Technical information
32
IPSec VPN Acceleration Services Module Installation and Configuration Note
78-14459-03 Rev C0
Configuring a VPN Using the VPN Module
To remove the interface VLAN from the VLAN list, enter the following commands:
Router# conf t
Router(config)# int g1/1
Router(config-if)# no switchport mode trunk
Router(config-if)# switchport trunk allowed vlan 1
Router(config-if)# switchport mode trunk
Router(config-if)# switchport trunk allowed vlan add vlan-list
Note VLANs in the vlan-list must not include any interface VLANs.
To avoid getting into the above situation, when you put an Ethernet port into the trunk mode, enter the
following commands in the exact order given:
Router# conf t
Router(config)# int g1/1
Router(config)# no shut
Router(config-if)# switchport
Router(config-if)# switchport trunk allowed vlan 1
Router(config-if)# switchport trunk encapsulation dot1q
Router(config-if)# switchport mode trunk
Router(config-if)# switchport trunk allowed vlan add vlan-list
Note VLANs in the vlan-list must not include any interface VLANs.
A common mistake when configuring a trunk port occurs when you use the add option as follows:
switchport trunk allowed vlan add 100. If the switchport trunk allowed vlan vlan-list command has
not already been used, the add option does not make VLAN 100 the only allowed VLAN on the trunk
port; all VLANs are still allowed after entering the command because all the VLANs are allowed by
default. After you use the switchport trunk allowed vlan vlan-list command to add a VLAN, you can
then use the switchport trunk allowed vlan add vlan-list command to add additional VLANs.
Note To remove unwanted VLANs from a trunk port, use the switch trunk allowed vlan remove command
Caution Do not enter the switchport trunk allowed vlan all command on a secured trunk port. In addition, do
not set the VPN module inside and outside ports to “all VLANs allowed.”