1. Home
  2. Cisco Systems
  3. Newbie question...configure core port as a trunk or as a vlan member?

Newbie question...configure core port as a trunk or as a vlan member?

Hello

I have a 4507 at our MDF with 3560's in the closets. Each closet will be a member of a different VLAN. I can configure the port at the MDF as a member of the correct VLAN or I can configure it as a trunk and configure the ports at the 3560 (in the closets) to be members of the VLAN. I like the second option better even though it's a little more work because later on I can easily add and remove vlans if it ever becomes necessary. Is there any reason why I should choose one or the other?

Thanks Ned Hart

Reply to
Ned
Loading thread data ...

No, you've pretty much got it summarized (other than the first config is slightly more "secure" if there's a worry about such a thing in your environment, in that they'd have to compromise the central switch instead of a leaf switch).

Reply to
Doug McIntyre

Recomend you use trunks for the reason you listed.

I would also recomend you NOT use VTP or DTP on your trunks - Cisco says use desirable; my choice is non-neg (ie a trunk is a trunk period).

Explicity configure which VLANS are allowed on each trunk using the allowed valns command ( do this at both ends). With newer versions of IOS, VLAN 1 (default) can be removed from the trunk.

Reply to
Merv

Recomend you use trunks for the reason you listed.

I would also recomend you NOT use VTP or DTP on your trunks - Cisco says use desirable; my choice is non-neg (ie a trunk is a trunk period).

Explicity configure which VLANS are allowed on each trunk using the allowed valns command ( do this at both ends). With newer versions of IOS, VLAN 1 (default) can be removed from the trunk.

Reply to
Merv

Hi Ned,

You have pretty much worked it out, the first method is simpler and therefore easier to implement, but it can be a pain if your needs change later. Using Trunks NOW is lending towards "Future Proofing" yourself, you are enabling a "no brains" upgrade for later if you wish to add another VLAN somewhere without disrupting what currently exists. For added security using Trunks, I would investigate limiting specific VLANS down a trunk, with that you end up with the same level of security as not using VLAN's, but heaps more flexibility for later.

Cheers............pk.

Reply to
Peter

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.