04-23-2024 08:26 PM
Hello,
At my home, I had an 8 port 2960G switch die after a power outage today. I replaced it with a ISR 1921 that has an 8 port ESM. It's been a very long time since I messed with configuring ESMs... My plan was to just copy over all of the switch's interface configs to the router's ESM interfaces. Unfortunately, I'm unable to run the "switchport trunk allowed vlan 25,50,100" command on the router. Here's some syntax from a backup of the switch's config and the new router:
Here's my 2960G interface config:
interface GigabitEthernet0/1
description Inside-SW
switchport trunk native vlan 999
switchport trunk allowed vlan 25,50,100
switchport mode trunk
switchport nonegotiate
ip dhcp snooping trust
Here's the ISR 1921 ESM config:
interface GigabitEthernet0/1/0
description Inside-SW
switchport trunk native vlan 999
switchport mode trunk
switchport nonegotiate
no ip address
ip dhcp snooping trust
I'm unable to run "show vlan" on the router but I can run "show int gig 0/1/0 switchport", which is useful:
shop-rtr#show int gig 0/1/0 switchport
Name: Gi0/1/0
Switchport: Enabled
Administrative Mode: trunk
Operational Mode: trunk
Administrative Trunking Encapsulation: dot1q
Operational Trunking Encapsulation: dot1q
Negotiation of Trunking: Off
Access Mode VLAN: 0 ((Inactive))
Trunking Native Mode VLAN: 999 (TrunkNative)
Trunking VLANs Enabled: ALL
Trunking VLANs Active: 1,25,50,100,999
Protected: false
Priority for untagged frames: 0
Override vlan tag priority: FALSE
Voice VLAN: none
Appliance trust: none
shop-rtr#
This output shows that I'm trunking 1,25,50,100, and 999, but I only want to allow 25, 50, and 100. Is there a router/ESM equivalent to the "switchport trunk allowed vlan X,Y,Z" command?
Thanks in advance!
Solved! Go to Solution.
04-24-2024 06:45 AM
Hello,
For anyone else having the same problem, I found my solution here:
Per Peter Paluch,
On older switching platforms and modules, the VLANs 1, 1002-1005 were basically untouchable - meaning that apart from being the 5 built-in VLANs that existed even if no other VLANs were created, you could not even manually prune them off the trunks. These VLANs simply had to be allowed everywhere.
Newer switching platforms allow you to prune these VLANs from trunks, although for backward compatibility, neither of these VLANs can be deleted. On recent switches, you can even prune the VLAN1 from trunks. This feature is called VLAN1 Minimization and causes the user data traffic to be pruned off the trunks while the inter-switch protocols carried in VLAN1 (CDP, VTP, etc.) will still be allowed.
Based on Peter's post, I did some testing and I am able to do things like "switchport trunk allowed vlan except 50", I just can't mess with VLAN 1 or 1002 - 1005.
04-23-2024 10:42 PM
- In terms of basic intranet networking it's kind of strange that you replaced a switch with a router where those commands are standard available , I would presume that 'in that place/topology' - just another switch would be needed ,
M.
04-24-2024 05:40 AM
Hello Marce1000,
Because this is a configuration at home, I'm somewhat limited in the gear I have on hand. I suppose if a work switch died, I'd probably replace it with a spare; I just don't keep spares at home. I suppose I could purchase another 2960G on eBay (that's where I got the last one) but it'll cost no less than $100 (the going rate for them right now with shipping). Since the router has an 8 port gigabit ESM, I figured I'd give it a shot (free to try after all). Turns out, most of the syntax works. In fact, all of the services/capabilities my switch previously performed are currently working on the router. I'm just trying to get the "switchport trunk allowed vlan X,Y,Z" part figured out.
Any chance you have a few ideas about how to implement syntax similar to "switchport trunk allowed vlan X,Y,Z" on a router with an ESM?
04-24-2024 06:45 AM
Hello,
For anyone else having the same problem, I found my solution here:
Per Peter Paluch,
On older switching platforms and modules, the VLANs 1, 1002-1005 were basically untouchable - meaning that apart from being the 5 built-in VLANs that existed even if no other VLANs were created, you could not even manually prune them off the trunks. These VLANs simply had to be allowed everywhere.
Newer switching platforms allow you to prune these VLANs from trunks, although for backward compatibility, neither of these VLANs can be deleted. On recent switches, you can even prune the VLAN1 from trunks. This feature is called VLAN1 Minimization and causes the user data traffic to be pruned off the trunks while the inter-switch protocols carried in VLAN1 (CDP, VTP, etc.) will still be allowed.
Based on Peter's post, I did some testing and I am able to do things like "switchport trunk allowed vlan except 50", I just can't mess with VLAN 1 or 1002 - 1005.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide