Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Block one VLAN on trunk 2

Status
Not open for further replies.
gmail2

gmail2

Programmer
Jun 15, 2005
987
IE
Hi All

We have a two-port etherchannel linking a 2960 to a 3750. The etherchannel carries uplink traffic for all vlank's on the 2960. Now we would like to create a new VLAN (89) on the 2960, but we don't want to use the etherchannel to uplink the traffic to the 3750. Instead, we will have a dedicated port connected to another router.

The etherchannel is not configured to carry specific VLAN traffic, it simply carries traffic or all VLAN's. We would like to keep the etherchannel this way rather than statically assigning VLAN ID's for it to carry. But we do still want to block VLAN 89 traffic from getting onto this uplink.

It looks like we just need to put "switchport trunk prunning 89" on the etherchannel interface; but I've read in some places that this is desgned to "temporarially" block the traffic during the time a remote VLAN is unavailable. Is this correct ? Would this not be suitable in this scenario ? Or is this what it's designed for ?

I've also read that we could configure access lists, but I'd rather solve this at layer 2 rather than looking to layer 3.

Can anybody confirm/deny if the command above would help us out ?

Thanks in advance

Irish Poetry - Karen O'Connor
Irish Poetry and Short Stories - Doghouse Books
Garten und Landschaftsbau
 
Sort by date Sort by votes
you can premit all vlans except 89

C3550(config-if)#switchport trunk allowed vlan ?
WORD VLAN IDs of the allowed VLANs when this port is in trunking mode
add add VLANs to the current list
all all VLANs
except all VLANs except the following
none no VLANs
remove remove VLANs from the current list

so if you do a all then a except 89 it should do it .

ie:
switchport trunk allowed vlan all
switchport trunk allowed vlan except 89

you get:
#sh run interface fa0/24
interface FastEthernet0/24
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1-88,90-4094
switchport mode trunk
priority-queue out
end



We must go always forward, not backward
always up, not down and always twirling twirling towards infinity.
 
Upvote 0 Downvote
Thanks for the reply, but we'd rather not do this if possible as it's one more thing to remember to do next time we add a VLAN when we DO want to carry that traffic over the trunk. This setup is a "one-off" so any more VLAN's that get added in the future would have their uplink over the etherchannel. So we'd rather take te path of blocking this one VLAN rather than changing the etherchannel every time we add a new VLAN

Any ideas ??

Irish Poetry - Karen O'Connor
Irish Poetry and Short Stories - Doghouse Books
Garten und Landschaftsbau
 
Upvote 0 Downvote
this ONLY blocks vlan 89 ... allows the rest through (present, and future)...
so my switch only can handle 4094 max vlans[hence the 90-4094) .



We must go always forward, not backward
always up, not down and always twirling twirling towards infinity.
 
Upvote 0 Downvote
This is how a trunk port is configured for etherchannel and specifying the allowed VLANs:

!
interface GigabitEthernet2/7/15
switchport
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1-88,90-100
switchport mode trunk
channel-group 33 mode on
!
 
Upvote 0 Downvote
Never heard of "allowed vlan except", but if it works, it sounds good.

Personally, I only apply VLANs to a trunk where the network design actually requires the VLAN to be carried on the trunk, so my trunks tend to be more specific, eg:
sw tr allow vlan 10,20-22.
 
Upvote 0 Downvote
I've got to be honest, I never heard of it either ... but I'm not expert :eek:) It was just when I noticed it in the output that imbaatthis posted that I thought I'd try it out. Seems to be a valid command on the IOS version on our switch so I'll go with that

Having just google "switchport trunk allow vlan except vs pruning" I realise that pruning only blocks certain traffic (non-unicast) from what I can see:


Irish Poetry - Karen O'Connor
Irish Poetry and Short Stories - Doghouse Books
Garten und Landschaftsbau
 
Upvote 0 Downvote
Although I sometimes have referred to the "sw tr allow vlan X" as "pruning", it isn't.

"Pruning" is where you prevent VTP updates from crossing a link, and seeing as almost everybody has given up on VTP, it isn't something you would normally use.
 
Upvote 0 Downvote
If you are already allowing all vlans just use "switchport trunk allow vlan remove 89" , this takes 89 off the allowed list .
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

testman1
  • Locked
  • Question
SIP telephone ring on second call
Replies
0
Views
114
testman1
testman1
stanlyn
  • Locked
  • Question
HowTo Install Multiple PAP2T ATA Devices on Same Lan
Replies
3
Views
172
iggsterman
iggsterman
cheikhdtn
  • Locked
  • Question
VLAN
Replies
3
Views
85
iggsterman
iggsterman
bfordz
  • Locked
  • Question
new help on setting up third party VoIP phones through Catalyst 2960x switch
Replies
0
Views
103
bfordz
bfordz
serge9
  • Locked
  • Question
Cisco GUI on cme stop working
Replies
2
Views
138
serge9
serge9

Part and Inventory Search

Sponsor

Back
Top