You are configuring an 802.1Q trunk between a Layer 2 switch and a firewall. You read in the
documentation that the best way to set up a trunk is to set the port as dynamic desirable. The
trunk is not coming up. Which one of these options would be a valid explanation?
A.
The firewall does not support Cisco Discovery Protocol. You should set the switchport trunk
mode ON.
B.
The firewall does not support Cisco Discovery Protocol. You should set the switchport trunk
mode to OFF.
C.
The firewall does not support Cisco Discovery Protocol. You should set the switchport trunk
mode as auto.
D.
The firewall does not support DTP. You should set the switchport trunk mode to ON.
Explanation:
PortFast, Channeling, and Trunking
By default, many switches, such as Cisco switches that run the Catalyst operating system (OS),
are designed to be plug-and-play devices. As such, many of the default port parameters are not
desirable when a PIX is plugged into the switch. For example, on a switch that runs the Catalyst
OS, default channeling is set to Auto, trunking is set to Auto, and PortFast is disabled. If you
connect a PIX to a switch that runs the Catalyst OS, disable channeling, disable trunking, andenable PortFast.
Channeling, also known as Fast EtherChannel or Giga EtherChannel, is used to bind two or more
physical ports in a logical group in order to increase the overall throughput across the link. When a
port is configured for automatic channeling, it sends out Port Aggregation Protocol (PAgP) frames
as the link becomes active in order to determine if it is part of a channel. These frames can cause
problems if the other device tries to autonegotiate the speed and duplex of the link. If channeling
on the port is set to Auto, it also results in an additional delay of about 3 seconds before the port
starts to forward traffic after the link is up.
Note: On the Catalyst XL Series Switches, channeling is not set to Auto by default. For this
reason, you should disable channeling on any switch port that connects to a PIX.
Trunking, also known by the common trunking protocols Inter-Switch Link (ISL) or Dot1q,
combines multiple virtual LANs (VLANs) on a single port (or link). Trunking is typically used
between two switches when both switches have more than one VLAN defined on them. When a
port is configured for automatic trunking, it sends out Dynamic Trunking Protocol (DTP) frames as
the link comes up in order to determine if the port that it connects to wants to trunk. These DTP
frames can cause problems with autonegotiation of the link. If trunking is set to Auto on a switch
port, it adds an additional delay of about 15 seconds before the port starts to forward traffic after
the link is up. PortFast, also known as Fast Start, is an option that informs the switch that a Layer
3 device is connected out of a switch port. The port does not wait the default 30 seconds (15
seconds to listen and 15 seconds to learn); instead, this action causes the switch to put the port
into forwarding state immediately after the link comes up. It is important to understand that when
you enable PortFast, spanning tree is not disabled. Spanning tree is still active on that port. When
you enable PortFast, the switch is informed only that there is not another switch or hub (Layer 2-
only device) connected at the other end of the link. The switch bypasses the normal 30-second
delay while it attempts to determine if a Layer 2 loop results if it brings up that port. After the link is
brought up, it still participates in spanning tree. The port sends out bridge packet data units
(BPDUs), and the switch still listens for BPDUs on that port. For these reasons, it is recommended
that you enable PortFast on any switch port that connects to a PIX.
Note: Catalyst OS releases 5.4 and later include the set port host <mod>/<port> command that
allows you to use a single command to disable channeling, disable trunking, and enable PortFast.
http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a008009491c
.shtml#portfastchanneltrunk