cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
382
Views
0
Helpful
3
Replies

Trunk commands for ISR ESM?

robertramsey
Level 1
Level 1

Hello,

At my home, I had an 8 port 2960G switch die after a power outage today.  I replaced it with a ISR 1921 that has an 8 port ESM.  It's been a very long time since I messed with configuring ESMs...  My plan was to just copy over all of the switch's interface configs to the router's ESM interfaces.  Unfortunately, I'm unable to run the "switchport trunk allowed vlan 25,50,100" command on the router.  Here's some syntax from a backup of the switch's config and the new router:

Here's my 2960G interface config:

 

interface GigabitEthernet0/1
 description Inside-SW
 switchport trunk native vlan 999
 switchport trunk allowed vlan 25,50,100
 switchport mode trunk
 switchport nonegotiate
 ip dhcp snooping trust

 

Here's the ISR 1921 ESM config:

 

interface GigabitEthernet0/1/0
 description Inside-SW
 switchport trunk native vlan 999
 switchport mode trunk
 switchport nonegotiate
 no ip address
 ip dhcp snooping trust

 

 I'm unable to run "show vlan" on the router but I can run "show int gig 0/1/0 switchport", which is useful:

 

shop-rtr#show int gig 0/1/0 switchport
Name: Gi0/1/0
Switchport: Enabled
Administrative Mode: trunk
Operational Mode: trunk
Administrative Trunking Encapsulation: dot1q
Operational Trunking Encapsulation: dot1q
Negotiation of Trunking: Off
Access Mode VLAN: 0 ((Inactive))
Trunking Native Mode VLAN: 999 (TrunkNative)
Trunking VLANs Enabled: ALL
Trunking VLANs Active: 1,25,50,100,999
Protected: false
Priority for untagged frames: 0
Override vlan tag priority: FALSE
Voice VLAN: none
Appliance trust: none
shop-rtr#

 

This output shows that I'm trunking 1,25,50,100, and 999, but I only want to allow 25, 50, and 100.  Is there a router/ESM equivalent to the "switchport trunk allowed vlan X,Y,Z" command?

Thanks in advance!

1 Accepted Solution

Accepted Solutions

robertramsey
Level 1
Level 1

Hello,

For anyone else having the same problem, I found my solution here:

https://community.cisco.com/t5/switching/command-rejected-bad-vlan-allowed-list-you-have-to-include-all/m-p/2067603/highlight/true#M234772 

Per Peter Paluch,

On older switching platforms and modules, the VLANs 1, 1002-1005 were basically untouchable - meaning that apart from being the 5 built-in VLANs that existed even if no other VLANs were created, you could not even manually prune them off the trunks. These VLANs simply had to be allowed everywhere.

Newer switching platforms allow you to prune these VLANs from trunks, although for backward compatibility, neither of these VLANs can be deleted. On recent switches, you can even prune the VLAN1 from trunks. This feature is called VLAN1 Minimization and causes the user data traffic to be pruned off the trunks while the inter-switch protocols carried in VLAN1 (CDP, VTP, etc.) will still be allowed.

Based on Peter's post, I did some testing and I am able to do things like "switchport trunk allowed vlan except 50", I just can't mess with VLAN 1 or 1002 - 1005.

 

View solution in original post