From: Ash (nester2k@gmail.com)
Date: Fri Feb 23 2007 - 05:32:50 ART
Jeff,
If you only leave vlan 10 as native on the switch trunk, you wont be able to
use it as a data vlan meaning if you have a layer 3 interface for vlan 10 on
the switch, the state would be up/down. this would result in incomplete ARP
entries and packet encapsulation failures from the router end. From the
switch end, since the vlan 10 interface is not up and assuming ip routing is
enabled, the packets would be unroutable
Idea is pretty simple, if a vlan or broadcast domain has to be extended to
another switch/router, it has to be allowed on the trunk
HTH,
On 2/23/07, Jeff Mullan <jmullan78@gmail.com> wrote:
>
> Thanks folks. May be I wasnt clear in the begining but my question is
> specific to a "Router on a Stick" Scenario. Would it make sense to have
> the
> allow VLAN command on the switch which is talking to the router.
> Thanks,
> JM
>
>
> On 2/22/07, Dwi C Taniel <dc@dwichandra.info> wrote:
> >
> > Hi Lou and Jeff,
> >
> > I agree with Lou, to force certain vlan to be allowed through certain
> > trunk must be well justified as you are forcing those vlans to
> > traveverse through certain trunk ports only (and maybe not another).
> > Thus if that particular trunk that only provides path access to
> > certain switch, you are going to break the VLAN member nodes into
> > several isolated network until the trunk carrying those VLANs can go
> > back up.
> >
> > In using VTP client, yes, 64 VLANs is the 'jinx' that cought me up
> > thinking the VTP is not working in client-server mode.
> > It happen in the past when I was first introduced to VTP using Cat4k
> > and Cat6.5k (fresh from the oven at that time ;) )
> >
> > Besides, if using VTP pruning would do the job, then why bother
> > manually fine tuning the VTP settings?
> > The trade off between those two are:
> > - With manual VTP fine tuning, you really controlling the actual VLANs
> > flowing through certain VTP link. This will also reduce the switch CPU
> > utilization as it just 'forced' to pass through certain trunk for
> > certain VLANs
> > - With VTP pruning, you will have less administrative overhad (tasks)
> > since you are giving it to the switch (and it's miraculous VTP/STP
> > algorithm to put into work). But, using this method, your switch CPU
> > tend to work more than the previous option.
> >
> > If switch CPU is not much of a concern, then VTP pruning would be
> > better options.
> >
> > Happy Friday everyone! :)
> >
> > DC
> >
> > On 02/23/2007, Lou Ioanni <louisccie_r_s@yahoo.com> wrote:
> >
> > > I would say is good to use the allow statement if you know what you
> > > doing. If you using VTP server/client many switches can support 64
> > > vlans and if you do not use the allow statements and allow all vlans
> > > to go through you might experience network downtime.
> > >
> > > I had an experience where they were using the allow statement and
> > > someone just removed it and the whole network slowed down because
> > > switches could not support all vlans that went through. Especially
> > > they created another 200 vlans for NAC clean access that day too.
> > >
> > > Many get around this by using Transparent mode instead of
> > > server/client VTP mode.....especially if you have cores at L3 and no
> > > distribution L3 you should be carefull with using server/client
> > > mode...especially without allow statements.
> > >
> > > Thanks,
> > >
> > > Loizos Y.
> > > CCIE#10702 R & S
> > >
> > > Jeff Mullan <jmullan78@gmail.com> wrote:
> > > Folks,
> > > For example, if between a switch and router there are only 2 Vlans
> > active (
> > > say vlan 10,11) vlan 10 being native and switch is a trunk port , do
> > need to
> > > have the "switch port mode allowed vlan 10,11" command ? Ideally if we
> > dont
> > > have it configured then the router will drop all vlans without tags
> > 10,11
> > > but just wanted to find out from a best practice point of view ?
> Thanks
> > !!
> > >
> > >
> > > interface FastEthernet0/6
> > > switchport trunk encapsulation dot1q
> > > switchport trunk native vlan 10
> > > switchport trunk allowed vlan 10,11 <=================
> > > switchport mode trunk
> > > end
> > >
> > > SW_1#
> > >
> > >
> _______________________________________________________________________
> > > Subscription information may be found at:
> > > http://www.groupstudy.com/list/CCIELab.html
> > >
> > >
> > >
> > > ---------------------------------
> > > Expecting? Get great news right away with email Auto-Check.
> > > Try the Yahoo! Mail Beta.
> > >
> > >
> _______________________________________________________________________
> > > Subscription information may be found at:
> > > http://www.groupstudy.com/list/CCIELab.html
> > >
> >
> > ========
> > http://www.dwichandra.info
> > dc@dwichandra.info
> > --------
> > visit Transformers movie link at http://www.dwichandra.info/transformers
> > --------
> >
> > ----------------------------------------------------------------
> > This message was sent using IMP, the Internet Messaging Program.
> >
> > _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Thu Mar 01 2007 - 07:38:48 ART