cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
383
Views
0
Helpful
3
Replies

Trunk commands for ISR ESM?

robertramsey
Level 1
Level 1

Hello,

At my home, I had an 8 port 2960G switch die after a power outage today.  I replaced it with a ISR 1921 that has an 8 port ESM.  It's been a very long time since I messed with configuring ESMs...  My plan was to just copy over all of the switch's interface configs to the router's ESM interfaces.  Unfortunately, I'm unable to run the "switchport trunk allowed vlan 25,50,100" command on the router.  Here's some syntax from a backup of the switch's config and the new router:

Here's my 2960G interface config:

 

interface GigabitEthernet0/1
 description Inside-SW
 switchport trunk native vlan 999
 switchport trunk allowed vlan 25,50,100
 switchport mode trunk
 switchport nonegotiate
 ip dhcp snooping trust

 

Here's the ISR 1921 ESM config:

 

interface GigabitEthernet0/1/0
 description Inside-SW
 switchport trunk native vlan 999
 switchport mode trunk
 switchport nonegotiate
 no ip address
 ip dhcp snooping trust

 

 I'm unable to run "show vlan" on the router but I can run "show int gig 0/1/0 switchport", which is useful:

 

shop-rtr#show int gig 0/1/0 switchport
Name: Gi0/1/0
Switchport: Enabled
Administrative Mode: trunk
Operational Mode: trunk
Administrative Trunking Encapsulation: dot1q
Operational Trunking Encapsulation: dot1q
Negotiation of Trunking: Off
Access Mode VLAN: 0 ((Inactive))
Trunking Native Mode VLAN: 999 (TrunkNative)
Trunking VLANs Enabled: ALL
Trunking VLANs Active: 1,25,50,100,999
Protected: false
Priority for untagged frames: 0
Override vlan tag priority: FALSE
Voice VLAN: none
Appliance trust: none
shop-rtr#

 

This output shows that I'm trunking 1,25,50,100, and 999, but I only want to allow 25, 50, and 100.  Is there a router/ESM equivalent to the "switchport trunk allowed vlan X,Y,Z" command?

Thanks in advance!

1 Accepted Solution

Accepted Solutions

robertramsey
Level 1
Level 1

Hello,

For anyone else having the same problem, I found my solution here:

https://community.cisco.com/t5/switching/command-rejected-bad-vlan-allowed-list-you-have-to-include-all/m-p/2067603/highlight/true#M234772 

Per Peter Paluch,

On older switching platforms and modules, the VLANs 1, 1002-1005 were basically untouchable - meaning that apart from being the 5 built-in VLANs that existed even if no other VLANs were created, you could not even manually prune them off the trunks. These VLANs simply had to be allowed everywhere.

Newer switching platforms allow you to prune these VLANs from trunks, although for backward compatibility, neither of these VLANs can be deleted. On recent switches, you can even prune the VLAN1 from trunks. This feature is called VLAN1 Minimization and causes the user data traffic to be pruned off the trunks while the inter-switch protocols carried in VLAN1 (CDP, VTP, etc.) will still be allowed.

Based on Peter's post, I did some testing and I am able to do things like "switchport trunk allowed vlan except 50", I just can't mess with VLAN 1 or 1002 - 1005.

 

View solution in original post

3 Replies 3

marce1000
VIP
VIP

 

 - In terms of basic intranet networking it's kind of  strange  that you replaced a switch with a router where those commands are standard available , I would presume that 'in that place/topology' - just another switch would be needed , 

 M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

Hello Marce1000,

Because this is a configuration at home, I'm somewhat limited in the gear I have on hand.  I suppose if a work switch died, I'd probably replace it with a spare; I just don't keep spares at home.  I suppose I could purchase another 2960G on eBay (that's where I got the last one) but it'll cost no less than $100 (the going rate for them right now with shipping).  Since the router has an 8 port gigabit ESM, I figured I'd give it a shot (free to try after all).  Turns out, most of the syntax works.  In fact, all of the services/capabilities my switch previously performed are currently working on the router.  I'm just trying to get the "switchport trunk allowed vlan X,Y,Z" part figured out.

Any chance you have a few ideas about how to implement syntax similar to "switchport trunk allowed vlan X,Y,Z" on a router with an ESM?

robertramsey
Level 1
Level 1

Hello,

For anyone else having the same problem, I found my solution here:

https://community.cisco.com/t5/switching/command-rejected-bad-vlan-allowed-list-you-have-to-include-all/m-p/2067603/highlight/true#M234772 

Per Peter Paluch,

On older switching platforms and modules, the VLANs 1, 1002-1005 were basically untouchable - meaning that apart from being the 5 built-in VLANs that existed even if no other VLANs were created, you could not even manually prune them off the trunks. These VLANs simply had to be allowed everywhere.

Newer switching platforms allow you to prune these VLANs from trunks, although for backward compatibility, neither of these VLANs can be deleted. On recent switches, you can even prune the VLAN1 from trunks. This feature is called VLAN1 Minimization and causes the user data traffic to be pruned off the trunks while the inter-switch protocols carried in VLAN1 (CDP, VTP, etc.) will still be allowed.

Based on Peter's post, I did some testing and I am able to do things like "switchport trunk allowed vlan except 50", I just can't mess with VLAN 1 or 1002 - 1005.

 

Review Cisco Networking for a $25 gift card