[c-nsp] Question about VLAN Trunks
Peter Rathlev
peter at rathlev.dk
Wed Jul 20 08:42:11 EDT 2011
On Wed, 2011-07-20 at 13:44 +0200, Chris Knipe wrote:
> I have a good couple of 10/100 ports configured for non-Cisco VoIP and
> during troubleshooting an issue yesterday, I noticed that our VLAN
> trunks are not behaving as I expected. All my ports are configured as
> follows:
>
> interface FastEthernet8/5
> logging event link-status
> logging event spanning-tree status
> logging event bundle-status
> logging event trunk-status
> load-interval 30
> keepalive 30
> mls qos trust cos
> switchport
> switchport trunk encapsulation dot1q
> switchport trunk native vlan 105
> switchport trunk allowed vlan 104,105
> switchport mode trunk
> switchport nonegotiate
> switchport voice vlan 104
> power inline never
> storm-control broadcast level 85.00
> no cdp enable
> spanning-tree bpduguard enable
> spanning-tree link-type point-to-point
>
> When connecting a PC directly to the port and doing some tcpdumps, I
> see traffic on the trunk port that falls outside of VLAN104 and 105...
> Shouldn't the switchport allowed vlan only allow vlan 104 and 105 to
> pass via the port?
What kind of traffic are you seeing? Untagged? Or tagged with a VLAN ID
other that 104?
You can use "spanning-tree portfast trunk" without problems since you're
already using BPDU Guard. That means the link will activate sooner.
Also: The "switchport voice vlan" needs either CDP or LLDP to signal to
the phone. Since you disable CDP on the port I guess you're running
LLDP, right?
If the phones are actually being signalled correctly, you don't need the
trunk configuration at all. We use something like the following:
interface FastEthernetX/Y
switchport access vlan 10
switchport voice vlan 20
switchport mode access
spanning-tree portfast
spanning-tree bpduguard enable
!
--
Peter
More information about the cisco-nsp
mailing list