vtp pruning vs. removing manually

Answered Question
Aug 10th, 2009

Is there any real difference in pruning vlans vs. allowing which vlans over the trunk manually?

Thanks!

John

I have this problem too.
0 votes
Correct Answer by Istvan_Rabai about 7 years 3 months ago

Hi John,

It is not only the root switch that knows what ports to prune.

VTP enabled switches exchange prune messages.

When a switch on a leaf of a spanning tree has no users on a particular vlan, it sends prune request messages over its trunk ports for those vlans.

Upstream switches prune the requested vlans on the ports where the prune requests were received.

On the other hand, when users reappear on a particular vlan, that vlan is added back to the vlan-list of the respective ports after exchanging the respective VTP messages.

Cheers:

Istvan

Correct Answer by Jon Marshall about 7 years 3 months ago

John

AS Istvan notes, the main difference is VTP pruning does not limit the STP diameter across the switches whereas manually the vlan off a trunk limits it's diameter.

The other aspect is a security issue. By manually allowing on the vlans you want over a trunk port you have far more control over which vlans can be used on which switches. With VTP pruning all it needs is for one port in a vlan to become active and that vlan is then available on the switch.

Jon

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (4 ratings)
Loading.
yagnesh_tel Mon, 08/10/2009 - 04:17

Vlan pruning using vtp pruning is a global config setting. So all unnecessary vlan will be pruned from ALL the trunks on the switch automatically whereas allowing VLAN command is interface setting so it gives you control which VLAN should be allowed/not allowed on the particular interface. Offcourse latter requires more manual efforts to keep configuration uptodate and can be used where you want to allow certain vlans on certain trunk links.

Purpose of both the configuration is to restrict unnecessary VLAN traffic flooding.

Istvan_Rabai Mon, 08/10/2009 - 04:19

Hi John,

Yes, there is a difference.

If you enable VTP pruning, it will block broadcast and multicast traffic to unused vlans, but the STP instances for those vlans will still be running over the trunks.

If you prune the vlans from the trunks manually using the "switchport trunk allowed vlan" command, it will prune the STP instances for those vlans as well.

If you have a lot of vlans, pruning manually can save a lot of processor cycles, but it is a good solution if you are sure users will never use those vlans on the downstream switches.

Cheers:

Istvan

John Blakley Mon, 08/10/2009 - 04:25

Istvan,

Does vtp pruning configuration information come from the root switch? If so, how does the root switch know what vlans to prune from a switch that's 4 switches away from it?

And, I assume that you can only prune vlans from switches that are configured as servers or clients, correct? Transparent mode wouldn't be affected by pruning?

Thanks!

John

Correct Answer
Istvan_Rabai Mon, 08/10/2009 - 04:35

Hi John,

It is not only the root switch that knows what ports to prune.

VTP enabled switches exchange prune messages.

When a switch on a leaf of a spanning tree has no users on a particular vlan, it sends prune request messages over its trunk ports for those vlans.

Upstream switches prune the requested vlans on the ports where the prune requests were received.

On the other hand, when users reappear on a particular vlan, that vlan is added back to the vlan-list of the respective ports after exchanging the respective VTP messages.

Cheers:

Istvan

Jon Marshall Mon, 08/10/2009 - 04:35

John

You set VTP pruning globally by enabling it on a VTP server. The server then informs other server and clients that pruning is enabled.

Each switch then notifies it's neigboring switches which vlans it has active ports for and only traffic for those vlans will be forwarded to this switch over the trunk links.

Edit - apologies Istvan, i keep cross posting.

Jon

Istvan_Rabai Mon, 08/10/2009 - 04:41

No problem Jon,

It's always better to enlighten a topic from several points of view.

Thanks:

Istvan

Correct Answer
Jon Marshall Mon, 08/10/2009 - 04:25

John

AS Istvan notes, the main difference is VTP pruning does not limit the STP diameter across the switches whereas manually the vlan off a trunk limits it's diameter.

The other aspect is a security issue. By manually allowing on the vlans you want over a trunk port you have far more control over which vlans can be used on which switches. With VTP pruning all it needs is for one port in a vlan to become active and that vlan is then available on the switch.

Jon

Actions

This Discussion