Hi everyone, I’m looking for a best practice configuration for trunk ports. I have seen several articles recommend using a dummy native VLAN and permitting only certain VLANs on the trunk. I’ve seen other configurations take things further by defining a dummy access VLAN just in case the port stops trunking, the “dot1q tag native” global command and suspending the dummy VLANs.
Basically I’m looking for a watertight configuration but don’t want to add unnecessary commands just for the sake of it. A few questions I have are: - Does the native VLAN actually have to exist in the VLAN database? Can I use a VLAN that does not exist on the switch? - Does the native VLAN need to be added to the allowed VLAN list? Does the “dot1q tag native” command have any affect on this? - Do you need a different native VLAN for each trunk? Or will one suffice for the entire network? - Is it necessary to “suspend” the dummy VLANs? Does this even help? Putting everything together so far we have this: ############################## dot1q tag native vlan 40 name DUMMY_ACCESS state suspend vlan 50 name DUMMY_NATIVE state suspend vlan 100,200,300 interface FastEthernet0/1 switchport access vlan 40 switchport trunk encapsulation dot1q switchport mode trunk switchport trunk native vlan 50 switchport trunk allowed vlan add 100,200,300 switchport nonegotiate ############################## Thanks everyone, Bobby
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
