From: Scott Morris (smorris@internetworkexpert.com)
Date: Sun Aug 31 2008 - 10:24:06 ART
Correct, the traffic will not flow... (Spanning tree loses the VLAN)
I read the question about whether it would kill the whole trunk or not,
which the answer is no. Sorry for the mis-read there! Clearly need more
caffeine!
You are correct that data flow will indeed stop whether it is a tagged VLAN
or not. So if you have traffic on VLAN 1 (or whatever your native vlan is)
do not remove it from your "trunk allowed" list, or bad things happen.
;)
HTH,
Scott
-----Original Message-----
From: Huan Pham [mailto:pnhuan@yahoo.com]
Sent: Sunday, August 31, 2008 12:06 AM
To: 'gui-doo laduchesse'; ccielab@groupstudy.com; Scott Morris
Subject: RE: CCIE exam trunk allowed?
Laduchesse,
If you do not use VLAN1, then it is safe to exclude it from your ALLOW VLAN
list.
> If VLAN 1 is your native vlan, then it really doesn't matter whether
> you stick it in the list or not 'cause it's not tagged!
Scott,
Not sure if I read it correctly. Did you mean that we wont be able to block
traffic for native VLAN? The info on the doc is not clear, and your statment
above (based on your interpretation of the Doc info) may be inaccurate.
If you do use VLAN1, then even if it is native, you can still block its data
traffic from traversing the trunk interface. You wont be able to block the
control traffic though (which uses VLAN1).
Rack1SW2#sh int trunk
Port Mode Encapsulation Status Native vlan
Fa0/13 desirable 802.1q trunking 1
Fa0/14 desirable 802.1q trunking 1
Port Vlans allowed on trunk
Fa0/13 2-1000
Fa0/14 2-1000
Port Vlans allowed and active in management domain
Fa0/13 2,5,7-10,22,43,58,67,79,146
Fa0/14 2,5,7-10,22,43,58,67,79,146
Port Vlans in spanning tree forwarding state and not pruned
Fa0/13 2,8,58
Fa0/14 2,8,58
Rack1SW2#show run
interface FastEthernet0/13
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 2-1000
switchport mode dynamic desirable
!
interface FastEthernet0/14
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 2-1000
switchport mode dynamic desirable
Rack1SW2#sh span vlan 1
Spanning tree instance(s) for vlan 1 does not exist.
Rack1SW2#sh ip int brief | in Vlan1
Vlan1 12.0.0.2 YES manual up down
Rack1SW2#ping 12.0.0.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 12.0.0.1, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
Rack1SW2#c
Enter configuration commands, one per line. End with CNTL/Z.
Rack1SW2(config)#int range fa0/13-14
Rack1SW2(config-if-range)#
Rack1SW2(config-if-range)# switchport trunk allowed vlan 1-1000
Rack1SW2(config-if-range)# Rack1SW2# *Mar 1 00:32:40.476: %SYS-5-CONFIG_I:
Configured from console by console Rack1SW2# *Mar 1 00:33:09.895:
%LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan1, changed state to up
Rack1SW2#sh spanning vlan 1
VLAN0001
Spanning tree enabled protocol ieee
Root ID Priority 32769
Address 0014.a86b.df00
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32769 (priority 32768 sys-id-ext 1)
Address 0014.a86b.df00
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 15
Interface Role Sts Cost Prio.Nbr Type
------------------- ---- --- --------- --------
--------------------------------
Fa0/13 Desg FWD 19 128.15 P2p
Fa0/14 Desg FWD 19 128.16 P2p
Rack1SW2#ping 12.0.0.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 12.0.0.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/3/8 ms
--- On Sun, 8/31/08, Scott Morris <smorris@internetworkexpert.com> wrote:
> From: Scott Morris <smorris@internetworkexpert.com>
> Subject: RE: CCIE exam trunk allowed?
> To: "'gui-doo laduchesse'" <gui_doo@hotmail.com>,
> ccielab@groupstudy.com
> Date: Sunday, August 31, 2008, 11:20 AM Per Docs:
>
> "Set the list of allowed VLANs that can receive and send traffic on
> this interface in tagged format when in trunking mode. See the
> following vlan-list format. The none keyword is not valid. The default
> is all. "
>
> If VLAN 1 is your native vlan, then it really doesn't matter whether
> you stick it in the list or not 'cause it's not tagged!
>
> HTH,
>
>
> Scott Morris, CCIE4 #4713, JNCIE-M #153, JNCIS-ER, CISSP, et al.
> CCSI/JNCI-M/JNCI-ER
> Senior CCIE Instructor
>
> smorris@internetworkexpert.com
>
>
>
> Internetwork Expert, Inc.
> http://www.InternetworkExpert.com
> Toll Free: 877-224-8987
> Outside US: 775-826-4344
> Online Community: We're not allowed to tell you where it is (on GS),
> but it's easy to find!
> CCIE Blog: All the fun stuff, and free information!
>
> Knowledge is power.
> Power corrupts.
> Study hard and be Eeeeviiiil......
>
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf
> Of gui-doo laduchesse
> Sent: Saturday, August 30, 2008 2:05 PM
> To: ccielab@groupstudy.com
> Subject: CCIE exam trunk allowed?
>
> Hi group,
>
> I would like to have your opinion about a thing. My exam is next
> week... If they ask only allowed vlan use in my topologie... Do I
> include the 1 or not?
>
> Thanks
>
> _________________________________________________________________
> If you like crossword puzzles, then you'll love Flexicon, a game which
> combines four overlapping crossword puzzles into one!
> http://g.msn.ca/ca55/208
>
>
> Blogs and organic groups at http://www.ccie.net
>
> ______________________________________________________________________
> _ Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
> Blogs and organic groups at http://www.ccie.net
>
> ______________________________________________________________________
> _ Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
Blogs and organic groups at http://www.ccie.net
This archive was generated by hypermail 2.1.4 : Mon Sep 01 2008 - 08:15:33 ART