Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1977
Views
18
Helpful
3
Replies

understanding VTP pruning

Kevin Melton
Level 2
Level 2

‎10-30-2008 07:28 AM - edited ‎03-07-2019 12:30 AM

I am in the process of setting up a trunk port for a client. I want to allow only 4 production vlan to traverse the trunk. The rest of the vlans I want to prune off.

I am shipping this trunk port to an IPS unit to inspect the traffic for mal content. The IPS interface is supposed to act as a trunk port as well and then ship traffic from one vlan pair back to another Vlan Pair. I am configuring two vlan pairs on the interface of the IPS unit.

Yesterday i used the command " swi trunk pruning vlan 4,6,7,8,10,14,15,20"

Should this command keep these vlan's from propogating down the trunk link?

Thank You

Labels:
0 Helpful
3 Replies 3

mbroberson1
Level 3
Level 3

‎10-30-2008 11:31 AM

I would suggest under VTP configuration that you enable "vtp prunning". The default is off. You can then manually disallow the vlans on various trunk links for added security and propagation.

HTH,

Brandon

0 Helpful

Edison Ortiz
Hall of Fame
Hall of Fame

‎11-01-2008 12:41 PM

Kevin,

As Brandon indicated, switchport trunk pruning vlan command works in conjunction with having VTP Pruning enabled in the VTP domain. VTP Pruning must be enabled in the VTP server and this change will be propagated throughout all switches in the same domain.

If you want to go with manual pruning on a inter-switch link, then I recommend using the command switchport trunk allowed vlan instead.

HTH,

__

Edison.

Please rate helpful posts

tcordier
Level 1
Level 1

‎11-02-2008 02:21 AM

I may misunderstand your question here, but if you want to allow only traffic from certain VLANs to pass over a trunk you should use

switchport trunk allowed vlan 4,6,7 etc

(you can also define all VLANs except 4,6,7. Check the possible syntax options with the ?)

VTP pruning is meant to prohibit propagation of multicast, broadcast, and unknown unicast traffic over trunks to switches which may discard the traffic (see e.g. http://www.cisco.com/en/US/docs/switches/lan/catalyst3560/software/release/12.2_46_se/configuration/guide/swvtp.html#wp1035139). VTP pruning is not the feature you need to configure which VLAN's traffic is allowed to pass over a trunk. The command you mention will not deny traffic for e.g. VLAN 6 to traverse the trunk if VLAN 6 is defined on both switches at each end of the trunk.

HTH, Thomas

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card