Re: Trunk Between Switch & Router

From: Jeff Mullan (jmullan78@gmail.com)
Date: Fri Feb 23 2007 - 16:39:18 ART

• Next message: dusty: "script to check lab date"
• Previous message: Brian McGahan: "RE: classification Marking"
• Maybe in reply to: Jeff Mullan: "Trunk Between Switch & Router"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Darrin,
Thanks for the answer !! This is what I was looking for :)
Have a nice weekend.
Thanks,
JM

On 2/23/07, Darrin K. Pierce <darrin@dkpierce.com> wrote:
>
> I think he is referring to the efficiencies to be gained by only allowing
> the specific interfaces configured for VLAN A and VLAN B on the router to
> be
> allowed on the switch.
>
> As for a best practice point of view, I would tend to only allow the
> configured VLANs to traverse the trunk from the switch to the router.
> - Unless I knew it was going to be a fairly dynamic add / subtract on the
> router!
>
> As for an exam scenario, I wouldn't do it unless they explicitly asked for
> it.
>
> Darrin
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
> Ash
> Sent: Friday, February 23, 2007 3:33 AM
> To: Jeff Mullan
> Cc: Dwi C Taniel; ccielab@groupstudy.com
> Subject: Re: Trunk Between Switch & Router
>
> Jeff,
>
> If you only leave vlan 10 as native on the switch trunk, you wont be able
> to
> use it as a data vlan meaning if you have a layer 3 interface for vlan 10
> on
> the switch, the state would be up/down. this would result in incomplete
> ARP
> entries and packet encapsulation failures from the router end. From the
> switch end, since the vlan 10 interface is not up and assuming ip routing
> is
> enabled, the packets would be unroutable
>
> Idea is pretty simple, if a vlan or broadcast domain has to be extended to
> another switch/router, it has to be allowed on the trunk
>
> HTH,
>
>
>
> On 2/23/07, Jeff Mullan <jmullan78@gmail.com> wrote:
> >
> > Thanks folks. May be I wasnt clear in the begining but my question is
> > specific to a "Router on a Stick" Scenario. Would it make sense to have
> > the
> > allow VLAN command on the switch which is talking to the router.
> > Thanks,
> > JM
> >
> >
> > On 2/22/07, Dwi C Taniel <dc@dwichandra.info> wrote:
> > >
> > > Hi Lou and Jeff,
> > >
> > > I agree with Lou, to force certain vlan to be allowed through certain
> > > trunk must be well justified as you are forcing those vlans to
> > > traveverse through certain trunk ports only (and maybe not another).
> > > Thus if that particular trunk that only provides path access to
> > > certain switch, you are going to break the VLAN member nodes into
> > > several isolated network until the trunk carrying those VLANs can go
> > > back up.
> > >
> > > In using VTP client, yes, 64 VLANs is the 'jinx' that cought me up
> > > thinking the VTP is not working in client-server mode.
> > > It happen in the past when I was first introduced to VTP using Cat4k
> > > and Cat6.5k (fresh from the oven at that time ;) )
> > >
> > > Besides, if using VTP pruning would do the job, then why bother
> > > manually fine tuning the VTP settings?
> > > The trade off between those two are:
> > > - With manual VTP fine tuning, you really controlling the actual VLANs
> > > flowing through certain VTP link. This will also reduce the switch CPU
> > > utilization as it just 'forced' to pass through certain trunk for
> > > certain VLANs
> > > - With VTP pruning, you will have less administrative overhad (tasks)
> > > since you are giving it to the switch (and it's miraculous VTP/STP
> > > algorithm to put into work). But, using this method, your switch CPU
> > > tend to work more than the previous option.
> > >
> > > If switch CPU is not much of a concern, then VTP pruning would be
> > > better options.
> > >
> > > Happy Friday everyone! :)
> > >
> > > DC
> > >
> > > On 02/23/2007, Lou Ioanni <louisccie_r_s@yahoo.com> wrote:
> > >
> > > > I would say is good to use the allow statement if you know what you
> > > > doing. If you using VTP server/client many switches can support 64
> > > > vlans and if you do not use the allow statements and allow all vlans
> > > > to go through you might experience network downtime.
> > > >
> > > > I had an experience where they were using the allow statement and
> > > > someone just removed it and the whole network slowed down because
> > > > switches could not support all vlans that went through. Especially
> > > > they created another 200 vlans for NAC clean access that day too.
> > > >
> > > > Many get around this by using Transparent mode instead of
> > > > server/client VTP mode.....especially if you have cores at L3 and no
> > > > distribution L3 you should be carefull with using server/client
> > > > mode...especially without allow statements.
> > > >
> > > > Thanks,
> > > >
> > > > Loizos Y.
> > > > CCIE#10702 R & S
> > > >
> > > > Jeff Mullan <jmullan78@gmail.com> wrote:
> > > > Folks,
> > > > For example, if between a switch and router there are only 2 Vlans
> > > active (
> > > > say vlan 10,11) vlan 10 being native and switch is a trunk port , do
> > > need to
> > > > have the "switch port mode allowed vlan 10,11" command ? Ideally if
> we
> > > dont
> > > > have it configured then the router will drop all vlans without tags
> > > 10,11
> > > > but just wanted to find out from a best practice point of view ?
> > Thanks
> > > !!
> > > >
> > > >
> > > > interface FastEthernet0/6
> > > > switchport trunk encapsulation dot1q
> > > > switchport trunk native vlan 10
> > > > switchport trunk allowed vlan 10,11 <=================
> > > > switchport mode trunk
> > > > end
> > > >
> > > > SW_1#
> > > >
> > > >
> > _______________________________________________________________________
> > > > Subscription information may be found at:
> > > > http://www.groupstudy.com/list/CCIELab.html
> > > >
> > > >
> > > >
> > > > ---------------------------------
> > > > Expecting? Get great news right away with email Auto-Check.
> > > > Try the Yahoo! Mail Beta.
> > > >
> > > >
> > _______________________________________________________________________
> > > > Subscription information may be found at:
> > > > http://www.groupstudy.com/list/CCIELab.html
> > > >
> > >
> > > ========
> > > http://www.dwichandra.info
> > > dc@dwichandra.info
> > > --------
> > > visit Transformers movie link at
> http://www.dwichandra.info/transformers
> > > --------
> > >
> > > ----------------------------------------------------------------
> > > This message was sent using IMP, the Internet Messaging Program.
> > >
> > >
> _______________________________________________________________________
> > > Subscription information may be found at:
> > > http://www.groupstudy.com/list/CCIELab.html
> >
> > _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

• Next message: dusty: "script to check lab date"
• Previous message: Brian McGahan: "RE: classification Marking"
• Maybe in reply to: Jeff Mullan: "Trunk Between Switch & Router"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Mar 01 2007 - 07:38:48 ART