Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Command rejected: Bad VLAN allowed list. You have to include all default vlans, e.g. 1-2,1002-1005.

Hi guys,

Im trying to simulate a switch in Gns3 and i use 16ESW module in a cisco 3700 router.

Can you please tell why im getting this record after i try to filter which vlans pass through my trunk port:

Router(config-if)#switchport trunk allowed vlan 2,3,4

Command rejected: Bad VLAN allowed list. You have to include all default vlans, e.g. 1-2,1002-1005.

Tnx,

Gabriel

Everyone's tags (8)
1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Command rejected: Bad VLAN allowed list. You have to include all

Hello Gabriel,

On older switching platforms and modules, the VLANs 1, 1002-1005 were basically untouchable - meaning that apart from being the 5 built-in VLANs that existed even if no other VLANs were created, you could not even manually prune them off the trunks. These VLANs simply had to be allowed everywhere.

Newer switching platforms allow you to prune these VLANs from trunks, although for backward compatibility, neither of these VLANs can be deleted. On recent switches, you can even prune the VLAN1 from trunks. This feature is called VLAN1 Minimization and causes the user data traffic to be pruned off the trunks while the inter-switch protocols carried in VLAN1 (CDP, VTP, etc.) will still be allowed.

The resume: don't worry about this too much, as this is related to a particular IOS and platform limitations. Always start only by allowing only the VLANs you're interested in. If the switch requires to have additional VLANs allowed along as well, it will tell you.

Best regards,

Peter

6 REPLIES
Cisco Employee

Command rejected: Bad VLAN allowed list. You have to include all

Hello Gabriel,

On older switching platforms and modules, the VLANs 1, 1002-1005 were basically untouchable - meaning that apart from being the 5 built-in VLANs that existed even if no other VLANs were created, you could not even manually prune them off the trunks. These VLANs simply had to be allowed everywhere.

Newer switching platforms allow you to prune these VLANs from trunks, although for backward compatibility, neither of these VLANs can be deleted. On recent switches, you can even prune the VLAN1 from trunks. This feature is called VLAN1 Minimization and causes the user data traffic to be pruned off the trunks while the inter-switch protocols carried in VLAN1 (CDP, VTP, etc.) will still be allowed.

The resume: don't worry about this too much, as this is related to a particular IOS and platform limitations. Always start only by allowing only the VLANs you're interested in. If the switch requires to have additional VLANs allowed along as well, it will tell you.

Best regards,

Peter

New Member

Command rejected: Bad VLAN allowed list. You have to include all

ok, greetings for helping me out.

Router(config-if)#do sh run int fa1/8

Building configuration...

Current configuration : 114 bytes

!

interface FastEthernet1/8

switchport trunk allowed vlan 1-4,23,66,75,467,1002-1005

switchport mode trunk

end

New Member

Re: Command rejected: Bad VLAN allowed list. You have to include

İ cant understand how is the problem resolving?

Sent from Cisco Technical Support iPhone App

New Member

Re: Command rejected: Bad VLAN allowed list. You have to include

if dont put near other vlans ex: 10,20,30,200 also 1-2, 1002-1005 you will get the message from ios:

Command rejected: Bad VLAN allowed list. You have to include all default vlans, e.g. 1-2,1002-1005.

New Member

Re: Command rejected: Bad VLAN allowed list. You have to include

You mean that for example i create vlans 10 , 20 then i should use this vlans(10,20) near the 1-2,1002,1005? Am i understand right?

Sent from Cisco Technical Support iPhone App

New Member

Re: Command rejected: Bad VLAN allowed list. You have to include

correct, just add always vlans 1-2,1002-1005 beside your desired vlans.

7367
Views
11
Helpful
6
Replies
CreatePlease to create content