10-20-2008 01:27 AM - edited 03-06-2019 02:01 AM
We have a 6509 which is a VTP server for some edge switches which are VTP clients. The 6509 has had a number of VLANs created on it which are advertised out using VTP with VTP pruning enabled for all vlans. This works well. But, we have now created a new VLAN which will only ever have ports assigned to it which are physically on the 6509 itself (for security reasons). I have been trying to find a way of preventing this new VLAN from being advertised to the edge switches. VTP pruning will stop the broadcast traffic ok but the new 'secure' vlan is still advertised to the edge switches. Does anyone know if there is a way of excluding a new VLAN from the VTP advertisements ? Thanks for your time.
Solved! Go to Solution.
10-20-2008 01:35 AM
AFAIK - no, you cannot do this, using VLAN pruning is a good, but I would also recommend that you remove that VLAN from the allowed trunks list - just to make sure that no-one can configure a switch port by "mistake" on another switch to be in that VLAN.
You might also want to think about making that VLAN "Private" as well.
HTH>
10-20-2008 01:35 AM
AFAIK - no, you cannot do this, using VLAN pruning is a good, but I would also recommend that you remove that VLAN from the allowed trunks list - just to make sure that no-one can configure a switch port by "mistake" on another switch to be in that VLAN.
You might also want to think about making that VLAN "Private" as well.
HTH>
10-20-2008 08:41 AM
Thanks for the suggestions.
10-21-2008 03:03 AM
np - glad to help.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: