cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
13253
Views
0
Helpful
4
Replies

switchport trunk ALLOWED ---versus--- switchport trunk PRUNING

donlon
Level 1
Level 1

hello all

I have some confusion about these two different commands.

"switchport trunk allowed" is the command I thought was used to restrict (i.e. prune) a vlan from a trunk.

Recently I encountered a config where "switchport trunk pruning" was used. Cisco documentation isn't clear to me about this "pruning" command. The docs seem to suggest that this merely stops broadcast traffic for the particular vlan.... unicast traffic (I think) will still cross the trunk.

Do I understand this correctly?

4 Replies 4

Danilo Dy
VIP Alumni
VIP Alumni

Hi,

switchport trunk allowed vlan vlan_list

- Sets the list of allowed VLANs that transmit traffic from this interface in tagged format when in trunking mode.

switchport trunk pruning vlan vlan_list

- Sets the list of VLANs that are enabled for VTP pruning when in trunking mode.

Jon Marshall
Hall of Fame
Hall of Fame

Hi

By default broadcast, multicast and unknown unicast traffic is flooded over all trunk links. VTP pruning stops broadcast, muliticast and flooded unicast being sent over trunks links if there are no members of that vlan at the other end of the trunk link. It won't stop "known" unicast traffic because if a unicast packet needs to be sent over the trunk then by definition there must be a member of that vlan at the other end.

Switchport trunk allowed is where you manually tell the switch which vlans are allowed on the trunk link. So even if there is a member of that vlan at the other end of the trunk traffic won't get to it if you are not allowing it on the trunk.

HTH

Jon

thanks for the replies,

as it turned out...I spent part of this Saturday afternoon doing some empirical testing with a 3550 and 2950.

I trunked them together with a vlan 1,2,and 3.

I used the "switchport trunk allowed vlan except 3" and sure enough, two PC's on each switch on vlan 3 could not ping one another after that (they could on vlan 2).

When using the "switchport trunk pruning vlan 3" command the two PCs could still ping.

As far as I can tell, the "pruning" command is of marginal value. Looking at cisco docs more closely, I think the "pruning" command only is effective if one switch doesn't have a particular vlan cofigured, or perhaps doesn't have any ports in that vlan, in fact I might even have it backward... that is to say, the vlan you mention with the "pruning" command is the one vlan that IS NOT pruned. Don't know for sure,and I'm not nerd enought to waste all Saturday on it. I'll stick with the "switchport trunk allowed" command that I've always known about because I know it works defineitivly and is straightforward ( i.e. it blocks a vlan from the trunk, no if, and or but).

minumathur
Level 1
Level 1

Hi

By default if you configure trunk mode on between switch 1 and switch 2, all traffic will be passing through trunk port. which in not acceple , we require only comman vlan taffic passing through the trunk port, so pruning techque will help to do so ( Broadcast/multicast/unicast traffic). In attached diagram, switch 1 and switch 2 are connected with trunk port , we required only comman vlan traffic need to be pass throuh trunk port , so include that vlan only , in attached case we requre 3 to 5 vlan information need to pass, so pruning tech help us to restrict other vlan traffic.this will use in VTP configuration

2) Switch port allowed command, will allowed only those vlan , which you have included.

I hope this will clarify your doubts, please rate this .

-Minu

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco