We have a 6509 which is a VTP server for some edge switches which are VTP clients. The 6509 has had a number of VLANs created on it which are advertised out using VTP with VTP pruning enabled for all vlans. This works well. But, we have now created a new VLAN which will only ever have ports assigned to it which are physically on the 6509 itself (for security reasons). I have been trying to find a way of preventing this new VLAN from being advertised to the edge switches. VTP pruning will stop the broadcast traffic ok but the new 'secure' vlan is still advertised to the edge switches. Does anyone know if there is a way of excluding a new VLAN from the VTP advertisements ? Thanks for your time.
AFAIK - no, you cannot do this, using VLAN pruning is a good, but I would also recommend that you remove that VLAN from the allowed trunks list - just to make sure that no-one can configure a switch port by "mistake" on another switch to be in that VLAN.
You might also want to think about making that VLAN "Private" as well.