Solved: Re: VLAN

eduangelo · ‎01-07-2019

is it possible deny traffic of the some vlans between switches ?

Other doubt that i have, when i am creating a trunk between switches.

I will have traffic by default, between vlans at the switches.

And i use the command switchport trunk allowed vlan to allow traffic the some vlans.

The traffic that exist by default in the vlans, it goes to continue the exists ?

Andrew Khalil · ‎01-07-2019

Hello @eduangelo,

Greetings,

Actually when you type:

#switchport mode trunk

it means that your are allowing all the created vlans within that switch!

But if you want to allow some (i.e 10,11,12,20), you will need to add this command:

#switchport trunk allowed vlan 10,11,12,20

note that you can type it instead of that

#switchport trunk allowed vlan 10-12,20

if later on you would like to trunk vlan 13 for example, you can not type:

#switchport trunk allowed vlan 13

as it will overwrite the command of 10,11,12,20 to add this vlan you need to type:

#switchport trunk allowed vlan add 13

while if you want to remove vlan 10 for example, you can type:

#switchport trunk allowed vlan remove 10

Also if you want to allow all vlans except vlan 11, you can type:

#switchport trunk allowed vlan except 10

Please don’t forget to rate all the helpful responses and mark the solutions!

Bst Rgds,

Andrew Khalil

View solution in original post

Patrick.Williams · ‎01-07-2019

There are two ways to limit VLANS from one switch to another or between multiple switches.

1 Manual Pruning - this method requires you to use the switchport trunk allowed command as mentioned in your post to prevent unwanted VLAN along with the broadcast traffic to be restricted form one switch to another.

EXAMPLE

The other method is Automatic Pruning, this will prevent unused VLANS from spanning multiple switches if they are not being used, saving you the headache of manually pruning the VLANS on multiple switches especially if your are in a large environment, this can get out of hand easily.

VTP pruning should only be enabled on VTP servers, all the clients in the VTP domain will automatically enable VTP pruning. By default VLAN 1 can’t be pruned because it’s an administrative VLAN. Both VTP versions 1 and 2 support pruning.

P.Williams

View solution in original post

Andrew Khalil · ‎01-07-2019

Hello @eduangelo,

Yes, #switchport trunk allowed vlan except 10,

means that it will allow all except 10!

Please don't forget to RATE all helpful responses! and MARK solutions!

Bst Rgds,

Andrew Khalil

View solution in original post

Reza Sharifi · ‎01-07-2019

Yes, just allow the vlans you need to have on the trunk by using the command

switchport trunk allowed vlan

this way only specific vlans you want are allowed and nothing else.

HTH

Andrew Khalil · ‎01-07-2019

Hello @eduangelo,

Greetings,

Actually when you type:

#switchport mode trunk

it means that your are allowing all the created vlans within that switch!

But if you want to allow some (i.e 10,11,12,20), you will need to add this command:

#switchport trunk allowed vlan 10,11,12,20

note that you can type it instead of that

#switchport trunk allowed vlan 10-12,20

if later on you would like to trunk vlan 13 for example, you can not type:

#switchport trunk allowed vlan 13

as it will overwrite the command of 10,11,12,20 to add this vlan you need to type:

#switchport trunk allowed vlan add 13

while if you want to remove vlan 10 for example, you can type:

#switchport trunk allowed vlan remove 10

Also if you want to allow all vlans except vlan 11, you can type:

#switchport trunk allowed vlan except 10

Please don’t forget to rate all the helpful responses and mark the solutions!

Bst Rgds,

Andrew Khalil

eduangelo · ‎01-07-2019

This command switchport trunk allowed vlan except 10 , allow that not to be send traffic this vlan by trunk ?

Andrew Khalil · ‎01-07-2019

Hello @eduangelo,

Yes, #switchport trunk allowed vlan except 10,

means that it will allow all except 10!

Please don't forget to RATE all helpful responses! and MARK solutions!

Bst Rgds,

Andrew Khalil

eduangelo · ‎01-09-2019

Hi, @Andrew Khalil

Do i can to create a subinterface and assign the a vlan ?

For to be more understand :

rotuter#> vlan 255
router#> interface f0/1.255
router#> switchport mod acess vlan 255

Andrew Khalil · ‎01-09-2019

@eduangelo,

No, you can not!

You will not find such a command:

switchport mod acess vlan 255!

I think you want to create router on stick:

assuming that you have 2 vlans (vlan 10 and 20) in you network, and you want to route between both of them, so,

On router:

#int f0/1

#no shutdown

#int f0/1.1

#encapsulation dot1q 10

#ip add 10.1.10.1 255.255.255.0

(this command means that you will put this sub-interface in vlan 10)

#int f0/1.2

#encapsulation dot1q 20

#ip add 10.1.20.1 255.255.255.0

(this command means that you will put this sub-interface in vlan 20)

Please don't forget to RATE every helpful response and MARK it as a solution!

It will be so nice from you!

Bst Rgds,

Andrew Khalil

Patrick.Williams · ‎01-07-2019

There are two ways to limit VLANS from one switch to another or between multiple switches.

1 Manual Pruning - this method requires you to use the switchport trunk allowed command as mentioned in your post to prevent unwanted VLAN along with the broadcast traffic to be restricted form one switch to another.

EXAMPLE

The other method is Automatic Pruning, this will prevent unused VLANS from spanning multiple switches if they are not being used, saving you the headache of manually pruning the VLANS on multiple switches especially if your are in a large environment, this can get out of hand easily.

VTP pruning should only be enabled on VTP servers, all the clients in the VTP domain will automatically enable VTP pruning. By default VLAN 1 can’t be pruned because it’s an administrative VLAN. Both VTP versions 1 and 2 support pruning.

P.Williams