During my work as a network engineer, i stumble across the switchport nonegotiate command and
i never ever care about this command. There were no need for me to know and to configure this command.
But last week on doing troubleshooting i decide to get a deeper look into ‘switchport nonegotiate’.
- What take effect with the ‘switchport nonegotiate’ command?
- Is it useful to configure it?
- Do i really need an automatism to force the port to be a trunk or access port?
Preface
Enabling Trunking
Trunk links are required to pass VLAN information between switches. A port on a Cisco switch is either an access port or a trunk port. Access ports belong to a single VLAN and do not provide any identifying marks on the frames that are passed between switches. Access ports also carry traffic that comes from only the VLAN assigned to the port. A trunk port is by default a member of all the VLANs that exist on the switch and carry traffic for all those VLANs between the switches. To distinguish between the traffic flows, a trunk port must mark the frames with special tags as they pass between the switches. Trunking is a function that must be enabled on both sides of a link. If two switches are connected together, for example, both switch ports must be configured for trunking, and they must both be configured with the same tagging mechanism (ISL or 802.1Q).
Dynamic Trunking Protocol (DTP) is a standard feature of Cisco switches and allows two switches to dynamically configure interfaces interconnecting each other to be trunked ports. DTP has 5 modes; Auto (default), On, Off, desirable and nonegotiate. See the following table with the DTP modes and the affects:
On the figure above there are, some differences between IOS and CATOS. But i think in present times, we have to look at IOS commands. The figure is only for comparison purposes only.
Behavior of a Layer 2 Switch (Catalyst 2960)
The Lab is build-on as follows. Two Catalyst 2960 switches. One is at the top and one is on the bottom.
I named the switches top and bottom. Both are connected with a ‘Straight Through’ patch cable. On both switches mdix auto is on.
++++ trunk and accessport is functional and the trunk will negotiated ++++
++++ settings –> dynamic desirable ++++
++++ only the accessport is functional and the trunk will not negotiated ++++
++++ settings –> switchport mode dynamic auto ++++
++++ trunk and accessport is functional and the trunk will negotiated ++++
++++ settings –> no switchport nonegotiate ++++
++++ only an accessport is functional and the trunk will not negotiated ++++
++++ settings –> switchport nonegotiate ++++
Summary for Layer2 switches
- switchport mode access = form an accessport or a trunk
you can’t set up the command ‘switchport nonegotiate’, if the port is set to ‘switchport mode dynamic auto | desirable - no switchport nonegotiate = the port form an accessport or a trunk
- switchport nonegotiate = the port form only an accessport
- switchport mode dynamic auto(on both sites) = no trunk will be formed
- switchport mode dynamic desirable(on one site) = a trunk will be formed
Summary for Layer3 switches
- switchport mode access = port will form an accessport
- switchport mode trunk = port will form a trunkport
- switchport mode dynamic auto | desirable = auto will not form a trunk(on both sites), if explicit the command ‘switchport mode trunk’ is missing
- switchport mode trunk = port will be a trunkport
At my own option, the only reason to use the ‘switchport nonegotiate’ is, if you don’t want to propagate DTP messages on the appropriate port. Or if you have an uplink to a router and you will prevent sending DTP packets. The other reason is, if you use components from 3rd party vendors. The last reason is to prevent vlan hopping.
