Defining the Allowed VLANs on a Trunk
As I’ve mentioned, trunk ports send and receive information from all VLANs by default, and
if a frame is untagged, it’s sent to the management VLAN. This applies to the extended range
VLANs as well.
But you can remove VLANs from the allowed list to prevent traffic from certain VLANs
from traversing a trunked link. Table 6.7 lists the command for how you’d do that:
TABLE 6 . 7 Removing VLANs from Traversing a Trunk
Command Meaning
switchport trunk allowed Allows the configuration of a specific list of VLANs to be carried
over a trunk link
Here is an example of using the command:
S1#config t
S1(config)#int f0/1
S1(config-if)#switchport trunk allowed vlan ?
WORD VLAN IDs of the allowed VLANs when this port is in
trunking mode
add add VLANs to the current list
all all VLANs
except all VLANs except the following
none no VLANs
remove remove VLANs from the current list
S1(config-if)#switchport trunk allowed vlan remove ?
WORD VLAN IDs of disallowed VLANS when this port is in trunking mode
S1(config-if)#switchport trunk allowed vlan remove 4
The previous command stopped the trunk link configured on S1 port f0/1, causing it to
drop all traffic sent and received for VLAN 4.