Allowed VLANs

istherearoutetoit · ‎06-11-2012

Folks,

I have this command configured on a trunk interface on my upstream switch...

switchport trunk allowed vlan 1,100,200

However, when issuing the "sh vlan brief" command on the downstream switch connected to this trunk I see all 200 of my VLANs.

VTP config revision is the same. Upsteam switch is a VTP server, downstream is a client.

Any idea's?

Thanks

Kyle McKay · ‎06-11-2012

Hi James,

The command you have referenced only restricts data forwarding, it does not affect which VLANs are propogated via VTP.

The trunk interface can forward traffic on VLAN 1,100 and 200 and can propogate ALL VLAN's via VTP. Just because the downstream switch has learned about all 200 VLAN's does not mean that it is actually utilizing them, however.

glen.grant · ‎06-11-2012

Kyle is correct , only the vlans "allowed" can pass traffic across the link . VTP propagates all vlans configured on the vtp server to other servers or clients. This allows you to put ports into any of those vlans on any client switches. But unless those vlans are allowed across the trunk traffic will not pass . VTP and allowed vlans across a trunk are 2 different things.

smehrnia · ‎06-11-2012

Hi James,

When you issue this command on a Trunk interface, you tell your Switch to check VLAN tags before forwarding traffic, and (in your case) only allow traffic with the vlan tags of 1,100,200 to pass through.

Although it Does NOT Prevent System Management traffic [ie: VTP, CDP, etc.] to move in the network, and thats what propagates vlan database across network, therefor you will see the database but will only forward those ALLOWED vlans from that port on the trunk link.

plz Rate if it helped.

Soroush

Hope it Helps!

Soroush.