How to define the VLANs allowed on a trunk link

Document

Jun 18, 2009 3:58 PM
Jun 18th, 2009

Resolution

When a trunk link is established, all of the configured VLANs are allowed to send and receive traffic across the link. VLANs 1 through 1005 are allowed on each trunk by default. However, VLAN traffic can be removed from the allowed list. This keeps traffic from the VLANs from passing over the trunk link.

Note: The allowed VLAN list on both the ends of the trunk link should be the same.

  • For Integrated Cisco IOS  Software based switches, perform these steps:   
    1. To restrict the traffic that a trunk carries, issue the switchport trunk vlan-list interface configuration command.

      This removes specific VLANs from the allowed list.

      Note: VLANs 1 and 1002 through 1005 are reserved VLANs and cannot be removed from any trunk link.

      The vlan-list parameter is either a single VLAN ID or a range of VLAN IDs. This parameter is described by two VLAN numbers separated by a hyphen. Do not enter any spaces between comma-separated VLAN IDs or in hyphen-specified ranges.

      For example, to remove VLANs 5 through 10 and 12 from the trunk, issue the switchport trunk allowed vlan remove 5-10, 12 command.

    2. To add a VLAN to the trunk, issue the switchport trunk allowed vlan add vlan-list command.

    3. This example shows how to remove VLANs 5 through 10 and 12.

      Add VLAN 7 back and verify the allowed VLANs on the trunk link.

         
          c3550#configure terminal
        Enter configuration commands, one per line.  End with CNTL/Z.
        c3550(config)#int fa0/2
        c3550(config-if)#switchport trunk encapsulation dot1q
        c3550(config-if)#switchport mode trunk
        c3550(config-if)#switchport trunk allowed vlan remove 5-10,12
        c3550(config-if)#switchport trunk allowed vlan add 7
        c3550(config-if)#end
        c3550#show interfaces fastEthernet 0/2 trunk

      Port        Mode         Encapsulation  Status        Native vlan
      Fa0/2       on           802.1q         trunking      1

      Port     Vlans allowed on trunk
      Fa0/2    1-4,7,11,13-4094

      Port        Vlans allowed and active in management domain
      Fa0/2       1

      Port        Vlans in spanning tree forwarding state and not pruned
      Fa0/2       1
      c3550#

       

  • For Catalyst OS (CatOS) Software based switches, perform these steps:   
    1. When you first configure a port as a trunk port, the set trunk command always adds the VLANs to the allowed VLAN list for the trunk link.

      Even if you specify a VLAN range, it is ignored.

    2. To modify the allowed VLANs list, use a combination of the clear trunk or set trunk commands to specify the allowed VLANs.       
    3. To remove VLANs from the allowed VLANs list for a trunk, issue the clear trunk mod_num/port_num vlans command.       
    4. To add specific VLANs to the allowed VLANs list for a trunk, issue the set trunk mod_num/port_num vlans command.       
    5. To verify the allowed VLAN list for the trunk, issue the show trunk mod_num/port_num command.

      This example shows:

                  
      • How to verify the allowed VLAN list for the trunk           
      • How to define the allowed VLANs for trunk port 1/1           
      • How to allow VLANs 1 through 100, VLAN 250 and VLANs 500 through 1005
        
      Console> (enable) clear trunk 1/1 101-499
      Removing Vlan(s) 101-499 from allowed list.
      Port 1/1 allowed vlans modified to 1-100,500-1005.
      Console> (enable) set trunk 1/1 250
      Adding vlans 250 to allowed list.
      Port(s) 1/1 allowed vlans modified to 1-100,250,500-1005.
      Console> (enable) show trunk 1/1
      Port      Mode         Encapsulation  Status        Native vlan
      --------  -----------  -------------  ------------  -----------
      1/1      desirable    isl            trunking      1
      Port      Vlans allowed on trunk
      --------  ---------------------------------------------------------------------
      1/1      1-100,250,500-1005
      Port      Vlans allowed and active in management domain
      --------  ---------------------------------------------------------------------
      1/1      1,521-524
      Port      Vlans in spanning tree forwarding state and not pruned
      --------  ---------------------------------------------------------------------
      1/1      1,521-524
      Console> (enable)
              
        Note: Even when the VLAN is removed from the port, the trunk remains in On state.

For more information on configuring VLANs on Catalyst switches, refer to Creating Ethernet VLANs on Catalyst Switches.

Average Rating: 0 (0 ratings)

Comments

charitha1013 Wed, 05/15/2013 - 13:36

Switchport trunk allowed vlan all

What is the advantage of allowing certain vlans vs allowing all? Currently we have all vlans allowed in the network and want to allow only certain vlans instead; how can we determine which vlans to be allowed?

Appreciate response in this regards. Thanks

Actions

Login or Register to take actions

This Document

Posted June 18, 2009 at 3:58 PM
Stats:
Comments:1 Avg. Rating:0
Views:95139 Contributors:1
Shares:1

Related Content

Documents Leaderboard

Rank Username Points
1 177
2 64
3 60
4 50
5 23
Rank Username Points
5
0