Newbie question...configure core port as a trunk or as a vlan member?

Discussion in 'Cisco' started by Ned, Jul 28, 2006.

  1. Ned

    Ned Guest

    Hello

    I have a 4507 at our MDF with 3560's in the closets. Each closet will
    be a member of a different VLAN. I can configure the port at the MDF as
    a member of the correct VLAN or I can configure it as a trunk and
    configure the ports at the 3560 (in the closets) to be members of the
    VLAN. I like the second option better even though it's a little more
    work because later on I can easily add and remove vlans if it ever
    becomes necessary. Is there any reason why I should choose one or the
    other?

    Thanks
    Ned Hart
     
    Ned, Jul 28, 2006
    #1
    1. Advertisements

  2. No, you've pretty much got it summarized (other than the first config
    is slightly more "secure" if there's a worry about such a thing in
    your environment, in that they'd have to compromise the central switch
    instead of a leaf switch).
     
    Doug McIntyre, Jul 28, 2006
    #2
    1. Advertisements

  3. Ned

    Merv Guest

    Recomend you use trunks for the reason you listed.

    I would also recomend you NOT use VTP or DTP on your trunks - Cisco
    says use desirable; my choice is non-neg (ie a trunk is a trunk
    period).

    Explicity configure which VLANS are allowed on each trunk using the
    allowed valns command ( do this at both ends). With newer versions of
    IOS, VLAN 1 (default) can be removed from the trunk.
     
    Merv, Jul 28, 2006
    #3
  4. Ned

    Merv Guest

    Recomend you use trunks for the reason you listed.

    I would also recomend you NOT use VTP or DTP on your trunks - Cisco
    says use desirable; my choice is non-neg (ie a trunk is a trunk
    period).

    Explicity configure which VLANS are allowed on each trunk using the
    allowed valns command ( do this at both ends). With newer versions of
    IOS, VLAN 1 (default) can be removed from the trunk.
     
    Merv, Jul 28, 2006
    #4
  5. Ned

    Peter Guest

    Hi Ned,
    You have pretty much worked it out, the first method is simpler and
    therefore easier to implement, but it can be a pain if your needs
    change later. Using Trunks NOW is lending towards "Future Proofing"
    yourself, you are enabling a "no brains" upgrade for later if you wish
    to add another VLAN somewhere without disrupting what currently
    exists. For added security using Trunks, I would investigate limiting
    specific VLANS down a trunk, with that you end up with the same level
    of security as not using VLAN's, but heaps more flexibility for later.

    Cheers............pk.
     
    Peter, Jul 28, 2006
    #5
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.