VTP, Portfast, Spanning Tree and all the other switch related stuff.
Post by systemlordanubis » Wed Jul 13, 2011 2:37 pm

We have several 2950 switches which we are setting up to deploy in our network. Our network also has a high number of configured VLAN's (to separate franchisee locations) and these need to be passed across the switch trunks.

The problem is that each switch seems to need the VLAN to be configured in it's vlan database before MST will allow forwarding across a trunk. This would be an administrative nightmare!

How can I enable forwarding of all known and unknown VLAN's across trunks?


Re: How to enable all vlan's to be forwarded across all trun

Post by kyledotroberts » Sat Aug 20, 2011 1:40 am

Not really sure you'd be able to allow all known and unknown VLAN's to be part of spanning tree, if the traffic is spanning multiple switches you don't want it to accidentally create a loop and begin a broadcast storm.

There is the allowed list command (switchport trunk allowed vlan) but that is instead to help limit broadcast traffic and spanning tree traffic to switches that don't have hosts within certain VLANs

You could of course use VTP to quickly configure and manage VLAN's across your switches but generally it isn't recommended as mistakes can be very dangerous and it can be a security concern if someone is able to introduce a new switch/take control of an existing switch and delete all VLAN's.

But if you're trying to send traffic within a VLAN across a switch that doesn't know of the VLAN then I don't believe MST can include it within it's spanning tree domain, as such it'll not forward the traffic over trunks as spanning tree isn't enabled technically for said VLAN and the switch doesn't know of other interfaces on which to forward frames out of if you get my meaning.

Re: How to enable all vlan's to be forwarded across all trun

Post by gangaskan » Mon Apr 16, 2012 8:00 am

the best way to tackle this is using VTP, however, its best to do that on all switches, but i dont think you "need" to do it on all your remote locations as well.

for security reasons its best not to trunk all vlans 8-) prune what you need or dont need, etc.

