Defining The Allowed Vlans On A Trunk - Cisco Catalyst 3550 series Software Configuration Manual

Chapter 12 Configuring VLANs
To return an interface to its default configuration, use the default interface interface-id interface
configuration command. To reset all trunking characteristics of a trunking interface to the defaults, use
the no switchport trunk interface configuration command. To disable trunking, use the switchport
mode access interface configuration command to configure the port as a static-access port.
This example shows how to configure the Fast Ethernet interface 0/4 as an 802.1Q trunk. The example
assumes that the neighbor interface is configured to support 802.1Q trunking.
Switch# configure terminal
Enter configuration commands, one per line.
Switch(config)# interface fastethernet0/4
Switch(config-if)# switchport mode dynamic desirable
Switch(config-if)# switchport trunk encapsulation dot1q
Switch(config-if)# end

Defining the Allowed VLANs on a Trunk

By default, a trunk port sends traffic to and receives traffic from all VLANs. All VLAN IDs, 1 to 4094,
are allowed on each trunk. However, you can remove VLANs from the allowed list, preventing traffic
from those VLANs from passing over the trunk. To restrict the traffic a trunk carries, use the switchport
trunk allowed vlan remove vlan-list interface configuration command to remove specific VLANs from
the allowed list.
To reduce the risk of spanning-tree loops or storms, you can disable VLAN 1 on any individual VLAN
trunk port by removing VLAN 1 from the allowed list. This is known as VLAN 1 minimization. VLAN 1
minimization disables VLAN 1 (the default VLAN on all Cisco switch trunk ports) on an individual
VLAN trunk link. As a result, no user traffic, including spanning-tree advertisements, is sent or received
on VLAN 1.
When you remove VLAN 1 from a trunk port, the interface continues to send and receive management
traffic, for example, Cisco Discovery Protocol (CDP), Port Aggregation Protocol (PAgP), Link
Aggregation Control Protocol (LACP), Dynamic Trunking Protocol (DTP), and VLAN Trunking
Protocol (VTP) in VLAN 1.
If a trunk port with VLAN 1 disabled is converted to a nontrunk port, it is added to the access VLAN. If
the access VLAN is set to 1, the port is added to VLAN 1, regardless of the switchport trunk allowed
setting. The same is true for any VLAN that has been disabled on the port.
A trunk port can become a member of a VLAN if the VLAN is enabled, if VTP knows of the VLAN,
and if the VLAN is in the allowed list for the port. When VTP detects a newly enabled VLAN and the
VLAN is in the allowed list for a trunk port, the trunk port automatically becomes a member of the
enabled VLAN. When VTP detects a new VLAN and the VLAN is not in the allowed list for a trunk
port, the trunk port does not become a member of the new VLAN.
Beginning in privileged EXEC mode, follow these steps to modify the allowed list of an ISL
or 802.1Q trunk:
Command
Step 1
configure terminal
Step 2
interface interface-id
Step 3 switchport mode trunk
78-11194-09
End with CNTL/Z.
Purpose
Enter global configuration mode.
Enter interface configuration mode and the port to be configured.
Configure the interface as a VLAN trunk port.
Catalyst 3550 Multilayer Switch Software Configuration Guide
Configuring VLAN Trunks
12-21