Best way to disallow trunks to be stablished

I have the following ways in my mind:

  • set them to access (default goes to VLAN 1)
  • shut them down (best so far, however consumes time to see which ports are used and which ones are not)

 

certainly "shutdown" works. but it consumes time in order to only shutdown ports that are not needed. and I may not have enough time in my CCIE R&S test

setting all ports to access, and then trunk ones that need to be trunks. but I'm not sure how CCIE proctors look at it. Because it will place ports on VLAN 1. Should I be worried about this? Is this considered a valid way of disabling trunks from being stablished except on ports where manually set?

 

 

Comments

  • If you want to stop them negotiating a trunk status then the interface command switchport nonegotiate will stop them sending DTP packets..


    Cheers


    Dan

  • well, disabling DTP requires removiing the dynamic mode.

    removing dynamic mode happens by statically setting ports to either trunks or access.

     

    In my case, I would set them to access. My concern is:

    - VLAN 1: would proctors be annoyed about this?

     

     

     

     

  • Good point - you are of course right...

    I don't know which question you're looking at to say if the proctar would be "annoyed" (or more importantly, would mark you as wrong), but if the question says something like "make sure the port cannot become a trunk" I would just set it to access. If they said something like "make sure trunk negotiation packets are not sent" I would set it to nonnegotiate. They would both be valid solutions.

    If they said "do not use switchport mode access", and the other end of the link was a router (i.e. non DTP capable) or a 3560 (defaults to dynamic auto), you could set your port to "switchport dynamic auto" and the link would stay as an access port..

  • I mean: would proctors consider placing ports as "access" a not valid choice as it places ports to VLANs which the question did not specify. I'm afraid that proctors might consider it no so valid as it modifies the original topology by adding ports to another VLAN (vlan 1 in our case).

    IEWB vol II v4.1 lab 1 solves this by using the shutdown command. I want to avoid this method as it consumes lots of time.

  • surely it takes the same amount of time to type 'shut' than it does to type 'swi mode acc' (maybe even quicker!)

    2008/7/24 mahmoud <[email protected]>:

    I mean: would proctors consider placing ports as "access" a not valid choice as it places ports to VLANs which the question did not specify. I'm afraid that proctors might consider it no so valid as it modifies the original topology by adding ports to another VLAN (vlan 1 in our case).

    IEWB vol II v4.1 lab 1 solves this by using the shutdown command. I want to avoid this method as it consumes lots of time.




    Internetwork Expert - The Industry Leader in CCIE Preparation

    http://www.internetworkexpert.com



    Subscription information may be found at:

    http://www.ieoc.com/forums/ForumSubscriptions.aspx

  • To quote Brian Dennis - "if they don't specify <that you can or cannot do something>, they don't care"..

  • thanks Danhughes1234ie for the quote. It's clear now :)

     

    typing "shutdown" is quicker than "sw mode acc", but it needs more time to invistigate which ones are needed and which ones aren't.

Sign In or Register to comment.