Does it need add the native vlan to allowed vlan list ?

rico_hao40 · ‎07-24-2006

If I confiured the port like this "

switchport trunk native vlan 10

switchport trunk allowed vlan 11,12"

does the vlan 10 allowed passing ? or it still need add vlan 10 to the allowed vlan list like "

switchport trunk native vlan 10

switchport trunk allowed vlan 10,11,12"

Thanks

chrihussey · ‎07-24-2006

If you want to pass VLAN 10 traffic across the trunk you will need to add it to the allowed list.

tdrais · ‎07-24-2006

I think it will depend on your encapsulation.

Since all packets are really tagged with isl I don't remember if the native vlan changes the tag to 0 or it stays at 10.

For 802.1q the tags are removed from the packets that are declared as native. Untagged packets are always allowed over a trunk. I don't think you can disable the passing of untagged packets. So I think for 802.1q your native vlan is always allowed even if you do not place it in the allow list.

Kevin Dorrell · ‎07-25-2006

Yes you can remove the native VLAN from the list, and it does prevent the native VLAN from traversing the trunk. That is, if you look at the Spanning Tree for the native VLAN, the trunk will be absent from the list of ports on the VLAN.

The question of untagged frames is a different one. There are some control protocols, particularly link-local ones, that are sent untagged, and these will traverse the trunk regardless. However, they are not considered as part of the native VLAN Spanning Tree as such.

But beware: there is a bug in earlier IOS and in all CatOS switches! If you use a non-1 VLAN as your trunk native VLAN, and you disallow it from the trunks, and there are no other ports carrying that native VLAN, then the Spanning Tree for that VLAN shut down. That is fair enough. But the bug is that the Spanning Tree for VLAN 1 also breaks down, sending your network into meltdown.

Kevin Dorrell

Luxembourg