From: Brian McGahan (bmcgahan@internetworkexpert.com)
Date: Sun Jul 27 2003 - 22:37:51 GMT-3
Shahid,
VTP advertisements are always carried in VLAN 1, regardless of
whether it is the native vlan or not.
Brian McGahan, CCIE #8593
bmcgahan@internetworkexpert.com
> -----Original Message-----
> From: Shafi, Shahid [mailto:sshafi@qualcomm.com]
> Sent: Sunday, July 27, 2003 7:16 PM
> To: Brian McGahan; Richard L. Pickard; Ccielab@Groupstudy. Com
> Subject: RE: CSCdz22629 Bug Details was RE: only allow one VLAN across
> trunk on 3550
>
> If I am understanding you correctly Brian, even if VLAN 1 is removed
> from allowed list, most switches DO use VLAN1 for VTP and CDP traffic
> right? (VLAN 1 minimization).
>
> So it looks like CAT 3550 is basically using VLAN 1 for CDP and VTP
but
> if VLAN1 is removed from the allowed list than no CDP/VTP updates are
> received. When you change ur native vlan to something other than vlan
1
> isnt that vlan is used for VTP and CDP advertisements?
>
> Thanks,
> Shahid
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf
Of
> Brian McGahan
> Sent: Sunday, July 27, 2003 11:02 AM
> To: 'Brian McGahan'; 'Richard L. Pickard'; 'Ccielab@Groupstudy. Com'
> Subject: CSCdz22629 Bug Details was RE: only allow one VLAN across
trunk
> on 3550
>
>
> Group,
>
> Recant that last posting I just made. After further
> investigation, I have found that the 3550 does not perform as it
should
> when editing the allowed vlan list.
>
> When VLAN 1 is removed off a trunk link, most Cisco switches
> still run a feature known as "VLAN 1 minimization". Basically this
> means that CDP and VTP updates are still sent over VLAN 1, but no user
> traffic. 3550, on the other hand, does not conform to this behavior:
>
> <quote>
>
> CSCdz22629 Bug Details
>
>
> Headline CDP / VTP updates not received when vlan1 cleared from trunk
> Product 3550
> Model all
> Component firmware
> Duplicate of CSCdz20942
> Severity 2
> Status Duplicate
> First Found-in Version 12.1(11)EA1
> First Fixed-in Version Version help
>
> Release Notes
>
> When vlan 1 is removed from a trunk on a 3550, we no longer see CDP
> neighbours via that interface.
>
> The desired behavior described by this bug is known as "VLAN 1
> minimization". Until that feature is released on the 3550, follow the
> recommendation in the documentation and do not remove VLAN 1 from
trunk
> ports.
>
> </quote>
>
>
> Therefore, VLAN 1 *should not* be removed from the allowed list
> on a trunk link on a 3550. Design wise this is not really an issue,
> since VLAN 1 should never be assigned for any user traffic, including
> management traffic. Also, since pruning will automatically control
what
> traffic passes over the trunk, editing the allowed list is not really
> required in practicality.
>
>
> HTH,
>
> Brian McGahan, CCIE #8593
> bmcgahan@internetworkexpert.com
>
>
> > -----Original Message-----
> > From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf
> Of
> > Brian McGahan
> > Sent: Sunday, July 27, 2003 12:41 PM
> > To: 'Richard L. Pickard'; 'Ccielab@Groupstudy. Com'
> > Subject: RE: only allow one VLAN across trunk on 3550
> >
> > Richard,
> >
> > Editing the allowed vlan list does not affect VTP
> advertisements.
> > The VLANs that exist throughout the VTP domain will still be
> > advertised, but actual user traffic for the VLANs can only
> flow
> > over the link if it is in the allowed list.
> >
> > HTH,
> >
> > Brian McGahan, CCIE #8593
> > bmcgahan@internetworkexpert.com
> >
> >
> > > -----Original Message-----
> > > From: Richard L. Pickard [mailto:nettable_walker@comcast.net]
> > > Sent: Saturday, July 26, 2003 5:46 PM
> > > To: Brian McGahan
> > > Subject: RE: only allow one VLAN across trunk on 3550
> > >
> > > I may not be the brightest cookie, but I have come a long way ! Do
I
>
> > > need to clear anything after all is said & done? It looks like the
> > > VLAN's are still passing thru the trunk.
> > >
> > > I will shut the interface & no shut
> > >
> > >
> > > 3550_A#
> > > 3550_A#sh run int gigabitEthernet 0/1
> > > Building configuration...
> > >
> > > Current configuration : 155 bytes
> > > !
> > > interface GigabitEthernet0/1
> > > switchport trunk encapsulation isl
> > > switchport trunk allowed vlan 504,1002-1005
> > > switchport mode trunk
> > > no ip address
> > > end
> > >
> > > 3550_A#
> > > 3620__#8
> > > [Resuming connection 8 to 3550_b ... ]
> > >
> > > 3550_B#
> > > 3550_B#sh vlan brief
> > >
> > > VLAN Name Status Ports
> > > ---- -------------------------------- ---------
> > --------------------------
> > > --
> > > ---
> > > 1 default active Fa0/3, Fa0/5,
Fa0/6,
> > Fa0/7
> > > Fa0/8, Fa0/13,
> Fa0/14,
> > > Fa0/15
> > > Fa0/16, Fa0/33,
> > Fa0/34,
> > > Fa0/35
> > > Fa0/36, Fa0/37,
> > Fa0/38,
> > > Fa0/39
> > > Fa0/40, Fa0/41,
> > Fa0/42,
> > > Fa0/43
> > > Fa0/44, Fa0/45,
> > Fa0/46,
> > > Fa0/47
> > > Fa0/48, Gi0/2
> > > 4 R_4 active
> > > 6 R_6 active
> > > 10 VLAN0010 active
> > > 15 VLAN0015 active
> > > 20 VLAN0020 active
> > > 25 VLAN0025 active
> > > 30 VLAN0030 active
> > > 35 VLAN0035 active
> > > 40 VLAN0040 active
> > > 45 VLAN0045 active
> > > 50 VLAN0050 active
> > > 55 VLAN0055 active
> > > 60 VLAN0060 active
> > >
> > > VLAN Name Status Ports
> > > ---- -------------------------------- ---------
> > --------------------------
> > > --
> > > ---
> > > 65 VLAN0065 active
> > > 70 VLAN0070 active
> > > 75 VLAN0075 active
> > > 80 VLAN0080 active
> > > 85 VLAN0085 active
> > > 90 PDC_VLAN active Fa0/9, Fa0/10,
> Fa0/11,
> > > Fa0/12
> > > Fa0/17, Fa0/18,
> > Fa0/19,
> > > Fa0/20
> > > Fa0/21, Fa0/22,
> > Fa0/23,
> > > Fa0/24
> > > Fa0/25, Fa0/26,
> > Fa0/27,
> > > Fa0/28
> > > Fa0/29, Fa0/30,
> > Fa0/31,
> > > Fa0/32
> > > 95 VLAN0095 active
> > > 111 VLAN0111 active
> > > 346 VLAN0346 active Fa0/4
> > > 504 BB_2 active Fa0/2
> > > 1002 fddi-default active
> > > 1003 token-ring-default active
> > > 1004 fddinet-default active
> > > 1005 trnet-default active
> > > 3550_B#
> > >
> > > -----Original Message-----
> > > From: Brian McGahan [mailto:brian@mcgahan.com]
> > > Sent: Saturday, July 26, 2003 3:26 PM
> > > To: 'Richard L. Pickard'; 'Ccielab@Groupstudy. Com'
> > > Subject: RE: only allow one VLAN across trunk on 3550
> > >
> > >
> > > Richard,
> > >
> > > By default, all VLANs are allowed to transit a trunk link. They
>
> > > are considered to be in the 'allowed list' for that trunk.
> > >
> > > Switch#sh int fa0/13 trunk | begin allowed
> > > Port Vlans allowed on trunk
> > > Fa0/13 1-4094
> > >
> > > Switch#sh int fa0/13 switchport | in Trunking VLANs Enabled
Trunking
>
> > > VLANs Enabled: ALL
> > >
> > > As you can see from the above output, port fa0/13 is trunking,
> and
> > > all vlans from 1-4094 are allowed to transit it. In order to
> > change
> > > what is in the allowed list, use the interface command 'switchport
> > trunk
> > > allowed vlan'.
> > >
> > > Switch(config-if)#switchport trunk allowed vlan 100
> > > Command rejected: Bad VLAN allowed list.
> > > VLANs 1002-1005 are required.
> > >
> > > As you can see from this output, the 3550 requires that
> 1002-1005
> > > remain on the trunk link.
> > >
> > > Switch(config-if)#switchport trunk allowed vlan 100,1002-1005
> > >
> > > Switch#sh int fa0/13 switchport | in Trunking VLANs Enabled
Trunking
>
> > > VLANs Enabled: 100,1002-1005
> > >
> > > Switch#sh int fa0/13 trunk | begin allowed
> > > Port Vlans allowed on trunk
> > > Fa0/13 100,1002-1005
> > >
> > > Now the only VLANs that will transit this interface are 100, and
>
> > > 1002 through 1005.
> > >
> > >
> > > HTH,
> > >
> > > Brian McGahan, CCIE #8593
> > > bmcgahan@internetworkexpert.com
> > >
> > >
> > > > -----Original Message-----
> > > > From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On
> Behalf
> > > Of
> > > > Richard L. Pickard
> > > > Sent: Saturday, July 26, 2003 4:18 PM
> > > > To: Ccielab@Groupstudy. Com
> > > > Subject: only allow one VLAN across trunk on 3550
> > > >
> > > > Fiesta===
> > > >
> > > >
> > > > I am working a lab that asks you to configure ISL trunk between
> two
> > > 3550's
> > > > &
> > > > only allow VLAN 504
> > > >
> > > > I created the trunk & created some VLAN's (including VLAN 504)
on
> > the
> > > VTP
> > > > master.
> > > >
> > > > Can anyone tell me how to allow only VLAN 504 thru the trunk ?
> > > >
> > > >
> > > >
> > > > interface GigabitEthernet0/1
> > > >
> > > > switchport trunk encapsulation isl
> > > >
> > > > switchport mode trunk
> > > >
> > > > [GroupStudy removed an attachment of type image/jpeg which had a
> > name
> > > of
> > > > Fiesta Bkgrd.jpg]
> > > >
> > > >
> > > >
> > >
> >
>
This archive was generated by hypermail 2.1.4 : Wed Aug 06 2003 - 06:52:55 GMT-3