Native VLANs for Trunks...bridge priority?

[drewdown]

I have configured native vlans for each of my trunks. Do I need to run the spanning-tree vlan XXX root primary commands for the native vlans?

TIA

 

[ADB100]

It depends on whether you are allowing the VLANs on the trunks. If you follow the Cisco best practise guidelines for VLAN Trunks you should have unique Native VLAN's per trunk link and these should not be in the list of allowed VLANs:

interface GigabitEthernet0/1
 switchport access vlan 4000
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 4000
 switchport trunk allowed vlan 500-504
 switchport mode trunk
 switchport nonegotiate

If this is what you have then you don't need to tune STP for the Native VLAN since there won't be an STP instance for it.

HTH

Andy

 

[drewdown]

Here is one of my trunks:

interface GigabitEthernet1/0/1
 description TRUNK TO CORE
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 903
 switchport trunk allowed vlan 2,4,6,8-11
 switchport mode trunk
 switchport nonegotiate
 no mdix auto

(config-if)#switchport access vlan XXX

I thought you only run that commmand when the interface is in access mode, not trunking?? Is that a config from your switch? Or off a cisco web page somewhere?? If you look at mine I dont have that statement, yet traffic passes without fail. My trunk ports are still in vlan 1. Which leads to my next question, should I place the interfaces in their respective native vlans?

 

[ADB100]

(config-if)#switchport access vlan XXX

Yes, sorry that command does nothing when the trunk is hard-coded to be on (mode on & nonegotiate). I leave it configured however in case anyone accidentally changes it back to an access port. With the old CatOS you set the Native VLAN on a trunk with 'set vlan XX x/y', there was no separate command as there is for IOS.

Add it or not, as I said it does nothing whilst the port is trunking. I leave it there for peace of mind, sort of )

HTH

Andy

 

[drewdown]

Cool man, thats what I thought.

We are on the same page.

Thanks for the help.

 

[drewdown]

One more question regarding VLAN membership for Trunks, right now all my trunks are members of the default vlan, nothing else is.

Is that best practice for Trunks?

 

[ADB100]

I don't quite understand what you are saying there?

all my trunks are members of the default vlan,

Based on your configuration sample, they are not members of the default VLAN (1)? Do you mean the VLAN you use for Data - i.e. 2, 4, 6 0r 8-11?

Best practise is not to span VLANs between access switches - i.e. access switch 1 will have VLAN 11 & 101, access switch 2 will have VLAN 12 and 102 etc.

Is that what you mean?

Andy

 

[drewdown]

I am idiot. I guess I never really looked closely when I did show vlan:

LAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
1    default                          active    Gi1/0/2, Gi2/0/1, Gi2/0/2, Gi2/0/3

All my trunks are gig, the interfaces listed above are down and not being used. My trunks don't belong to any vlan, so they arent shown above.

DUH!

Thanks again Andy, sometimes just talking it out brings light to the situation.

 

[ADB100]

If you change the access VLAN to be the same as the Native like I said then you don't see this and the ports belong to the relevant Native VLAN when inactive.

Andy