Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
13102
Views
0
Helpful
3
Replies

Only allow certain VLAN's down trunk?

Andy White
Level 3
Level 3

‎01-27-2011 07:42 AM - edited ‎03-06-2019 03:14 PM

Hello,

I need to only allow VLAN 10 and 15 down a trunk, but I'm not sure what config I should use.  On one switch we have this setup like this:

interface FastEthernet1/0/1

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 3,4

switchport mode trunk

But I thought I should be using the "pruning" option instead of the "allow"?

Please help.

Labels:
0 Helpful
3 Replies 3

jonathanaxford
Level 3
Level 3

‎01-27-2011 07:44 AM

Hi Andy,

That config is perfect for restricting VLANs down a trunk.

VTP Pruining will not restrict VLAN traffic from a trunk, it will merely "Prune" it when it is not required. The switchport trunk allowed vlan command should be used to actually block VLANs from going over the trunk. (Make sure its the same at both ends otherwise you'll end up with lots of discards...)

Many thanks

Jonathan

0 Helpful

Collin Clark
VIP Alumni
VIP Alumni

‎01-27-2011 07:45 AM

The prune command is used when you're running VTP. If you're running in transparent mode then the config below is correct.

Do you know if you're running VTP? You can try show vtp status to find out.

Hope it helps.

0 Helpful

nelson.garcia
Level 1
Level 1

‎01-27-2011 07:47 AM

Hello.


By default, all existing VLANs are allowed to be sent across the trunk.

If we want to DENY specific VLANs across the trunk, we can do that. For example, if we want to allow vlans 1-500 through the trunk, and NEVER allow vlans 501-1000, we could use the command:

switchport trunk allowed vlan 1-500 (which would exclude 501-1000)

This would NEVER allow VLAN traffic for 501-1000 to travel over the trunk.

Now for the pruning scenario.......

If we allowed ALL VLANS on the trunk, but wanted the switches to dynamically notify each other when they had no clients in specific VLANs, so that we don't waste bandwidth sending frames down trunks to switches that don't need them, we can use PRUNING.

From the docs:

"VTP pruning increases network available bandwidth by restricting flooded traffic to those trunk links that the traffic must use to reach the destination devices. Without VTP pruning, a switch floods broadcast, multicast, and unknown unicast traffic across all trunk links within a VTP domain even though receiving switches might discard them. VTP pruning is disabled by default.
VTP pruning blocks unneeded flooded traffic to VLANs on trunk ports that are included in the pruning-eligible list. Only VLANs included in the pruning-eligible list can be pruned. By default, VLANs 2 through 1001 are pruning eligible switch trunk ports. If the VLANs are configured as pruning-ineligible, the flooding continues. VTP pruning is supported with VTP Version 1 and Version 2."

I hope this helps-

Keith Barker

https://learningnetwork.cisco.com/message/90511

http://www.google.com/#sclient=psy&hl=en&q=allowed+vs+pruning&aq=f&aqi=&aql=&oq=&pbx=1&fp=b9d89de37295e86f

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card