dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
104773
share rss forum feed

JDmailNY

join:2007-12-02
Pearl River, NY

[CCNA] switchport mode access : Command Question : Why use it ??

Why does this command do [switchport mode access]. and why would I need to use it ?????


tubbynet
reminds me of the danse russe
Premium,MVM
join:2008-01-16
Chandler, AZ
kudos:1

Re: [CCNA] switchport mode access : Command Question : Why use i

by default, a cisco switchport is set to "dynamic desireable", meaning that if you connect a device that supports it, it will negotiate a trunk. case in point - hook up two 3560 switches; they will negotiate an isl trunk.
by setting "switchport mode access", the switchport will *always* behave as an access port - it will ignore all attempts to negotiate link type.

according to cisco best practices, the switchport mode should always be defined, even if you plan on shutting down the port.

q.
--
"...if I in my north room dance naked, grotesquely before my mirror waving my shirt round my head and singing softly to myself..."

JDmailNY

join:2007-12-02
Pearl River, NY
Can you give me another example as to why someone would set this to swtichport mode access. I still don't understand why some would to this ??.
Thanks and Sorry

aryoba
Premium,MVM
join:2002-08-22
kudos:4
As tubbynet See Profile mentioned, "switchport mode access" is a way to force a switch port to always behave as an access port. When the switch port behaves as an access port, it is pretty much acting like consumer-grade switch with no capability of establishing trunks.

From operation and security perspectives, you may want to set certain switch ports as always access port. You don't really want some unknown switch or unsuspecting devices, introduced by some clueless users, to suddenly establish trunk with the switch you manage. This is typical standard procedure when such switch port serves end users such as PC, printer, or servers.

In addition, by set specific switch ports as either trunk or access mode, you will have more control of how the switch should behave when a device connects to such switch port. By letting default setting in place (the "dynamic desirable"), there will be less control you have in terms of switch port behavior.

JDmailNY

join:2007-12-02
Pearl River, NY
I'm using Pearsons press Cisco Virtualizer and they don't emphasize the switchport mode access command all that much and the Cisco ICEND2 book does not as well when they all show configuration examples. Why is this ????


tubbynet
reminds me of the danse russe
Premium,MVM
join:2008-01-16
Chandler, AZ
kudos:1
said by JDmailNY:

Why is this ????
i dunno. brevity?

it is important to remember that your ccna is an "entry level" certification. while it will give you the knowledge with the cli (and presumably now the sdm), there is still a *lot* that isn't covered. my biggest complaint about the ccna is that it doesn't give enough "best practice" deployment information when you configure a device.

additionally - think of it like this:
what have you covered already in your ccna studies (as it pertains to switching)? i assume spanning-tree and vtp. both of these things can go extremely pear-shaped if someone connects a switch to your network and they negotiate trunks using bpdu's. how would you like to see a huge spanning-tree loop or maybe all of your vlan configuration information overwritten because you didn't set up the proper end-user vlan assignments on your closet switches. additionally, if i negotiate a trunk (and my pc can handle trunk frames) all of your vlan information can be sniffed and collected.

as a rule you *always* set the port type information on your switches and if the port serves and end user or is being unused, you set it to access mode (preferably on a non-existant vlan if its not in use). its just something you do according to best practices. have i seen networks that function with no port types being defined? sure. i've worked on networks that switches were just pulled out of the box and patched in. does that mean its right to do it that way? no.

q.
--
"...if I in my north room dance naked, grotesquely before my mirror waving my shirt round my head and singing softly to myself..."


TomS_
Git-r-done
Premium,MVM
join:2002-07-19
London, UK
kudos:5

2 edits
reply to JDmailNY
said by JDmailNY:

Why does this command do [switchport mode access]. and why would I need to use it ?????
There are two types of switch port modes: access and trunk

Access ports are what you would typically plug a server, PC/laptop, printer, etc into. An access port is configured to be within a particular VLAN. Ethernet frames that exit an access port (i.e. towards the device plugged into the port) will have any VLAN headers/tags stripped. Ethernet frames that enter an access port will have a VLAN tag added to identify which VLAN the ethernet frame belongs to.

Trunk ports are what you would typically plug a router into for inter-VLAN routing, or another switch in order to "share" VLANs between switches. Unlike access ports, ethernet frames that exit a trunk port will maintain any VLAN headers/tags that are present so that the receiving device is able to appropriately handle the frame.

Using the "switchport mode access" command you are, as mentioned by others, forcing the port to be an access port, no exceptions. A device plugged into this port will only be able to communicate with other devices that are in the same VLAN.

Using the "switchport mode trunk" command you force the port to be a trunk.

By forcing the port into a particular configuration you will have predictable outcomes when you plug devices into those ports. Security wise its a good idea.

JDmailNY

join:2007-12-02
Pearl River, NY
This was taken from figure 9.10
If you have Todd L CCNA book.
Page 576.

What does this configuration NOT use
switchport access mode when configuring VLANS.?????

2960# Config t
2960(config)#int f0/1
2960(config-if)#switchport mode trunk
2960(config-if)#int f0/2
2960(config-if)#switchport access vlan 1
2960(config-if)#int f0/3
2960(config-if)#switchport access vlan 1
2960(config-if)#int f0/4
2960(config-if)#switchport access vlan 3
2960(config-if)#int f0/5
2960(config-if)#switchport access vlan 3
2960(config-if)#int f0/6
2960(config-if)#switchport access vlan 2


rolande
Certifiable
Premium,Mod
join:2002-05-24
Dallas, TX
kudos:6
Reviews:
·AT&T U-Verse
·ViaTalk
reply to tubbynet
said by tubbynet:

my biggest complaint about the ccna is that it doesn't give enough "best practice" deployment information when you configure a device.
Unfortunately this is true of pretty much all the certifications. The certifications are more about understanding the technology and what it does and not about best practice network design and ways in which to implement specific platforms in specific scenarios. The exam scenarios are primarily developed from an academic standpoint.
--
Scott, CCIE #14618 Routing & Switching
Too bad those that know it all can't do it all.
»www.thewaystation.com/techref/tech.shtml
»blog.thewaystation.com/


tubbynet
reminds me of the danse russe
Premium,MVM
join:2008-01-16
Chandler, AZ
kudos:1
said by rolande:

Unfortunately this is true of pretty much all the certifications. The certifications are more about understanding the technology and what it does and not about best practice network design and ways in which to implement specific platforms in specific scenarios
and i understand this. however, most people work on their professional and expert level certs while working in industry. the not only have the academic knowledge that the certs provide, but they have an understanding of "real life" as well.
the ccna is more of a "marketability" cert, often the entry level that gets you your first job as a network admin. as such, i feel that you should hit the ground running with an idea of what *should* go on in the network and how poor choices in initial deployment can lead to bad things down the road - hence the original topic of this post.

q.
--
"...if I in my north room dance naked, grotesquely before my mirror waving my shirt round my head and singing softly to myself..."


TomS_
Git-r-done
Premium,MVM
join:2002-07-19
London, UK
kudos:5
reply to JDmailNY
Usually there are additional books or courses you can attend for "best practice" knowledge or more in depth coverage of certain topics.

Exams arent a one stop shop for everything.


tubbynet
reminds me of the danse russe
Premium,MVM
join:2008-01-16
Chandler, AZ
kudos:1
i know. maybe my expectations of the ccna are just too high. i look back at what i had to study to get it (granted that was over 6 years ago) and look at what was industry standards and best practices at the time, it was a wonder at all i got my first job .
now we have our own documentation repositories that we have all of our best practice documentation. most of it comes right from the horses mouth (cisco, vmware, microsoft, etc), but some comes from our practice managers. we try to keep standardized deployments for all customers and document any differences to those deployments internally in the event another engineer has to support that customer in the future. doesn't always work that way, but it is what it is.

i guess the biggest issue i have with the best practices, is that while there are other places to find them, the ccna isn't going to know that they are out there or where to find them. again, working towards the professional or expert level certs, you are aware that those avenues exist. the ccna is supposed to be a broad-level introductory exam exposing the participant to a broadspectrum of network "stuff". even a mention of where certain best practices could be found online or even a small section on layer-2 switch or router best practices would be good. nothing in depth, it must keep with the ccna knowledge level. something (in my opinion) would be better than nothing.

q.
--
"...if I in my north room dance naked, grotesquely before my mirror waving my shirt round my head and singing softly to myself..."

JDmailNY

join:2007-12-02
Pearl River, NY
You Guys have helped a great deal
Thanks So Much


skj
Welcome to the far side of reality
Premium,Mod
join:2002-04-04
Gone South
kudos:1
reply to tubbynet

(topic move) [CCNA] switchport mode access : Command Question :

Moderator Action
The post that was here (and all 2 followups to it), has been moved to a new topic .. »[CCNA] Trunking Command Question

HELLFIRE
Premium
join:2009-11-25
kudos:18
reply to JDmailNY

Re: [CCNA] switchport mode access : Command Question : Why use i

Just to chime in with my 0.02c about certs and all... I think it's best summed up by the
old catch-22 "No Work, No Experience. No Experience, No Work." I myself had my CCNA
before I got started where I am, but while it got me into (and through) the interview, when
I sat down at the desk for the first time, it was like "Toto, I don't think we're in Kansas
anymore."

A recognized best practices section somewhere in the material wouldn't hurt either, however
where to shoehorn it in? I'm working thru my NP, and it's as heavy as it was since they
last revamped it, probably even more. In the old curriculum, I would've said stuff it in
with the Troubleshooting since it seems the most relevant.

Regards

JDmailNY

join:2007-12-02
Pearl River, NY
said by HELLFIRE:

Just to chime in with my 0.02c about certs and all... I think it's best summed up by the
old catch-22 "No Work, No Experience. No Experience, No Work." I myself had my CCNA
before I got started where I am, but while it got me into (and through) the interview, when
I sat down at the desk for the first time, it was like "Toto, I don't think we're in Kansas
anymore."

A recognized best practices section somewhere in the material wouldn't hurt either, however
where to shoehorn it in? I'm working thru my NP, and it's as heavy as it was since they
last revamped it, probably even more. In the old curriculum, I would've said stuff it in
with the Troubleshooting since it seems the most relevant.

Regards
Thanks for the information