dslreports logo
 
    All Forums Hot Topics Gallery
spc
uniqs
35

tubbynet
reminds me of the danse russe
MVM
join:2008-01-16
Gilbert, AZ

tubbynet to JDmailNY

MVM

to JDmailNY

Re: [CCNA] switchport mode access : Command Question : Why use i

by default, a cisco switchport is set to "dynamic desireable", meaning that if you connect a device that supports it, it will negotiate a trunk. case in point - hook up two 3560 switches; they will negotiate an isl trunk.
by setting "switchport mode access", the switchport will *always* behave as an access port - it will ignore all attempts to negotiate link type.

according to cisco best practices, the switchport mode should always be defined, even if you plan on shutting down the port.

q.
JDmailNY
join:2007-12-02
Pearl River, NY

JDmailNY

Member

Can you give me another example as to why someone would set this to swtichport mode access. I still don't understand why some would to this ??.
Thanks and Sorry
aryoba
MVM
join:2002-08-22

aryoba

MVM

As tubbynet See Profile mentioned, "switchport mode access" is a way to force a switch port to always behave as an access port. When the switch port behaves as an access port, it is pretty much acting like consumer-grade switch with no capability of establishing trunks.

From operation and security perspectives, you may want to set certain switch ports as always access port. You don't really want some unknown switch or unsuspecting devices, introduced by some clueless users, to suddenly establish trunk with the switch you manage. This is typical standard procedure when such switch port serves end users such as PC, printer, or servers.

In addition, by set specific switch ports as either trunk or access mode, you will have more control of how the switch should behave when a device connects to such switch port. By letting default setting in place (the "dynamic desirable"), there will be less control you have in terms of switch port behavior.
JDmailNY
join:2007-12-02
Pearl River, NY

JDmailNY

Member

I'm using Pearsons press Cisco Virtualizer and they don't emphasize the switchport mode access command all that much and the Cisco ICEND2 book does not as well when they all show configuration examples. Why is this ????

tubbynet
reminds me of the danse russe
MVM
join:2008-01-16
Gilbert, AZ

tubbynet

MVM

said by JDmailNY:

Why is this ????
i dunno. brevity?

it is important to remember that your ccna is an "entry level" certification. while it will give you the knowledge with the cli (and presumably now the sdm), there is still a *lot* that isn't covered. my biggest complaint about the ccna is that it doesn't give enough "best practice" deployment information when you configure a device.

additionally - think of it like this:
what have you covered already in your ccna studies (as it pertains to switching)? i assume spanning-tree and vtp. both of these things can go extremely pear-shaped if someone connects a switch to your network and they negotiate trunks using bpdu's. how would you like to see a huge spanning-tree loop or maybe all of your vlan configuration information overwritten because you didn't set up the proper end-user vlan assignments on your closet switches. additionally, if i negotiate a trunk (and my pc can handle trunk frames) all of your vlan information can be sniffed and collected.

as a rule you *always* set the port type information on your switches and if the port serves and end user or is being unused, you set it to access mode (preferably on a non-existant vlan if its not in use). its just something you do according to best practices. have i seen networks that function with no port types being defined? sure. i've worked on networks that switches were just pulled out of the box and patched in. does that mean its right to do it that way? no.

q.

rolande
Certifiable
MVM,
join:2002-05-24
Dallas, TX
ARRIS BGW210-700
Cisco Meraki MR42

rolande

MVM,

said by tubbynet:

my biggest complaint about the ccna is that it doesn't give enough "best practice" deployment information when you configure a device.
Unfortunately this is true of pretty much all the certifications. The certifications are more about understanding the technology and what it does and not about best practice network design and ways in which to implement specific platforms in specific scenarios. The exam scenarios are primarily developed from an academic standpoint.

tubbynet
reminds me of the danse russe
MVM
join:2008-01-16
Gilbert, AZ

tubbynet

MVM

said by rolande:

Unfortunately this is true of pretty much all the certifications. The certifications are more about understanding the technology and what it does and not about best practice network design and ways in which to implement specific platforms in specific scenarios
and i understand this. however, most people work on their professional and expert level certs while working in industry. the not only have the academic knowledge that the certs provide, but they have an understanding of "real life" as well.
the ccna is more of a "marketability" cert, often the entry level that gets you your first job as a network admin. as such, i feel that you should hit the ground running with an idea of what *should* go on in the network and how poor choices in initial deployment can lead to bad things down the road - hence the original topic of this post.

q.