[c-nsp] 8021q trunk VLAN allowed list inbound and outbound behavior
null zeroroute
nullzero.route at gmail.com
Wed Sep 21 11:48:12 EDT 2011
I have an 8021q trunk link that permits 3 out of 20 VLAN's. The trunk port
permits VLAN ID's 2,3,4, and uses native VLAN 25. The VLAN ID's in the
local VTP domain are 5-25. There are no other VLAN's in the switched domain
at the location in question. There are no other switchports in VLAN 25.
The trunk port is connected to a WAN service provider layer2 device, which
is connected to a VPLS service.
If the service provider sends a frame onto the trunk port tagged with VLAN
ID 50, will my trunk port accept the frame and forward it "somewhere" or
will it drop the frame?
Note that VLAN 50 does not exist at the location in question, there are no
ports in that VLAN.
So the question I have is... How does the "switchport trunk allowed vlan"
command affect forwarding from an inbound perspective?
If "switchport trunk allowed vlan" doesn't prevent a VLAN tagged frame from
being accepted into a network, is there any way to prevent a VLAN tagged
frame from entering your network that shouldn't be?
The reason I ask is because I have a situation where the trunkport is
accepting the frame that I assume it shouldn't, forwarding into my network,
and a loop ensues. That loop is a differnet issue all together I think. My
main question is about the behavior of "switchport trunk allowed vlan" as it
relates to inbound and outbound forwarding. I have no idea why VLAN's
tagged with VLAN 50 are entering my network and getting forwarded around. I
know those frames are entering my network at this location because I see the
8021q header in wireshark.
Thanks,
--NZR
More information about the cisco-nsp
mailing list