From: Brian McGahan (bmcgahan@internetworkexpert.com)
Date: Sun Jul 27 2003 - 15:01:44 GMT-3
Group,
Recant that last posting I just made. After further
investigation, I have found that the 3550 does not perform as it should
when editing the allowed vlan list.
When VLAN 1 is removed off a trunk link, most Cisco switches
still run a feature known as "VLAN 1 minimization". Basically this
means that CDP and VTP updates are still sent over VLAN 1, but no user
traffic. 3550, on the other hand, does not conform to this behavior:
<quote>
CSCdz22629 Bug Details
Headline CDP / VTP updates not received when vlan1 cleared from trunk
Product 3550
Model all
Component firmware
Duplicate of CSCdz20942
Severity 2
Status Duplicate
First Found-in Version 12.1(11)EA1
First Fixed-in Version Version help
Release Notes
When vlan 1 is removed from a trunk on a 3550, we no longer see CDP
neighbours via that interface.
The desired behavior described by this bug is known as "VLAN 1
minimization". Until that feature is released on the 3550, follow the
recommendation in the documentation and do not remove VLAN 1 from trunk
ports.
</quote>
Therefore, VLAN 1 *should not* be removed from the allowed list
on a trunk link on a 3550. Design wise this is not really an issue,
since VLAN 1 should never be assigned for any user traffic, including
management traffic. Also, since pruning will automatically control what
traffic passes over the trunk, editing the allowed list is not really
required in practicality.
HTH,
Brian McGahan, CCIE #8593
bmcgahan@internetworkexpert.com
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf
Of
> Brian McGahan
> Sent: Sunday, July 27, 2003 12:41 PM
> To: 'Richard L. Pickard'; 'Ccielab@Groupstudy. Com'
> Subject: RE: only allow one VLAN across trunk on 3550
>
> Richard,
>
> Editing the allowed vlan list does not affect VTP
> advertisements. The VLANs that exist throughout the VTP domain will
> still be advertised, but actual user traffic for the VLANs can only
flow
> over the link if it is in the allowed list.
>
> HTH,
>
> Brian McGahan, CCIE #8593
> bmcgahan@internetworkexpert.com
>
>
> > -----Original Message-----
> > From: Richard L. Pickard [mailto:nettable_walker@comcast.net]
> > Sent: Saturday, July 26, 2003 5:46 PM
> > To: Brian McGahan
> > Subject: RE: only allow one VLAN across trunk on 3550
> >
> > I may not be the brightest cookie, but I have come a long way !
> > Do I need to clear anything after all is said & done?
> > It looks like the VLAN's are still passing thru the trunk.
> >
> > I will shut the interface & no shut
> >
> >
> > 3550_A#
> > 3550_A#sh run int gigabitEthernet 0/1
> > Building configuration...
> >
> > Current configuration : 155 bytes
> > !
> > interface GigabitEthernet0/1
> > switchport trunk encapsulation isl
> > switchport trunk allowed vlan 504,1002-1005
> > switchport mode trunk
> > no ip address
> > end
> >
> > 3550_A#
> > 3620__#8
> > [Resuming connection 8 to 3550_b ... ]
> >
> > 3550_B#
> > 3550_B#sh vlan brief
> >
> > VLAN Name Status Ports
> > ---- -------------------------------- ---------
> --------------------------
> > --
> > ---
> > 1 default active Fa0/3, Fa0/5, Fa0/6,
> Fa0/7
> > Fa0/8, Fa0/13,
Fa0/14,
> > Fa0/15
> > Fa0/16, Fa0/33,
> Fa0/34,
> > Fa0/35
> > Fa0/36, Fa0/37,
> Fa0/38,
> > Fa0/39
> > Fa0/40, Fa0/41,
> Fa0/42,
> > Fa0/43
> > Fa0/44, Fa0/45,
> Fa0/46,
> > Fa0/47
> > Fa0/48, Gi0/2
> > 4 R_4 active
> > 6 R_6 active
> > 10 VLAN0010 active
> > 15 VLAN0015 active
> > 20 VLAN0020 active
> > 25 VLAN0025 active
> > 30 VLAN0030 active
> > 35 VLAN0035 active
> > 40 VLAN0040 active
> > 45 VLAN0045 active
> > 50 VLAN0050 active
> > 55 VLAN0055 active
> > 60 VLAN0060 active
> >
> > VLAN Name Status Ports
> > ---- -------------------------------- ---------
> --------------------------
> > --
> > ---
> > 65 VLAN0065 active
> > 70 VLAN0070 active
> > 75 VLAN0075 active
> > 80 VLAN0080 active
> > 85 VLAN0085 active
> > 90 PDC_VLAN active Fa0/9, Fa0/10,
Fa0/11,
> > Fa0/12
> > Fa0/17, Fa0/18,
> Fa0/19,
> > Fa0/20
> > Fa0/21, Fa0/22,
> Fa0/23,
> > Fa0/24
> > Fa0/25, Fa0/26,
> Fa0/27,
> > Fa0/28
> > Fa0/29, Fa0/30,
> Fa0/31,
> > Fa0/32
> > 95 VLAN0095 active
> > 111 VLAN0111 active
> > 346 VLAN0346 active Fa0/4
> > 504 BB_2 active Fa0/2
> > 1002 fddi-default active
> > 1003 token-ring-default active
> > 1004 fddinet-default active
> > 1005 trnet-default active
> > 3550_B#
> >
> > -----Original Message-----
> > From: Brian McGahan [mailto:brian@mcgahan.com]
> > Sent: Saturday, July 26, 2003 3:26 PM
> > To: 'Richard L. Pickard'; 'Ccielab@Groupstudy. Com'
> > Subject: RE: only allow one VLAN across trunk on 3550
> >
> >
> > Richard,
> >
> > By default, all VLANs are allowed to transit a trunk link. They
> > are considered to be in the 'allowed list' for that trunk.
> >
> > Switch#sh int fa0/13 trunk | begin allowed
> > Port Vlans allowed on trunk
> > Fa0/13 1-4094
> >
> > Switch#sh int fa0/13 switchport | in Trunking VLANs Enabled
> > Trunking VLANs Enabled: ALL
> >
> > As you can see from the above output, port fa0/13 is trunking,
> > and all vlans from 1-4094 are allowed to transit it. In order to
> change
> > what is in the allowed list, use the interface command 'switchport
> trunk
> > allowed vlan'.
> >
> > Switch(config-if)#switchport trunk allowed vlan 100
> > Command rejected: Bad VLAN allowed list.
> > VLANs 1002-1005 are required.
> >
> > As you can see from this output, the 3550 requires that
> > 1002-1005 remain on the trunk link.
> >
> > Switch(config-if)#switchport trunk allowed vlan 100,1002-1005
> >
> > Switch#sh int fa0/13 switchport | in Trunking VLANs Enabled
> > Trunking VLANs Enabled: 100,1002-1005
> >
> > Switch#sh int fa0/13 trunk | begin allowed
> > Port Vlans allowed on trunk
> > Fa0/13 100,1002-1005
> >
> > Now the only VLANs that will transit this interface are 100, and
> > 1002 through 1005.
> >
> >
> > HTH,
> >
> > Brian McGahan, CCIE #8593
> > bmcgahan@internetworkexpert.com
> >
> >
> > > -----Original Message-----
> > > From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On
Behalf
> > Of
> > > Richard L. Pickard
> > > Sent: Saturday, July 26, 2003 4:18 PM
> > > To: Ccielab@Groupstudy. Com
> > > Subject: only allow one VLAN across trunk on 3550
> > >
> > > Fiesta===
> > >
> > >
> > > I am working a lab that asks you to configure ISL trunk between
two
> > 3550's
> > > &
> > > only allow VLAN 504
> > >
> > > I created the trunk & created some VLAN's (including VLAN 504) on
> the
> > VTP
> > > master.
> > >
> > > Can anyone tell me how to allow only VLAN 504 thru the trunk ?
> > >
> > >
> > >
> > > interface GigabitEthernet0/1
> > >
> > > switchport trunk encapsulation isl
> > >
> > > switchport mode trunk
> > >
> > > [GroupStudy removed an attachment of type image/jpeg which had a
> name
> > of
> > > Fiesta Bkgrd.jpg]
> > >
> > >
> > >
> >
>
This archive was generated by hypermail 2.1.4 : Wed Aug 06 2003 - 06:52:55 GMT-3