Configuring allowed VLANs

By default, all VLANs are allowed across a trunk link on a Cisco switch. We can verify that using the show interfaces trunk command:

SW1#show interfaces trunk 
Port        Mode         Encapsulation  Status        Native vlan
Fa0/1       on           802.1q         trunking      1

Port        Vlans allowed on trunk
Fa0/1       1-1005

Port        Vlans allowed and active in management domain
Fa0/1       1,5,10

Port        Vlans in spanning tree forwarding state and not pruned
Fa0/1       1,5,10

In the output above you can see that all VLANs (1 through 1005) are allowed on the trunk by default.

We can prevent traffic from certain VLANs from traversing a trunk link using the following interface mode command:

(config-if)#switchport trunk allowed vlan {add | all | except | remove} vlan-list

For example, to prevent traffic from VLAN 5 to traverse the trunk link, we would use the following command:

SW1(config)#int fa0/1
SW1(config-if)#switchport trunk allowed vlan remove 5

The same command needs to be entered on the switch on the other end of the link.

To verify that the traffic from VLAN 5 will indeed be blocked from traversing a trunked link, we can enter the show interfaces trunk command again:

SW1#show interfaces trunk 
Port        Mode         Encapsulation  Status        Native vlan
Fa0/1       on           802.1q         trunking      1

Port        Vlans allowed on trunk
Fa0/1       1-4,6-1005

Port        Vlans allowed and active in management domain
Fa0/1       1,10

Port        Vlans in spanning tree forwarding state and not pruned
Fa0/1       none

Notice how now only VLANs 1-4 and 6-1005 are allowed on trunk.

NOTE
You can use the switchport trunk allowed vlan all interface mode command to reset the switch port to its original default setting (permitting all VLANs on the trunk).

Prerequisites for 200-301

200-301 is a single exam, consisting of about 120 questions. It covers a wide range of topics, such as routing and switching, security, wireless networking, and even some programming concepts. As with other Cisco certifications, you can take it at any of the Pearson VUE certification centers.

The recommended training program that can be taken at a Cisco academy is called Implementing and Administering Cisco Solutions (CCNA). The successful completion of a training course will get you a training badge.

Full Version 200-301 Dumps

Try 200-301 Dumps Demo