10-20-2008 01:27 AM - edited 03-06-2019 02:01 AM
We have a 6509 which is a VTP server for some edge switches which are VTP clients. The 6509 has had a number of VLANs created on it which are advertised out using VTP with VTP pruning enabled for all vlans. This works well. But, we have now created a new VLAN which will only ever have ports assigned to it which are physically on the 6509 itself (for security reasons). I have been trying to find a way of preventing this new VLAN from being advertised to the edge switches. VTP pruning will stop the broadcast traffic ok but the new 'secure' vlan is still advertised to the edge switches. Does anyone know if there is a way of excluding a new VLAN from the VTP advertisements ? Thanks for your time.
Solved! Go to Solution.
10-20-2008 01:35 AM
AFAIK - no, you cannot do this, using VLAN pruning is a good, but I would also recommend that you remove that VLAN from the allowed trunks list - just to make sure that no-one can configure a switch port by "mistake" on another switch to be in that VLAN.
You might also want to think about making that VLAN "Private" as well.
HTH>
10-20-2008 01:35 AM
AFAIK - no, you cannot do this, using VLAN pruning is a good, but I would also recommend that you remove that VLAN from the allowed trunks list - just to make sure that no-one can configure a switch port by "mistake" on another switch to be in that VLAN.
You might also want to think about making that VLAN "Private" as well.
HTH>
10-20-2008 08:41 AM
Thanks for the suggestions.
10-21-2008 03:03 AM
np - glad to help.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide