Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
523
Views
0
Helpful
3
Replies

Question on Configuration for VTP trunk

blittrell
Level 1
Level 1

‎06-23-2011 02:59 PM - edited ‎03-07-2019 12:57 AM

Hi All,

    I was thinking of reconfiging my network to help alleviate stp/broadcast packets across the WAN.  Currently we use VTP and 802.1x to assign vlans.  Each site has several vlans and people can login to their "home" vlan from anywhere on the network.  My thought is that I can assign a vlan via a generic name, say "employee" .  So if the user is an employee Radius would respond with the "employee" vlan.  I also wanted to keep the vtp but maintain a separate employee vlans at each site. So I am thinking that on the trunking port I do an "switchport trunk allowed vlan except " command with the set vlan number for the vlan in question on each of the route point switches.

   So if "employee" vlan is 135 the on the sites route point that takes in a vtp trunk from the central switch I would do a "switchport trunk allowed vlan except 135".  Then create a local int vlan 135 interface assign the correct IP subnet.  From some preliminary tests it looks like the name still gets published but the vlan from the central switch is not extended.

    Now if an employee logs in they will get onto the local employee subnet and not on the same network they would be on if they belonged to another site.  Plus other VTP deflivered vlans would still be available if needed.

    Will this work or is there something I am missing here?

Thanks

Labels:
0 Helpful
3 Replies 3

Edison Ortiz
Hall of Fame
Hall of Fame

‎06-23-2011 03:13 PM

You are doing manual VTP pruning which is quite useful for limiting Vlans on trunked ports.

One observation on the command "switchport trunk allowed vlan except 135"

This command will allow all Vlans except 135 and I believe you want the opposite, correct?

0 Helpful

blittrell
Level 1
Level 1
In response to Edison Ortiz

‎06-24-2011 08:12 AM

Hi Edison,

    I believe I do have it right.  Basically I want all the vlans to propogate except for a few at each site.  So for instance "employee" vlan 135 may have a route interface at SiteA with an address of 192.168.1.1, SiteB will have one with 192.168.2.1 etc..  This way I am able to keep the current vlans at the site without having to make to many changes at once and be able to make sure that when someone from SiteB at SiteA that is an employee is on the SiteA employee vlan and not the SiteB Vlan.

    Please let me know if I got this turned around in my head, that happens with me and Cisco sometimes:)

0 Helpful

Edison Ortiz
Hall of Fame
Hall of Fame
In response to blittrell

‎06-24-2011 08:14 AM 

blittrell wrote:
Hi Edison,
    I believe I do have it right.  Basically I want all the vlans to propogate except for a few at each site. 

Then you have it right.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card