Can Traffic pass a trunk if its not allowed but set as native vlan? If i have configured 3 vlans * vlan10 * vlan20 * vlan30 and then i make 2 trunkports int gi0/1 description trunk1 swi...--prophetes.ai

Can Traffic pass a trunk if its not allowed but set as native vlan? If i have configured 3 vlans * vlan10 * vlan20 * vlan30 and then i make 2 trunkports int gi0/1 description trunk1 switchport mode trunk switchport trunk allowed vlan 20 switchport trunk native vlan 10 int gi0/2 decription trunk2 switchport mode trunk switchport trunk allowed vlan 30 switchport trunk native vlan 10 does that allow traffic from vlan10 over these trunks even i have allowed 20 and 30 only?

No. Only the VLANs in the VLAN allowed list will pass. In fact, the Cisco security best practices recommend not using VLAN 1 (the default VLAN), not using a native VLAN, and restricting the VLANs allowed to only those actually needed on the trunk.

To that end, you can leave VLAN 1 as the native VLAN and not include it in the `switchport trunk allowed vlan` command. Also, disable the VLAN 1 SVI on any switches.

You should also use the `switchport nonegotiate` interface command on the switch interfaces to disable DTP that can negotiate between access an trunk for the interface.