Vlan 12 in the allowed list does not make it tagged if its the native vlan. You would need it in the allowed list if the switch was tagging all vlans including the native.
Regards, Brandon Carroll - CCIE #23837 Senior Technical Instructor - IPexpert Mailto: [email protected] Telephone: +1.810.326.1444 Live Assistance, Please visit: www.ipexpert.com/chat eFax: +1.810.454.0130 IPexpert is a premier provider of Self-Study Workbooks, Video on Demand, Audio Tools, Online Hardware Rental and Classroom Training for the Cisco CCIE (R&S, Voice, Security & Service Provider) certification(s) with training locations throughout the United States, Europe, South Asia and Australia. Be sure to visit our online communities at www.ipexpert.com/communities and our public website at www.ipexpert.com On Apr 13, 2010, at 3:18 AM, Kingsley Charles wrote: > That is what we need, right? > > The traffic to the phsyical interface should not be tagged. The physical > interface can't understand tagged traffic. Only the sub-interface can > understand tagged traffic with the "vlan" keyword. > > vlan 12 in the allowed vlan list, makes it tagged. > > With regards > Kings > > On Tue, Apr 13, 2010 at 2:54 PM, 'Segun Daini <[email protected]> wrote: > To allow the trunk to pass vlan 12 traffic. specifying it a the native vlan > is just telling the switch to not TAG vlan 12 traffic. > > Regards > > From: Kingsley Charles <[email protected]> > To: [email protected] > Sent: Tue, April 13, 2010 9:56:31 AM > Subject: [OSL | CCIE_Security] Native vlan mapped to physical interface > > Hi all > > Vol 2 > Lab 15 > Section 1.0 > > ASA1's e0/0 is connected to cat 3 f0/10. > vlan 12's subnet address is 192.1.12.0. > e0/0's IP address is 192.1.12.10. > > "switchport trunk native vlan 12" alone is suffice to route traffic from > "192.1.12.0" to ASA1's e0/0. > > Why are we adding vlan 12 in the trunk allowed list? > > > > ASA 1 config > > interface Ethernet0/0 > nameif outside > security-level 0 > ip address 192.1.12.10 255.255.255.0 standby 192.1.12.60 > ! > interface Ethernet0/0.55 > vlan 55 > nameif DMZ55 > security-level 55 > ip address 192.168.5.10 255.255.255.0 standby 192.168.5.60 > > Cat3 config > > interface FastEthernet0/10 > description ASA1 F0/0 > switchport trunk encapsulation dot1q > switchport trunk native vlan 12 > switchport trunk allowed vlan 12,55 > switchport mode trunk > > > > > > With regards > Kings > > > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
