vlan 1, and no spanning-tree vlan 1 operations exists, what is the native vlan 1 actually used for?. The output of show interface gi0/1 trunk shows the native vlan as 1.
    Thanks,
    HC

    Hi HC,
    the command "switchport trunk native vlan" is used to define the native (untagged vlan) on a dot1q link. The default is 1, but you can change it to anyting you like. But it does only change the native vlan, all the others vlan on the trunk are of course tagged (and it only applies to dot1q, as ISL "taggs/encapsulates" all the vlans). The command "vlan dot1q tag native" is mostly used in dot1qindot1q tunnels, where you tunnel a dot1q trunk within a dot1q trunk. Thats something mostly service Providers offer to there customers. There it is important that there is no untagged traffic, as that would not work with dot1qindot1q. This command tagges the native vlan traffic, and drops all traffic which is not tagged.
    Whatfor is the native VLAN? Switches send control PDU such as STP,CDP or VTP over the native VLAN.
    If you don't happen to be a service Provider for L2 metropolitan Ethernet, you wan't need the "vlan dot1q tag native" command. For my part I'm trying not to use vlan 1 everywhere in my campus, because it gives a huge spanningtree topology and if you ever get a switch to blow a heavy load of traffic into it, you have your whole campus network degradet. I try to keep Vlan's a small as possible and to have as much L3 separaton as possible, that's good for the stability!
    Simon

  • What is the effect of the command switchport trunk native vlan x

    Hello all,
    I have a SG500 switch. The port Gi0/19 is directly connected to a machine. When i show the running config file i find the following config in the interface gi0/19:
    switchport trunk native vlan 70
    I need to understand this command because i'm a bit confused that i know that only if we have a link between two switch that we put an interface in a trunk mode.
    Please Help :)

    Trunks can carry all the traffic(vlan 70,80,........Including vlan1)
    Access port can only be in one vlan (Say vlan 70)
    So if you configured as trunk and connect the server,  and since native vlan is 70, when traffic is of vlan 70, it will not be tagged so your server can understand it.(Assuming that server do not have the capacity to understand the tagged frames). Traffic in other vlan will also be received by this interface (say vlan 80,....vlan1....) but will be dropped.
    If you configure it as only access and in vlan 70, only untagged vlan 70 traffic will be received on the interface.
    Thanks

  • Can I use straight cable to connect trunk ports between 2 switches?

    Hi,
    Am I able to use straight instead of cross cable to connect trunk ports between 2 switches??
    thanks!

    Hi Devang,
    When a 10/100 Fast Ethernet interface is enabled, one end of the link must perform media dependent interface (MDI) crossover (MDIX), so that the transmitter on one end of the data link is connected to the receiver on the other end of the data link (a crossover cable is typically used).
    The Auto-MDIX feature eliminates the need for crossover cabling by performing an internal crossover when a straight cable is detected during the auto-negotiation phase.
    HTH, if yes please rate the post.
    Ankur

  • 802.1q trunk b/w 8PoE switch integrated in 1861 CME

    Hi,
    I have to deploy cme7.0 (1861). Actually two 1861 routers are bought but only one of them act as cme while the 8PoE integrated switch of other 1861 is used. half of the IP phones are connected to the 8PoE integrated switch in CME (1861 router) while half of the phones are connected to 8PoE of 1861 (only 1861's PoE is used in this setup). i want to know whether i can cascade the two switches or in other words whether i can form a 802.1q trunk b/w these switches to carry the voice and data vlans.
    Regards
    Naresh Rathore

    Yes, you can.

Maybe you are looking for

  • Item text is not coming in production server

    hello abap gurus, i developed a smart forms where i am using item text field insted of master data records. using that while i run programe on developement server. the values coming are right but when i  run that programe after moving it on productio

  • Using Database link in applications

    Hi, i just configured and created a PUBLIC database link on my 10g oracle. I can use it successfully from sqlplus doing some simple select like: SQL> select * from "table"@dblink The query returns all the result as expected. Now I would like to use t

  • Mail page now black background with white print and I cannot fix.

    Today when I signed on, my mail page is now black background with white letters and I cannot figure out how to change it back to what was there before -- black on white -- and cannot find anything in help on this problem.

  • Access Oracle from SQL Server using Oracle Provider for OLE DB

    Using - SQL Server 2000 SP4 - Oracle 10g - Oracle10g Provider for OLE DB Version 10.1.0.4.0 - Oracle 10g client Able to create linked server in SQL server to Oracle 10g and display list of tables in Oracle. However, when execute query, it gives Serve

  • What do i do if my ipod does not appear in itunes?

    the other day itunes was working fine i connected my ipod and everyhtin was great then all of a sudden itunes doesnt show my ipod. what do i do? i followed every step in the support and still nothing????