Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
517
Views
0
Helpful
4
Replies

VLAN always allowed on the trunks port?

mcardell
Cisco Employee
Cisco Employee

‎06-11-2004 06:09 AM - edited ‎03-02-2019 04:19 PM

Good morning all,

What VLANs will always be carried across a trunking connection?

From my knowledge it is the native VLAN.

By default, VLAN 1 is the native VLAN on all switches.

Correct?

Any links available on CCO?

Thanks

Matteo

Labels:
0 Helpful
4 Replies 4

chchoy
Level 1
Level 1

‎06-12-2004 12:48 AM

Indeed, Vlan1 is the native vlan by default but however i think you should able to create another vlan and set it to trunk connection.

0 Helpful

a.manosca
Level 4
Level 4
In response to chchoy

‎06-13-2004 08:46 PM

Matteo,

By default (probably not on all Catalayst switch families), ALL Vlans are allowed on a trunk port. Following are some links for your reference:

[Catalyst 2950]

http://www.cisco.com/univercd/cc/td/doc/product/lan/cat2950/12120ea2/2950cr/cli2.htm#wp1635508

[Catalyst 3550]

http://www.cisco.com/univercd/cc/td/doc/product/lan/c3550/12120ea2/3550cr/cli2.htm#wp2423140

[Catalyst 6000 - Native IOS]

http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/12_1e/comref/s1.htm#wp1184170

If you only want to allow certain Vlans, you might have to remove all Vlans first, then add the list of Vlans that can send and receive traffic through the specific trunk interface.

HTH.

0 Helpful

milan.kulik
Level 10
Level 10
In response to a.manosca

‎06-13-2004 11:09 PM

Hi,

I don't agree with "you might have to remove all Vlans first, then add the list of Vlans that can send and receive traffic through the specific trunk interface."

Removing all VLANs from a trunk can be pretty dangerous - you can loose connection to your switch.

So it's more safe just remove the VLANs you want to deny from the trunk.

See switchport trunk allowed vlan remove vlan-list

command description

http://www.cisco.com/univercd/cc/td/doc/product/lan/cat2950/12120ea2/2950scg/swvlan.htm#wp1150302

as an example.

Just be careful when removing VLAN1.

It has some special features:

"CDP, VTP, and PAgP updates are always forwarded on trunks with a VLAN 1 tag. This is the case even if VLAN 1 has been cleared from the trunks and is not the native VLAN."

"802.1Q IEEE BPDUs are forwarded untagged on the common Spanning Tree VLAN 1 for interoperability with other vendors, unless VLAN 1 has been cleared from the trunk."

(My note: It should be 801.2d, BPDUs are sent tagged when VLAN1 is not the native one.)

Read VLAN1 part of http://www.cisco.com/warp/customer/473/103.html#cat_control

for details.

I've also noticed some bugs on Cat3550 related to VLAN1 removing from trunk.

Regards,

Milan

0 Helpful

a.manosca
Level 4
Level 4
In response to milan.kulik

‎06-13-2004 11:26 PM

"Removing all VLANs from a trunk can be pretty dangerous - you can loose connection to your switch."

My mistake, I forgot to mention that my suggestion should not be done on a live network. Maybe because of the way I configure new or additional switches, or those switches currently being used, where Vlans are not contiguous. So as Milan mentioned, it is more safe to remove just the Vlans you want to deny.

Thanks for the correction, Milan.

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card