Time to check your config versus this latest lab. Do you recall the command and syntax to restrict a trunk on a Catalyst switch from supporting all VLANs? Go try the lab yourself on paper, then come back here and check your answer.
Answers
Figure 1: Two Switches – Point-to-Point
Example 3: SW1 Config
! interface GigabitEthernet0/1 switchport mode access switchport access vlan 100 ! interface GigabitEthernet0/2 switchport mode access switchport access vlan 200 interface GigabitEthernet0/3 switchport mode trunk switchport trunk allowed vlan remove 2-99,101-199,201-4094
Example 4: SW2 Config
interface GigabitEthernet0/1 switchport mode access switchport access vlan 100 ! interface GigabitEthernet0/2 switchport mode access switchport access vlan 200 ! interface GigabitEthernet0/3 switchport mode trunk switchport trunk allowed vlan remove 2-99,101-199,201-4094
Commentary
The VLAN configuration follows a straightforward and familiar pattern. In this case, however, the configuration happens to omit any vlan vlan-id global commands. In each switch, the first time the switchport access vlan vlan-id global command identifies a new VLAN not formerly known by the switch, the switch automatically adds the matching vlan vlan-id global command.
A VLAN trunk forwards traffic from multiple VLANs at the same time. It does this on modern switches via the use of IEEE 802.1Q tagging. Assuming the default native VLAN settings are used, Ethernet frames from all VLANs except for VLAN 1 (the default native VLAN) will have an additional tag added to frame while being forwarded over the VLAN trunk. This tag is essentially a label that marks traffic with its respective VLAN. Once the traffic reaches the second device, that device is able to strip the tag off and use the information in it to properly forward the traffic.
Cisco Catalyst switches default their administrative trunking setting – that is, the configured setting by default – to a mode that tells the switch to use the Dynamic Trunking Protocol (DTP) to negotiate whether to operate as a trunk or not. The instructions told us to configure the statically configure the switches to trunk. To do that, a simple config is needed on both switches: the switchport mode trunk command is used on both switches. Both happen to connect to each other with their G0/3 interfaces.
Trunks support all defined VLANs by default. To achieve that final requirement of disallowing any new VLAN’s traffic from crossing this trunk, until such time as the configuration is changed, you need to remove all the other VLANs from the trunk besides VLANs 100, 200, and the (default) native VLAN 1. Use the switchport trunk allowed vlan remove 2-99,101-199,200-4094 interface subcommand to do so.
Finally, depending on how you read the requirements, you might have added the switchport nonegotiate command to each port as well. This command disables DTP. Whether you did so or not, the link between the two switches would still operate as a trunk due to the static configuration.