switchport trunk ALLOWED ---versus--- switchport trunk PRUNING

Unanswered Question

hello all

I have some confusion about these two different commands.

"switchport trunk allowed" is the command I thought was used to restrict (i.e. prune) a vlan from a trunk.

Recently I encountered a config where "switchport trunk pruning" was used. Cisco documentation isn't clear to me about this "pruning" command. The docs seem to suggest that this merely stops broadcast traffic for the particular vlan.... unicast traffic (I think) will still cross the trunk.

Do I understand this correctly?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Danilo Dy Fri, 04/06/2007 - 23:49


switchport trunk allowed vlan vlan_list

- Sets the list of allowed VLANs that transmit traffic from this interface in tagged format when in trunking mode.

switchport trunk pruning vlan vlan_list

- Sets the list of VLANs that are enabled for VTP pruning when in trunking mode.

Jon Marshall Sat, 04/07/2007 - 00:01


By default broadcast, multicast and unknown unicast traffic is flooded over all trunk links. VTP pruning stops broadcast, muliticast and flooded unicast being sent over trunks links if there are no members of that vlan at the other end of the trunk link. It won't stop "known" unicast traffic because if a unicast packet needs to be sent over the trunk then by definition there must be a member of that vlan at the other end.

Switchport trunk allowed is where you manually tell the switch which vlans are allowed on the trunk link. So even if there is a member of that vlan at the other end of the trunk traffic won't get to it if you are not allowing it on the trunk.



thanks for the replies,

as it turned out...I spent part of this Saturday afternoon doing some empirical testing with a 3550 and 2950.

I trunked them together with a vlan 1,2,and 3.

I used the "switchport trunk allowed vlan except 3" and sure enough, two PC's on each switch on vlan 3 could not ping one another after that (they could on vlan 2).

When using the "switchport trunk pruning vlan 3" command the two PCs could still ping.

As far as I can tell, the "pruning" command is of marginal value. Looking at cisco docs more closely, I think the "pruning" command only is effective if one switch doesn't have a particular vlan cofigured, or perhaps doesn't have any ports in that vlan, in fact I might even have it backward... that is to say, the vlan you mention with the "pruning" command is the one vlan that IS NOT pruned. Don't know for sure,and I'm not nerd enought to waste all Saturday on it. I'll stick with the "switchport trunk allowed" command that I've always known about because I know it works defineitivly and is straightforward ( i.e. it blocks a vlan from the trunk, no if, and or but).

minumathur Sat, 04/07/2007 - 23:08


By default if you configure trunk mode on between switch 1 and switch 2, all traffic will be passing through trunk port. which in not acceple , we require only comman vlan taffic passing through the trunk port, so pruning techque will help to do so ( Broadcast/multicast/unicast traffic). In attached diagram, switch 1 and switch 2 are connected with trunk port , we required only comman vlan traffic need to be pass throuh trunk port , so include that vlan only , in attached case we requre 3 to 5 vlan information need to pass, so pruning tech help us to restrict other vlan traffic.this will use in VTP configuration

2) Switch port allowed command, will allowed only those vlan , which you have included.

I hope this will clarify your doubts, please rate this .




This Discussion