06-11-2012 12:29 PM - edited 03-07-2019 07:11 AM
Folks,
I have this command configured on a trunk interface on my upstream switch...
switchport trunk allowed vlan 1,100,200
However, when issuing the "sh vlan brief" command on the downstream switch connected to this trunk I see all 200 of my VLANs.
VTP config revision is the same. Upsteam switch is a VTP server, downstream is a client.
Any idea's?
Thanks
06-11-2012 01:51 PM
Hi James,
The command you have referenced only restricts data forwarding, it does not affect which VLANs are propogated via VTP.
The trunk interface can forward traffic on VLAN 1,100 and 200 and can propogate ALL VLAN's via VTP. Just because the downstream switch has learned about all 200 VLAN's does not mean that it is actually utilizing them, however.
06-11-2012 03:10 PM
Kyle is correct , only the vlans "allowed" can pass traffic across the link . VTP propagates all vlans configured on the vtp server to other servers or clients. This allows you to put ports into any of those vlans on any client switches. But unless those vlans are allowed across the trunk traffic will not pass . VTP and allowed vlans across a trunk are 2 different things.
06-11-2012 04:31 PM
Hi James,
When you issue this command on a Trunk interface, you tell your Switch to check VLAN tags before forwarding traffic, and (in your case) only allow traffic with the vlan tags of 1,100,200 to pass through.
Although it Does NOT Prevent System Management traffic [ie: VTP, CDP, etc.] to move in the network, and thats what propagates vlan database across network, therefor you will see the database but will only forward those ALLOWED vlans from that port on the trunk link.
plz Rate if it helped.
Soroush
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide