Ben Steele wrote: > > On 06/03/2008, at 9:59 AM, Justin Shore wrote: >> >> No-negotiate - Forces trunking but will not negotiate anything. >> > I don't think that's right, "switchport nonegotiate" actually just stops > DTP from being transmitted and hence can't be applied when the > switchport is in dynamic desirable mode, which is why it can only be > applied in "switchport mode access" or "switchport mode trunk" as you > are explicitly telling the switchport what mode to be in and there is no > need for it to be negotiated via DTP, putting "switchport nonegotiate" > on a switchport that has been configured as access is not going to force > it to be a trunk, it will still be an access port.
I thought it was weird too but I pretty much copied that out of the new Router Security Strategies book, pages 210-211, just to be sure. The first sentence under the "No-negotiate mode" heading is: "Puts the LAN port into permanent trunking mode but prevents the port from generating DTP frames." Now that said I have configured nonegotiate on access ports and they continued to work. This runs contrary to the end of the paragraph that says you must configure trunk encap and mode trunk before configuring nonegotiate. Confusing... Justin _______________________________________________ cisco-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
