From: Pavel Bykov (slidersv@gmail.com)
Date: Thu Oct 23 2008 - 20:26:55 ARST
Actually my colleague has tested that even though it was possible on 2960 to
remove default VLAN (vl.1) off of the allowed VLAN list, VTP packets were
still encapsulated and sent over that VLAN... (native VLAN was set to
something else). So displayed config and output was quite different from
sniffed reality
On Thu, Oct 23, 2008 at 8:53 PM, Victor Cappuccio <vcappuccio@gmail.com>wrote:
> hi Shaughn,
>
> for a router on a stick configuration you can probably do the following
>
> SW2(config-if)#do show run int f0/5
> Building configuration...
>
> Current configuration : 128 bytes
> !
> interface FastEthernet0/5
> switchport trunk encapsulation isl
> switchport trunk allowed vlan none
> switchport mode trunk
> end
>
> SW2(config-if)#do show int f0/5 trunk
>
> Port Mode Encapsulation Status Native vlan
> Fa0/5 on isl trunking 1
>
> Port Vlans allowed on trunk
> Fa0/5 none
>
> Port Vlans allowed and active in management domain
> Fa0/5 none
>
> Port Vlans in spanning tree forwarding state and not pruned
> Fa0/5 none
> SW2(config-if)#
>
> or if you are not allowed to use any trunking command you can get the mac
> address of the router that is directly attached to that port
>
> create a mac access-list
>
> mac access-list extended R5
> permit host 0012.7f1e.df71 any
>
> and filter the information
>
> vlan access-map MyVlanFilter 10
> action drop
> match mac address R5
> vlan access-map MyVlanFilter 20
> action forward
> vlan filter MyVlanFilter vlan-list 1-4094
>
> just a thought
>
> Thanks,
> Victor.-
>
>
>
>
>
>
>
> On Thu, Oct 23, 2008 at 7:47 PM, Shaughn Smith <
> Shaughn.Smith@za.verizonbusiness.com> wrote:
>
> > Hi all
> >
> >
> >
> > How do you remove the default Vlan's off of a trunk link
> >
> >
> >
> > Router(config-if)#switchport trunk allowed vlan remove 1
> >
> > Command rejected: Bad VLAN allowed list. You have to include all default
> > vlans,
> >
> > e.g. 1-2,1002-1005.
> >
> >
> >
> > Router(config-if)#switchport trunk allowed vlan none
> >
> > Command rejected: Bad VLAN allowed list. You have to include all default
> > vlans,
> >
> > e.g. 1-2,1002-1005.
> >
> >
> >
> > And if in the LAB should I leave the default Vlan's running over the
> > trunk links ?
> >
> >
> > Thanks
> >
> >
> > Blogs and organic groups at http://www.ccie.net
> >
> > _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
> >
> >
> >
> >
> >
> >
> >
> >
>
>
> --
> Victor Cappuccio
> CCIE R/S# 20657
> CCSI# 30452
> www.anetworkerblog.com
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
>
>
>
>
>
>
-- Pavel Bykov ------------------------------------------------- Stop the braindumps! http://www.stopbraindumps.com/Blogs and organic groups at http://www.ccie.net
This archive was generated by hypermail 2.1.4 : Sat Nov 01 2008 - 15:35:22 ARST