I have a simple question (i think i already know the answer, but a second opinion never hurts):
Suppose you have a trunk and on SIDE A the VLAN allowed list is: 1-4094
On the other side B the VLAN allowed list is: 1-4
If i have a VLAN 300 on SIDE A, it will be put in forwarding state (because it is allowed). On SIDE B, i see the VLAN 300 (because of VTP propagation), but because it is not allowed on the trunk, the switch does not run a STP instance for it and i don't see it in "show spanning tree".
The question now is:
1) if i have a broadcast storm in VLAN 300, will the broadcasts be transmitted to SIDE B ? My opinion is: yes, because it is in forwarding state on SIDE A.
2) When arriving at side B, the switch will drop the packet on the trunk because it has a VLAN ID of 300 which is not allowed. Correct ? Is there any command on the switch to see the amount of dropped packets received because the VLAN_ID tag does not match the "allowed vlan list" ? How can i detect from this side, that the other side is actually sending me lots of "bogus" vlan_id packets ?
3) If the port on SIDE B has "storm-control broadcast 10%" configured, will these invalid VLAN_D 300 packets be included in the storm-control calculation ? As far as i know, storm-control is not VLAN aware and will take into account any broadcast packet, no matter on which VLAN it arrives.
4) If storm-control applies a drop filter because of these VLAN300 broadcasts, the drop filter is applied to all VLANs on the trunk, therefore impacting vlan1-4 (and maybe dropping arp broadcasts in these vlans for example).