Cisco Catalyst 3550 Command Reference Manual page 488

switchport mode
When you enter dynamic desirable mode, the interface becomes a trunk interface if the neighboring
interface is set to trunk, desirable, or auto mode.
To autonegotiate trunking, the interfaces must be in the same VTP domain. Trunk negotiation is managed
by the Dynamic Trunking Protocol (DTP), which is a point-to-point protocol. However, some
internetworking devices might forward DTP frames improperly, which could cause misconfigurations.
To avoid this, you should configure interfaces connected to devices that do not support DTP to not
forward DTP frames, which turns off DTP.
•
•
When you enter dot1q-tunnel, the port is set unconditionally as an 802.1Q tunnel port.
Access port, trunk ports, and tunnel ports are mutually exclusive.
Any 802.1Q encapsulated IP packets received on a tunnel port can be filtered by MAC ACLs, but not by
IP ACLs. This is because the switch does not recognize the protocol inside the 802.1Q header. This
restriction applies to router ACLs, port ACLs and VLAN maps.
The 802.1X feature interacts with switchport modes in these ways:
•
•
•
Configuring a port as an 802.1Q tunnel port has these limitations:
•
•
•
•
For more information about configuring 802.1Q tunnel ports, refer to the software configuration guide
Note
for this release.
Examples
This example shows how to configure a port for access mode:
Switch(config-if)# switchport mode access
This example shows how set the interface to dynamic desirable mode:
Switch(config-if)# switchport mode dynamic desirable
Catalyst 3550 Multilayer Switch Command Reference
2-462
If you do not intend to trunk across those links, use the switchport mode access interface
configuration command to disable trunking.
To enable trunking to a device that does not support DTP, use the switchport mode trunk and
switchport nonegotiate interface configuration commands to cause the interface to become a trunk
but to not generate DTP frames.
If you try to enable 802.1X on a trunk port, an error message appears, and 802.1X is not enabled. If
you try to change the mode of an 802.1X-enabled port to trunk, the port mode is not changed.
If you try to enable 802.1X on a dynamic port, an error message appears, and 802.1X is not enabled.
If you try to change the mode of an 802.1X-enabled port to dynamic, the port mode is not changed.
If you try to enable 802.1X on a dynamic-access (VLAN Query Protocol [VQP]) port, an error
message appears, and 802.1X is not enabled. If you try to change an 802.1X-enabled port to dynamic
VLAN assignment, an error message appears, and the VLAN configuration is not changed.
IP routing and fallback bridging are not supported on tunnel ports.
Tunnel ports do not support IP access control lists (ACLs).
If an IP ACL is applied to a trunk port in a VLAN that includes tunnel ports, or if a VLAN map is
applied to a VLAN that includes tunnel ports, packets received from the tunnel port are treated as
non-IP packets and filtered with MAC access lists.
Layer 3 QoS ACLs and other QoS features related to Layer 3 information are not supported on
tunnel ports.
Chapter 2 Cisco IOS Commands
78-11195-09