Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
532
Views
30
Helpful
4
Replies

why would I limit specific vlans in a trunk with allowed vlan command?

Go to solution
israelpadilla
Level 1
Level 1

‎10-18-2022 11:18 PM

I mean, what could be a practical case of using this vlan limits

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Joseph W. Doherty
Hall of Fame
Hall of Fame
In response to Kasun Bandara

‎10-19-2022 07:24 AM

To expand a bit on what @Kasun Bandara described . . .

"saving bandwidth"

Blocking a VLAN, on a trunk, precludes broadcasts, unknown destination (switch) port unicast and unknown destination (switch) port multicast traffic from being sent across the trunk link.

"improve security"

If a VLANs traffic is not sent across the trunk, device on other side of the trunk, and all additional devices downstream do not have any way to tap into that VLAN traffic.  I.e. it's not physically present to access in any way.

"increase performance of network"

If trunk link and/or downstream device never physical "see" the excluded VLAN traffic, they never have to expend resources to process that traffic nor will that traffic contend/compete for resources.  Example of the former, receiving switch that doesn't have a need for the VLAN traffic to it, doesn't need to expend resources even dropping the undesired traffic.  Example of the latter, bandwidth on trunk link not used by excluded VLAN traffic available to other VLAN traffic.

View solution in original post

4 Replies 4

Go to solution
Kasun Bandara
VIP
VIP

‎10-18-2022 11:42 PM

saving bandwidth, improve security, increase performance of network

Please rate this and mark as solution/answer, if this resolved your issue
Good luck
KB

Go to solution
Joseph W. Doherty
Hall of Fame
Hall of Fame
In response to Kasun Bandara

‎10-19-2022 07:24 AM

To expand a bit on what @Kasun Bandara described . . .

"saving bandwidth"

Blocking a VLAN, on a trunk, precludes broadcasts, unknown destination (switch) port unicast and unknown destination (switch) port multicast traffic from being sent across the trunk link.

"improve security"

If a VLANs traffic is not sent across the trunk, device on other side of the trunk, and all additional devices downstream do not have any way to tap into that VLAN traffic.  I.e. it's not physically present to access in any way.

"increase performance of network"

If trunk link and/or downstream device never physical "see" the excluded VLAN traffic, they never have to expend resources to process that traffic nor will that traffic contend/compete for resources.  Example of the former, receiving switch that doesn't have a need for the VLAN traffic to it, doesn't need to expend resources even dropping the undesired traffic.  Example of the latter, bandwidth on trunk link not used by excluded VLAN traffic available to other VLAN traffic.

Go to solution
israelpadilla
Level 1
Level 1
In response to Joseph W. Doherty

‎10-20-2022 07:28 AM

thank you all for the great explanation

0 Helpful

Go to solution
David Ruess
VIP
VIP

‎10-19-2022 07:31 AM

...and in addition to what the above mentioned you don't have to run spanning-tree for a VLAN that doesn't exist on that part of the network. And since STP runs on a per VLAN instance (unless you're using MST) if you limit 20 VLANs from a trunk port you effectively stop 20 spanning-tree instances from running on that part of the network (this can be coupled with increased BW). Just trying to throw figures at the statements.

 

-David

Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card