Summary: When you configure a Native VLAN on a trunk, you are telling the switch how to handle untagged frames. However, the
allowed vlanlist acts as a "gatekeeper." If a VLAN is not in the allowed list, the switch will drop traffic for that VLAN, even if it is the Native VLAN.
To set VLAN 220 as the Native VLAN and ensure it is allowed to pass through the trunk, use the following commands:
interface Port-channel <number>
switchport mode trunk
switchport trunk native vlan 220
switchport trunk allowed vlan 220,10,20 ! Ensure 220 is in this list
In a typical troubleshooting scenario, this configuration is the "sweet spot" for recovery:
220 to the allowed list, you ensure the 9300 doesn't prune that traffic. If you had switchport trunk allowed vlan 10,20 (omitting 220), the Meraki 9200 would be physically linked but logically isolated, as its management traffic would be dropped at the 9300 ingress port.To confirm that VLAN 220 is correctly set as the Native VLAN and is not being pruned, run:
show interfaces trunk | interface Po<number>
Check these sections in the output:
220.220.220. If it's missing here, the link won't pass traffic for that VLAN.Some engineers assume that switchport trunk native vlan 220 automatically "allows" it. While some older IOS versions behaved loosely, modern IOS-XE is strict. If your allowed list is defined, it must explicitly include the Native VLAN ID.