Cisco native port has to be included in allowed vlans of trunkTrunk port wont accept the Printer vlanWhy is...
Why can't the Brexit deadlock in the UK parliament be solved with a plurality vote?
15% tax on $7.5k earnings. Is that right?
A Trivial Diagnosis
Why is the "ls" command showing permissions of files in a FAT32 partition?
When were female captains banned from Starfleet?
How do you make your own symbol when Detexify fails?
Does an advisor owe his/her student anything? Will an advisor keep a PhD student only out of pity?
Has any country ever had 2 former presidents in jail simultaneously?
How to draw a matrix with arrows in limited space
What is the highest possible scrabble score for placing a single tile
How to preserve electronics (computers, iPads and phones) for hundreds of years
Are Captain Marvel's powers affected by Thanos breaking the Tesseract and claiming the stone?
Can I say "fingers" when referring to toes?
How to convince somebody that he is fit for something else, but not this job?
Has the laser at Magurele, Romania reached a tenth of the Sun's power?
Does the Linux kernel need a file system to run?
Delete multiple columns using awk or sed
Microchip documentation does not label CAN buss pins on micro controller pinout diagram
Creating two special characters
What kind of floor tile is this?
Why do ¬, ∀ and ∃ have the same precedence?
Why should universal income be universal?
What to do when eye contact makes your coworker uncomfortable?
Make a Bowl of Alphabet Soup
Cisco native port has to be included in allowed vlans of trunk
Trunk port wont accept the Printer vlanWhy is my Nexus 5548UP not adding ARP entries for the trunk to a 2960S?Understanding Native VLANsVlan Tagging at Access Port in SwitchVLAN trunking between Juniper EX -> Cisco Catalyst -> and Cisco RouterConfiguring trunk interface in Cisco 3750 switch to allow multiple Vlans connected with Ubuntu servers having a single NIC (sub-interfaced)ESXI 5.1 - Unable to trunk to cisco switchVLAN not working in trunk between SonicWALL and CiscoIs there any way to configure a vlan interface on linux to only receive the untagged frames?Cisco IOS Switch Native VLAN
I have wireless access points that have a single ethernet interface.
On this interface it has a management IP address (untagged), and can create multiple SSIDs each of which can be bridged on to its own VLAN.
As i understand, this is a form of hybrid port with untagged native VLAN and tagged frames.
I have setup the Cisco Catalyst switch with the below for my 4 APs (VLAN 15 connects to the untagged management interface of the APs, VLAN 30 is private and VLAN 300 is guest):
interface range GigabitEthernet1/0/1-4
switchport trunk native vlan 15
switchport trunk allowed vlan 30,15,300
switchport mode trunk
spanning-tree portfast
spanning-tree bpduguard enable
!
The APs can send tagged frames OK and these seem to be forwarded correctly.
However I have found to be able to communicate on the management interface I must include the management VLAN in the allowed vlan list, any reason behind this?
The reason i ask i saw other configs in forums is they did not include the native VLAN in the list of allowed VLANs, i saw in a couple of places and wanted to check if a typo.
Thanks in advance.
cisco vlan cisco-catalyst
asked Nov 29 '17 at 21:30
g18cg18c
20352869
add a comment |
I have wireless access points that have a single ethernet interface.
On this interface it has a management IP address (untagged), and can create multiple SSIDs each of which can be bridged on to its own VLAN.
As i understand, this is a form of hybrid port with untagged native VLAN and tagged frames.
I have setup the Cisco Catalyst switch with the below for my 4 APs (VLAN 15 connects to the untagged management interface of the APs, VLAN 30 is private and VLAN 300 is guest):
interface range GigabitEthernet1/0/1-4
switchport trunk native vlan 15
switchport trunk allowed vlan 30,15,300
switchport mode trunk
spanning-tree portfast
spanning-tree bpduguard enable
!
The APs can send tagged frames OK and these seem to be forwarded correctly.
However I have found to be able to communicate on the management interface I must include the management VLAN in the allowed vlan list, any reason behind this?
The reason i ask i saw other configs in forums is they did not include the native VLAN in the list of allowed VLANs, i saw in a couple of places and wanted to check if a typo.
Thanks in advance.
cisco vlan cisco-catalyst
asked Nov 29 '17 at 21:30
g18cg18c
20352869
1
Are you asking why you have to allow a VLAN on a port in order to communicate on that VLAN? "I have found to be able to communicate on the management interface I must include the management VLAN in the allowed vlan list, any reason behind this?" Because if you don't allow the VLAN then you can't communicate on that VLAN, which is exactly the difference between allowed and not allowed VLANs. Is that the answer to your question?
– Todd Wilcox
Nov 29 '17 at 21:35
Thanks Todd, have clarified as seen this in a number of places where the native VLAN was NOT included in the allowed VLAN list, checking if it was typo
– g18c
Nov 29 '17 at 21:58
add a comment |
I have wireless access points that have a single ethernet interface.
On this interface it has a management IP address (untagged), and can create multiple SSIDs each of which can be bridged on to its own VLAN.
As i understand, this is a form of hybrid port with untagged native VLAN and tagged frames.
I have setup the Cisco Catalyst switch with the below for my 4 APs (VLAN 15 connects to the untagged management interface of the APs, VLAN 30 is private and VLAN 300 is guest):
interface range GigabitEthernet1/0/1-4
switchport trunk native vlan 15
switchport trunk allowed vlan 30,15,300
switchport mode trunk
spanning-tree portfast
spanning-tree bpduguard enable
!
The APs can send tagged frames OK and these seem to be forwarded correctly.
However I have found to be able to communicate on the management interface I must include the management VLAN in the allowed vlan list, any reason behind this?
The reason i ask i saw other configs in forums is they did not include the native VLAN in the list of allowed VLANs, i saw in a couple of places and wanted to check if a typo.
Thanks in advance.
cisco vlan cisco-catalyst
asked Nov 29 '17 at 21:30
g18cg18c
20352869
I have wireless access points that have a single ethernet interface.
On this interface it has a management IP address (untagged), and can create multiple SSIDs each of which can be bridged on to its own VLAN.
As i understand, this is a form of hybrid port with untagged native VLAN and tagged frames.
I have setup the Cisco Catalyst switch with the below for my 4 APs (VLAN 15 connects to the untagged management interface of the APs, VLAN 30 is private and VLAN 300 is guest):
interface range GigabitEthernet1/0/1-4
switchport trunk native vlan 15
switchport trunk allowed vlan 30,15,300
switchport mode trunk
spanning-tree portfast
spanning-tree bpduguard enable
!
The APs can send tagged frames OK and these seem to be forwarded correctly.
However I have found to be able to communicate on the management interface I must include the management VLAN in the allowed vlan list, any reason behind this?
The reason i ask i saw other configs in forums is they did not include the native VLAN in the list of allowed VLANs, i saw in a couple of places and wanted to check if a typo.
Thanks in advance.
cisco vlan cisco-catalyst
cisco vlan cisco-catalyst
asked Nov 29 '17 at 21:30
g18cg18c
20352869
asked Nov 29 '17 at 21:30
g18cg18c
20352869
edited Nov 29 '17 at 21:55
g18c
asked Nov 29 '17 at 21:30
g18cg18c
20352869
asked Nov 29 '17 at 21:30
g18cg18c
20352869
asked Nov 29 '17 at 21:30
g18cg18c
20352869
20352869
1
Are you asking why you have to allow a VLAN on a port in order to communicate on that VLAN? "I have found to be able to communicate on the management interface I must include the management VLAN in the allowed vlan list, any reason behind this?" Because if you don't allow the VLAN then you can't communicate on that VLAN, which is exactly the difference between allowed and not allowed VLANs. Is that the answer to your question?
– Todd Wilcox
Nov 29 '17 at 21:35
Thanks Todd, have clarified as seen this in a number of places where the native VLAN was NOT included in the allowed VLAN list, checking if it was typo
– g18c
Nov 29 '17 at 21:58
add a comment |
1
Are you asking why you have to allow a VLAN on a port in order to communicate on that VLAN? "I have found to be able to communicate on the management interface I must include the management VLAN in the allowed vlan list, any reason behind this?" Because if you don't allow the VLAN then you can't communicate on that VLAN, which is exactly the difference between allowed and not allowed VLANs. Is that the answer to your question?
– Todd Wilcox
Nov 29 '17 at 21:35
Thanks Todd, have clarified as seen this in a number of places where the native VLAN was NOT included in the allowed VLAN list, checking if it was typo
– g18c
Nov 29 '17 at 21:58
1
1
Are you asking why you have to allow a VLAN on a port in order to communicate on that VLAN? "I have found to be able to communicate on the management interface I must include the management VLAN in the allowed vlan list, any reason behind this?" Because if you don't allow the VLAN then you can't communicate on that VLAN, which is exactly the difference between allowed and not allowed VLANs. Is that the answer to your question?
– Todd Wilcox
Nov 29 '17 at 21:35
Are you asking why you have to allow a VLAN on a port in order to communicate on that VLAN? "I have found to be able to communicate on the management interface I must include the management VLAN in the allowed vlan list, any reason behind this?" Because if you don't allow the VLAN then you can't communicate on that VLAN, which is exactly the difference between allowed and not allowed VLANs. Is that the answer to your question?
– Todd Wilcox
Nov 29 '17 at 21:35
Thanks Todd, have clarified as seen this in a number of places where the native VLAN was NOT included in the allowed VLAN list, checking if it was typo
– g18c
Nov 29 '17 at 21:58
Thanks Todd, have clarified as seen this in a number of places where the native VLAN was NOT included in the allowed VLAN list, checking if it was typo
– g18c
Nov 29 '17 at 21:58
add a comment |
3 Answers
3
active
oldest
votes
Reference:
https://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus5000/sw/configuration/guide/cli/CLIConfigurationGuide/AccessTrunk.html#18749
Emphasis mine:
By default, a trunk port sends traffic to and receives traffic from all VLANs. All VLAN IDs are allowed on each trunk. However, you can remove VLANs from this inclusive list to prevent traffic from the specified VLANs from passing over the trunk. You can add any specific VLANs later that you may want the trunk to carry traffic for back to the list.
And later:
switch(config-if)# switchport trunk allowed vlan { *vlan-list* all | none [ add |except | none | remove { *vlan-list* }]}
Sets allowed VLANs for the trunk interface.
In short, once you put a switch trunk allowed vlan command on an interface, you deny all VLANs on that interface except for the ones specifically allowed in the command.
If you've seen configs online where it supposedly works differently, and it's definitely Cisco equipment, it's probably a mistake or a typo. I haven't worked on literally every Cisco operating system, but all the ones I've seen (which are many/most of them) work the same way.
answered Nov 29 '17 at 22:01
Todd WilcoxTodd Wilcox
2,47621529
add a comment |
The reason i ask i saw other configs in forums is they did not include
the native VLAN in the list of allowed VLANs, i saw in a couple of
places and wanted to check if a typo.
The one big reason to not include the native VLAN is the list of allowed VLANs is that a native VLAN is a security risk. The current best practice is to not include the native VLAN in the allowed VLANs on a trunk, and to not use VLAN 1 for anything. There is a misconception that you must have a native VLAN on a trunk.
The link-local protocols that send frames without tags will still work. They really are not part of a VLAN, native or otherwise.
answered Nov 29 '17 at 22:01
Ron MaupinRon Maupin
2,2461613
add a comment |
The NATIVE VLAN should NOT be included on the "switch allowed vlan" list. However, the NATIVE VLAN should also NOT be used for ANYTHING else. If you have a vlan defined for any device/access port, then that VLAN must be allowed on the trunk port, and should NOT be used for the NATIVE VLAN.
answered 10 mins ago
GregGreg
1
New contributor
Greg is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
add a comment |
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "2"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f885855%2fcisco-native-port-has-to-be-included-in-allowed-vlans-of-trunk%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
3 Answers
3
active
oldest
votes
3 Answers
3
active
oldest
votes
active
oldest
votes
active
oldest
votes
Reference:
https://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus5000/sw/configuration/guide/cli/CLIConfigurationGuide/AccessTrunk.html#18749
Emphasis mine:
By default, a trunk port sends traffic to and receives traffic from all VLANs. All VLAN IDs are allowed on each trunk. However, you can remove VLANs from this inclusive list to prevent traffic from the specified VLANs from passing over the trunk. You can add any specific VLANs later that you may want the trunk to carry traffic for back to the list.
And later:
switch(config-if)# switchport trunk allowed vlan { *vlan-list* all | none [ add |except | none | remove { *vlan-list* }]}
Sets allowed VLANs for the trunk interface.
In short, once you put a switch trunk allowed vlan command on an interface, you deny all VLANs on that interface except for the ones specifically allowed in the command.
If you've seen configs online where it supposedly works differently, and it's definitely Cisco equipment, it's probably a mistake or a typo. I haven't worked on literally every Cisco operating system, but all the ones I've seen (which are many/most of them) work the same way.
answered Nov 29 '17 at 22:01
Todd WilcoxTodd Wilcox
2,47621529
add a comment |
Reference:
https://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus5000/sw/configuration/guide/cli/CLIConfigurationGuide/AccessTrunk.html#18749
Emphasis mine:
By default, a trunk port sends traffic to and receives traffic from all VLANs. All VLAN IDs are allowed on each trunk. However, you can remove VLANs from this inclusive list to prevent traffic from the specified VLANs from passing over the trunk. You can add any specific VLANs later that you may want the trunk to carry traffic for back to the list.
And later:
switch(config-if)# switchport trunk allowed vlan { *vlan-list* all | none [ add |except | none | remove { *vlan-list* }]}
Sets allowed VLANs for the trunk interface.
In short, once you put a switch trunk allowed vlan command on an interface, you deny all VLANs on that interface except for the ones specifically allowed in the command.
If you've seen configs online where it supposedly works differently, and it's definitely Cisco equipment, it's probably a mistake or a typo. I haven't worked on literally every Cisco operating system, but all the ones I've seen (which are many/most of them) work the same way.
answered Nov 29 '17 at 22:01
Todd WilcoxTodd Wilcox
2,47621529
add a comment |
Reference:
https://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus5000/sw/configuration/guide/cli/CLIConfigurationGuide/AccessTrunk.html#18749
Emphasis mine:
By default, a trunk port sends traffic to and receives traffic from all VLANs. All VLAN IDs are allowed on each trunk. However, you can remove VLANs from this inclusive list to prevent traffic from the specified VLANs from passing over the trunk. You can add any specific VLANs later that you may want the trunk to carry traffic for back to the list.
And later:
switch(config-if)# switchport trunk allowed vlan { *vlan-list* all | none [ add |except | none | remove { *vlan-list* }]}
Sets allowed VLANs for the trunk interface.
In short, once you put a switch trunk allowed vlan command on an interface, you deny all VLANs on that interface except for the ones specifically allowed in the command.
If you've seen configs online where it supposedly works differently, and it's definitely Cisco equipment, it's probably a mistake or a typo. I haven't worked on literally every Cisco operating system, but all the ones I've seen (which are many/most of them) work the same way.
answered Nov 29 '17 at 22:01
Todd WilcoxTodd Wilcox
2,47621529
Reference:
https://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus5000/sw/configuration/guide/cli/CLIConfigurationGuide/AccessTrunk.html#18749
Emphasis mine:
By default, a trunk port sends traffic to and receives traffic from all VLANs. All VLAN IDs are allowed on each trunk. However, you can remove VLANs from this inclusive list to prevent traffic from the specified VLANs from passing over the trunk. You can add any specific VLANs later that you may want the trunk to carry traffic for back to the list.
And later:
switch(config-if)# switchport trunk allowed vlan { *vlan-list* all | none [ add |except | none | remove { *vlan-list* }]}
Sets allowed VLANs for the trunk interface.
In short, once you put a switch trunk allowed vlan command on an interface, you deny all VLANs on that interface except for the ones specifically allowed in the command.
If you've seen configs online where it supposedly works differently, and it's definitely Cisco equipment, it's probably a mistake or a typo. I haven't worked on literally every Cisco operating system, but all the ones I've seen (which are many/most of them) work the same way.
answered Nov 29 '17 at 22:01
Todd WilcoxTodd Wilcox
2,47621529
answered Nov 29 '17 at 22:01
Todd WilcoxTodd Wilcox
2,47621529
answered Nov 29 '17 at 22:01
Todd WilcoxTodd Wilcox
2,47621529
answered Nov 29 '17 at 22:01
Todd WilcoxTodd Wilcox
2,47621529
2,47621529
add a comment |
add a comment |
The reason i ask i saw other configs in forums is they did not include
the native VLAN in the list of allowed VLANs, i saw in a couple of
places and wanted to check if a typo.
The one big reason to not include the native VLAN is the list of allowed VLANs is that a native VLAN is a security risk. The current best practice is to not include the native VLAN in the allowed VLANs on a trunk, and to not use VLAN 1 for anything. There is a misconception that you must have a native VLAN on a trunk.
The link-local protocols that send frames without tags will still work. They really are not part of a VLAN, native or otherwise.
answered Nov 29 '17 at 22:01
Ron MaupinRon Maupin
2,2461613
add a comment |
The reason i ask i saw other configs in forums is they did not include
the native VLAN in the list of allowed VLANs, i saw in a couple of
places and wanted to check if a typo.
The one big reason to not include the native VLAN is the list of allowed VLANs is that a native VLAN is a security risk. The current best practice is to not include the native VLAN in the allowed VLANs on a trunk, and to not use VLAN 1 for anything. There is a misconception that you must have a native VLAN on a trunk.
The link-local protocols that send frames without tags will still work. They really are not part of a VLAN, native or otherwise.
answered Nov 29 '17 at 22:01
Ron MaupinRon Maupin
2,2461613
add a comment |
The reason i ask i saw other configs in forums is they did not include
the native VLAN in the list of allowed VLANs, i saw in a couple of
places and wanted to check if a typo.
The one big reason to not include the native VLAN is the list of allowed VLANs is that a native VLAN is a security risk. The current best practice is to not include the native VLAN in the allowed VLANs on a trunk, and to not use VLAN 1 for anything. There is a misconception that you must have a native VLAN on a trunk.
The link-local protocols that send frames without tags will still work. They really are not part of a VLAN, native or otherwise.
answered Nov 29 '17 at 22:01
Ron MaupinRon Maupin
2,2461613
The reason i ask i saw other configs in forums is they did not include
the native VLAN in the list of allowed VLANs, i saw in a couple of
places and wanted to check if a typo.
The one big reason to not include the native VLAN is the list of allowed VLANs is that a native VLAN is a security risk. The current best practice is to not include the native VLAN in the allowed VLANs on a trunk, and to not use VLAN 1 for anything. There is a misconception that you must have a native VLAN on a trunk.
The link-local protocols that send frames without tags will still work. They really are not part of a VLAN, native or otherwise.
answered Nov 29 '17 at 22:01
Ron MaupinRon Maupin
2,2461613
answered Nov 29 '17 at 22:01
Ron MaupinRon Maupin
2,2461613
answered Nov 29 '17 at 22:01
Ron MaupinRon Maupin
2,2461613
answered Nov 29 '17 at 22:01
Ron MaupinRon Maupin
2,2461613
2,2461613
add a comment |
add a comment |
The NATIVE VLAN should NOT be included on the "switch allowed vlan" list. However, the NATIVE VLAN should also NOT be used for ANYTHING else. If you have a vlan defined for any device/access port, then that VLAN must be allowed on the trunk port, and should NOT be used for the NATIVE VLAN.
answered 10 mins ago
GregGreg
1
New contributor
Greg is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
add a comment |
The NATIVE VLAN should NOT be included on the "switch allowed vlan" list. However, the NATIVE VLAN should also NOT be used for ANYTHING else. If you have a vlan defined for any device/access port, then that VLAN must be allowed on the trunk port, and should NOT be used for the NATIVE VLAN.
answered 10 mins ago
GregGreg
1
New contributor
Greg is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
add a comment |
The NATIVE VLAN should NOT be included on the "switch allowed vlan" list. However, the NATIVE VLAN should also NOT be used for ANYTHING else. If you have a vlan defined for any device/access port, then that VLAN must be allowed on the trunk port, and should NOT be used for the NATIVE VLAN.
answered 10 mins ago
GregGreg
1
New contributor
Greg is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
The NATIVE VLAN should NOT be included on the "switch allowed vlan" list. However, the NATIVE VLAN should also NOT be used for ANYTHING else. If you have a vlan defined for any device/access port, then that VLAN must be allowed on the trunk port, and should NOT be used for the NATIVE VLAN.
answered 10 mins ago
GregGreg
1
New contributor
Greg is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
answered 10 mins ago
GregGreg
1
New contributor
Greg is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
answered 10 mins ago
GregGreg
1
answered 10 mins ago
GregGreg
1
1
New contributor
Greg is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
New contributor
Greg is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
Greg is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
add a comment |
add a comment |
Thanks for contributing an answer to Server Fault!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f885855%2fcisco-native-port-has-to-be-included-in-allowed-vlans-of-trunk%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
1
Are you asking why you have to allow a VLAN on a port in order to communicate on that VLAN? "I have found to be able to communicate on the management interface I must include the management VLAN in the allowed vlan list, any reason behind this?" Because if you don't allow the VLAN then you can't communicate on that VLAN, which is exactly the difference between allowed and not allowed VLANs. Is that the answer to your question?
– Todd Wilcox
Nov 29 '17 at 21:35
Thanks Todd, have clarified as seen this in a number of places where the native VLAN was NOT included in the allowed VLAN list, checking if it was typo
– g18c
Nov 29 '17 at 21:58