switchport trunk allowed vlan

musthafa786 · ‎03-27-2013

below is the interface configuration between my distribution 1 and 2 switch , both are hsrp routers ( i.e for some vlan switch 1 active/standby and for some vlan switch 2 active/standby) , there are many vlan in both switches

interface TenGigabitEthernet5/5

switchport

switchport trunk encapsulation dot1q

switchport mode trunk

!

Here I just configured the port as dot1q trunk, no other additional command , is the switchport trunk allowed vlan needed in this interface configuration ?

what should be the advantage of giving switchport trunk allowed vlan in trunk interface between two hsrp routers ? need help..

Leo Laohoo · ‎03-27-2013

Here I just configured the port as dot1q trunk, no other additional command , is the switchport trunk allowed vlan needed in this interface configuration ?

You can if you want to. Personally, I do. I ALWAYS do.

paul driver · ‎03-27-2013

Hello
Its a goid way to prohibit unecessary vlan traffic over the trunk links because as by default all vlans are allowed.

res
Paul

Sent from Cisco Technical Support Android App

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

InayathUlla Sharieff · ‎03-27-2013

Hi Mohammed,

AS suggested its always a good practice to allow the vlan explicity on the trunk links. Yes by default the vlans will be allowed on the trunk links. I have seen the testing and found to be not good to allowed all the vlans on the trunk links unless there is any specific required to do the same.

HTH

Regards

Inayath

Ricardo Suarez Gamez · ‎10-28-2013

Hi Inayath

What if the VLAN is not created in the equipment (vlan database), would adding all vlans on their trunks still be propagating unnecesary traffic of that VLAN ?

BR
Ricardo

Sent from Cisco Technical Support iPhone App

Richard Burts · ‎10-28-2013

Ricardo

When you configure a switch interface as a trunk it will, by default, allow every active vlan traffic over that trunk. This certainly carries the possibility that it could be carrying traffic that you do not really want over that link. To answer your specific question: if a vlan has not yet been created, then how could there be traffic on that vlan?

Whether there is propagation of unnecessary traffic depends on the design of your network. But there certainly are situations where this does happen. We can not tell whether it is a factor in your network until we learn more about your network.

HTH

Rick

HTH

Rick

balbaletabrez · ‎03-27-2013

Hi

To be more specific... Add vlan numbers to avoid all vlans traffic..

Sent from Cisco Technical Support Android App

JohnTylerPearce · ‎10-28-2013

Just remember when you add that command that is a gotcha involved.

If you want to add, let's say vlan 500, do not do the following.

'switchport trunk allowed vlan 500'

This will allow ONLY vlan 500, and will knock off any other vlans you have on that trunk.

You will need to do the following

'switchport trunk allowed vlan add vlan 500'

This will add vlan 500 onto the list of allowable vlans on the trunk.

Just a friendly reminder.

samhindi · ‎09-18-2019

Hello everyone,

I know this is a bit old blog, but I hope if someone could help!

I have 4 VLANs (51,52,53,54) , I have set a port 22 (server port) as Trunk as per the below :

c3550(config)#int Gi1/0/22
c3550(config-if)#switchport trunk encapsulation dot1q
c3550(config-if)#switchport mode trunk

Port 21 on Vlan 51 could not ping the server on port 22 (trunk).

I've added
c3550(config-if)#switchport trunk allowed vlan 51

c3550(config-if)#switchport trunk native vlan 51

so ping worked.

I had to use native vlan.

1-Should'nt only setting the port to Trunk be enough to ping the Machine on the port from any VLAN ? (ip routing applied also)

2-I need the 4 VLANS to ping the server on port 22 (server) , but you can only add 1 native vlan, how to do this >?

Appreciate every help!

SAM Hindi

samer@syber-technology.com

vb10 · ‎09-19-2019

Hello,

Do you need this server to have 4 IP addresses (1 IP in each VLAN)? If yes, then you need to configure server interface as trunk (or tagged), add VLANs, and configure IP settings for each VLAN. Switchport also should be in trunk mode

If you need this server to be located only in VLAN51(untagged), then it's enough to have the port as access in vlan51:

c3550(config)#int Gi1/0/22
c3550(config-if)#switchport mode access

c3550(config-if)#switchport access vlan 51

It should be pingable from other VLANs, if you have correct IP settings (especially default gateway) on all the hosts, correct routing, and no filtering.

samhindi · ‎09-19-2019

hi there ,

Thanks for the reply,.

I have configured port 22 (server) as

interface GigabitEthernet1/0/22
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 51-54
switchport mode trunk

no ping and no access from Vlan51-54.

Am I missing some commands ?

I am pinging from

interface GigabitEthernet1/0/7
switchport access vlan 54

and

interface GigabitEthernet1/0/20
switchport access vlan 51
switchport mode access

Thanks again.

farhanpasta · ‎01-31-2020

You need to configure servers to tag VLANs on the frames.

Usually when it is an access port the switch will tag the frame on the ingress and remove the tag on egress. Trunk ports do not tag and neither they remove the tags.

In this case, the server must tag and forward frames.