trunk question, pruning?

Leonardo Pena Davila · ‎03-09-2006

Hi, I have a question regarding trunk links. If I want to allowe traffic from only few vlans between 2 devices should I have to configure both ends with the same config.

Example:

Distribuited layer Switch

interface GigabitEthernet2/8

description es-plcsedeP1C

no ip address

switchport

switchport trunk encapsulation dot1q

switchport trunk native vlan 45

switchport trunk allowed vlan 45,56

switchport trunk pruning vlan 2-44,46-55,57-1001,1006-4094

Acces Layer Switch

interface GigabitEthernet0/1

description es-plcdatacenter2

switchport trunk native vlan 45

switchport trunk allowed vlan 45,56

switchport trunk pruning vlan 2-44,46-55,57-1001,1006-4094

switchport mode trunk

end

Thanks for your time

lgijssel · ‎03-09-2006

Hello there,

I assume that your config will do what you desire but maybe it is a bit too restrictive. Pruning and disallowing vlans are easily forgotten when a vlan needs to be added.

The extra bandwidth that is gained through pruning is probably not worth the trouble. Besides, it may have undesirable side effects, on pvst for example.

There may be folks out there that use pruning to implement security but I'm one of them.

Regards,

Leo