Solved: what is switchport trunk allowed means

muzazamubika12 · ‎12-15-2012

anyone now what exactly this command is for ?

George Stefanick · ‎12-15-2012

When you configure a truck all vlans are allowed. If you want to shape what vlans are allowed over, say just vlan 10 and 20. You can use the allowed command..

Make sense ?

Sent from Cisco Technical Support iPhone App

"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
___________________________________________________________

View solution in original post

Leo Laohoo · ‎12-15-2012

By default, when you have a trunk link, ALL VLANs are allowed to pass through.

"switchport trunk allow vlan" gives you the control by specifying which VLANs you want to allow to go through the trunk link. This is very useful when you want to, say, all server to stay inside this switch and will not be able to go "out" to the next switch.

View solution in original post

George Stefanick · ‎12-15-2012

When you configure a truck all vlans are allowed. If you want to shape what vlans are allowed over, say just vlan 10 and 20. You can use the allowed command..

Make sense ?

Sent from Cisco Technical Support iPhone App

"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
___________________________________________________________

muzazamubika12 · ‎12-15-2012

yes now i know.

but if we want to allow specific ip address can or not?

Leo Laohoo · ‎12-15-2012

No it can't. "allowed" VLAN is Layer 2 while IP Addressing is Layer 3.

You want to allow/deny a specific IP Address or a block of IP Addresses then you are talking about Access Control List (aka ACL).

There are two types: Standard ACL and Extended ACL.

Leo Laohoo · ‎12-15-2012

By default, when you have a trunk link, ALL VLANs are allowed to pass through.

"switchport trunk allow vlan" gives you the control by specifying which VLANs you want to allow to go through the trunk link. This is very useful when you want to, say, all server to stay inside this switch and will not be able to go "out" to the next switch.

Joseph W. Doherty · ‎12-20-2012

Disclaimer

The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.

Liability Disclaimer

In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.

Posting

BTW, the common reason for restricting VLANs down trunks is to "prune" the VLAN(s) from where it's not needed. This avoids forwarding unneeded VLAN broadcast traffic down the trunk and it also helps reduce the STP topology.

Also BTW, if you're using Cisco switches, and using VTP, you can enable automatic pruning, where VTP will block VLAN traffic going down trunks when it's not needed.