cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
4056
Views
9
Helpful
14
Replies

Manual pruning

tedreese
Level 1
Level 1

I want to find out if you can do manual pruning on trunk links on downsteam switches that are clients in my VTP domain, without enabling pruning on the VTP server? I have low end switches that have met the max STP instances and need to prune these port-channels to reduce the stp instances seen on these blade switches. Thanks, Ted

1 Accepted Solution

Accepted Solutions

Hello Ted,

my understanding is that an STP instance is created and is executed until there is at least a physical interface (access port or trunk , this is the key point here) that is associated to the corresponding vlan (switchport access vlan x for an access port, or it is permitted in the trunk vlan list).

By editing the list of vlans permitted on trunk uplinks you are removing the only ports that are member of non-used Vlans.

As a result of this the switch should (after some time) stop and delete the unnecessary STP instances.

VTP plays no role in the creation of STP instances that are triggered by what I've described above.

VTP is just a protocol to advertise the existence of Vlans in the campus nothing more.

VTP pruning provides benefits on the forwarding of broadcast, multicast, unknown unicast over trunk links (if they allow all existing vlans) but not STP instances reduction.

I've given you an example before:

31 Vlans in VTP and only 17 STP instances running. This is where you have to go.

Hope to help

Giuseppe

View solution in original post

14 Replies 14

Giuseppe Larosa
Hall of Fame
Hall of Fame

Hello Ted,

be aware that VTP pruning doesn't reduce the number of STP instances running on the switch.

you need to configure manually the list of vlans allowed on the trunk ports on both sides of each link

with IOS

int gix/y

switchport

switchport enc dot1q | isl

switchport mode trunk

switchport trunk allowed vlan x,y,z

note:

if you need to add another vlan in a later time you need to use

switchport trunk allowed vlan add w

or you need to create the new complete line

switchport trunk allowed vlan x,y,z,w

Hope to help

Giuseppe

This is the blade switch:

interface GigabitEthernet0/21

description

switchport trunk encapsulation dot1q

switchport mode trunk

channel-group 11 mode desirable

!

interface Port-channel11

switchport trunk encapsulation dot1q

switchport mode trunk

!

Currently all VLANS in our domain are transiting these trunks.

From the reasearch I have done on Cisco, it was explaining that I need to use the:

switchport trunk pruning (then specify VLANs) command. Can i just do this on the port-channels and not the actuall Gig ports in the GigabitEthernet channel? I have a lot of switches that I need to find a proficient way of lowering the stp instances. I thought you have to enable the pruning on the VTP server so the VLANs I want to prune on the low end switches will be eligible?. Please let me know what I'm misunderstanding. Thank, Ted

Hello Ted,

VTP and STP PVST+ are two different protocols that actually don't interact

if your problem is that you have reached max STP instances on switches the best way is to define link by link the list of vlans permitted

on etherchannel link all changes have to be done on the port-channel link only (or problems can arise including bridging loops if you touch member links)

You may consider if can be an easier change to pass to the MST 802.1w so that you can decuple number of vlans and number of STP instances but this requires suitable IOS images on all devices so it is a major change anyway.

We actually use this policy of allowing specific vlans in our server farms.

see for example

http://www.cisco.com/en/US/docs/switches/lan/catalyst3750/software/release/12.2_25_sed/configuration/guide/swvlan.html#wp1221846

and

Pruning increases available bandwidth by restricting flooded traffic to those trunk links that the traffic must use to access the destination devices. You can only enable VTP pruning on a switch in VTP server mode.

http://www.cisco.com/en/US/docs/switches/lan/catalyst3750/software/release/12.2_25_sed/configuration/guide/swvtp.html#wpxref99689

simply with VTP pruning multicast, broadcast and unknown unicast is not propagated out a trunk if the switch on the other side has no access-ports or trunks ports for the specific vlan.

This doesn't stop STP instance for the vlan that is pruned.

Hope to help

Giuseppe

Ok so what your saying is my configs are correct for what I'm trying to accomplish? Adding the pruning to both sides of the port-channel only? So I do not have to enable pruning on the VTP domain because these two protocols are independent. What would be your best way to determine what vlan needs to be pruned? Check vlan counters and interface configs? Oh by the way I'm unable to change our core environment to MST... Thanks, Ted

Hello Ted,

no vtp pruning needs to be enabled on vtp server.

What I'm trying to say is that you want to reduce the STP instances this is not enough.

However, VTP pruning in your environment can provide other benefits

Hope to help

Giuseppe

Ok - I have blade switches that I can not add one more vlan to because I have maxed out all available stp instances (core melt down if I try). I understand the benefits of enabling pruning on the VTP domain, but this will need to be done after I fix the max instances seen on my low end switches. My plan is to limit the vlans on all low end switch trunks via port-channeling first to fix the issue i have. I am researching how to figure out which VLAN's i don't want to allow. Thanks for your assistance.

Giuseppe, help me understand something. All VLANs now are being sent through the trunk. If I add switchport trunk allowed then just add the vlans I want this will stop everything else? Also since the low end switches already know about those vlans what will I need to do to delete them? Thanks again, Ted

Hello Ted,

the list of allowed vlans has to be configured on both ends of each etherchannel.

once that no port (including trunk ports this the key point) on the access switch is part of vlan X (an unused vlan on that switch) the STP instance for Vlan X is stopped and should be removed.

So after some time the

show spanning-tree summary should show a lower number of STP instances giving you space for specific adds.

I understand this is a lot of work but unfortunately is something that has to be done.

I give you an example taken from one of our campus to show you the target scenario:

sh vtp status

VTP Version : running VTP1 (VTP2 capable)

Configuration Revision : 90

Maximum VLANs supported locally : 1005

Number of existing VLANs : 31

there are 31 vlans in the vtp domain without ad hoc list of vlans permitted on uplinks I would have 31 STP instances

instead thanks to selective trunking I have:

sh spanning-tree sum | inc vlans

17 vlans 16 0 0 106 122

only 17 vlans of 31 have an associated STP instance

the list is configured manually on both sides of each uplink to distribution switches.

Hope to help

Giuseppe

Ok can you validate these configs below. I'm not sure which one of these I am going to need to uses.

!

Conifg t

interface Port-channel11

switchport trunk pruning(VLANs)

or

switchport trunk allowed vlan x,y,z

!

S1E1-lnsomnptc

interface Port-channel11

switchport trunk pruning(VLANs)

or

switchport trunk allowed vlan x,y,z

Also after I set this allowed VLAN or pruning VLANs I will need to clear the unused ones manually since they are ready know about these.

Do you have a config to do this?

Thanks, Ted

Hello Ted,

you need to use

interface Port-channel11

switchport trunk allowed vlan x,y,z

on both ends

be aware that VTP max vlans is usually higher then max STP instances.

I think you just need to do this on all links (this is the heavy part)

and list of vlans is link specific

By the way, you cannot delete vlans on VTP client swiches unless you revert them to transparent mode.

I saw switches reverting automatically to transparent mode to protect themselves from execessive vlans in the VTP advertisements

Hope to help

Giuseppe

So for an example once I issue switchport trunk allowed vlan x,y, z on both ends of the low end switch that currently has max stp instances and this will automatically make the vlan's that I added to the switchport trunk allowed vlan command to transit and non others correct? I thought I needed manually clear the vlans since the switch already had learned about them. Currently everything in the VTP domain of course comes through on these trunks Thanks,

I will have to prune because I have 128 VLANS and growing. I am at the max 128 max stp instances on my low end switches. If i just allow certain vlan through I will effectively still have 128 instances because of the VTP is still propagating these vlans on down correct?

Hello Ted,

my understanding is that an STP instance is created and is executed until there is at least a physical interface (access port or trunk , this is the key point here) that is associated to the corresponding vlan (switchport access vlan x for an access port, or it is permitted in the trunk vlan list).

By editing the list of vlans permitted on trunk uplinks you are removing the only ports that are member of non-used Vlans.

As a result of this the switch should (after some time) stop and delete the unnecessary STP instances.

VTP plays no role in the creation of STP instances that are triggered by what I've described above.

VTP is just a protocol to advertise the existence of Vlans in the campus nothing more.

VTP pruning provides benefits on the forwarding of broadcast, multicast, unknown unicast over trunk links (if they allow all existing vlans) but not STP instances reduction.

I've given you an example before:

31 Vlans in VTP and only 17 STP instances running. This is where you have to go.

Hope to help

Giuseppe

Thanks for helping me get a better understanding of this. Have a good one.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco