cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
374
Views
10
Helpful
2
Replies

VTP Issue

Sonugnair_2
Level 1
Level 1

Hi,

I have two 6509 switches acting as VTP servers in addition to 2 4503 & 22 3750 acting as VTP clients.The vlans created on 6509 are correctly relayed to all devices in the domain. But there are two vlans that i dont want to be advertised. I tried allowing only the required ones on the trunks , but still the vlans appear in the clients. I verified that only the correct vlans are being relayed using the "show interface g1/1 trunk" command.

I also tried shutting down the trunks, changing the clients to servers, manually deleted the vlans, changed the mode back to client and bought up the trunk but now the vlans that i deleted (from 4503 and 3750) now have disappeared from the Core also.

I want vlans 50 & 51 to appear only on core and not on clients

Can someone help me on this?

Thanks & regards

Sonu

1 Accepted Solution

Accepted Solutions

glen.grant
VIP Alumni
VIP Alumni

I don't know of any way to do this . The servers will propagate any defined vlans to all clients and servers in the domain . Not sure what your purpose is here . If you don't want them to be able to be defined on lower switches on the servers "manually" prune off any unneeded vlans off the trunks , this is good practice anyway. Use the " switchport trunk allowed" commands to manually prune off any vlans you don't want allowed down the trunk, do this on both client and server side . The vlans will still show in the domain on the clients but you will be unable to pass data on those vlans on the clients . If you manually prune them this should eliminate anyone from passing data on those unallowed vlans on any client switch even if you put ports into that vlan . The reason they disappeared is you changed the client to server deleted them which gave that switch a higher vtp revision number so when you stuck this switch back on the network even as a client it overwrote the vtp database which is normal behavior . I would be very careful doing this as this could have caused real problems . Vlans 51 and 50 will always show up in the show vlan command because they are defined on the servers , if you don't want anyone to be able to pass data for those vlans on the client switches you will have to manually prune off those vlans on all attaching links on both sides .

View solution in original post

2 Replies 2

glen.grant
VIP Alumni
VIP Alumni

I don't know of any way to do this . The servers will propagate any defined vlans to all clients and servers in the domain . Not sure what your purpose is here . If you don't want them to be able to be defined on lower switches on the servers "manually" prune off any unneeded vlans off the trunks , this is good practice anyway. Use the " switchport trunk allowed" commands to manually prune off any vlans you don't want allowed down the trunk, do this on both client and server side . The vlans will still show in the domain on the clients but you will be unable to pass data on those vlans on the clients . If you manually prune them this should eliminate anyone from passing data on those unallowed vlans on any client switch even if you put ports into that vlan . The reason they disappeared is you changed the client to server deleted them which gave that switch a higher vtp revision number so when you stuck this switch back on the network even as a client it overwrote the vtp database which is normal behavior . I would be very careful doing this as this could have caused real problems . Vlans 51 and 50 will always show up in the show vlan command because they are defined on the servers , if you don't want anyone to be able to pass data for those vlans on the client switches you will have to manually prune off those vlans on all attaching links on both sides .

Jon Marshall
Hall of Fame
Hall of Fame

Hi

Glen has explained how the VTP will still propogate the vlan information to all clients. As he says you can remove vlans 50 & 51 from the trunk etc. but they will still appear on the client switches.

The only way to avoid this is to put your client switches into VTP transparent mode and configure all vlans manually but this is more of an administrative overhead and can be prone to error. Only in this mode though can you achieve what you are looking for.

HTH

Jon

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco