08-10-2009 03:20 AM - edited 03-06-2019 07:10 AM
Is there any real difference in pruning vlans vs. allowing which vlans over the trunk manually?
Thanks!
John
Solved! Go to Solution.
08-10-2009 04:25 AM
John
AS Istvan notes, the main difference is VTP pruning does not limit the STP diameter across the switches whereas manually the vlan off a trunk limits it's diameter.
The other aspect is a security issue. By manually allowing on the vlans you want over a trunk port you have far more control over which vlans can be used on which switches. With VTP pruning all it needs is for one port in a vlan to become active and that vlan is then available on the switch.
Jon
08-10-2009 04:35 AM
Hi John,
It is not only the root switch that knows what ports to prune.
VTP enabled switches exchange prune messages.
When a switch on a leaf of a spanning tree has no users on a particular vlan, it sends prune request messages over its trunk ports for those vlans.
Upstream switches prune the requested vlans on the ports where the prune requests were received.
On the other hand, when users reappear on a particular vlan, that vlan is added back to the vlan-list of the respective ports after exchanging the respective VTP messages.
Cheers:
Istvan
08-10-2009 04:17 AM
Vlan pruning using vtp pruning is a global config setting. So all unnecessary vlan will be pruned from ALL the trunks on the switch automatically whereas allowing VLAN command is interface setting so it gives you control which VLAN should be allowed/not allowed on the particular interface. Offcourse latter requires more manual efforts to keep configuration uptodate and can be used where you want to allow certain vlans on certain trunk links.
Purpose of both the configuration is to restrict unnecessary VLAN traffic flooding.
08-10-2009 04:19 AM
Hi John,
Yes, there is a difference.
If you enable VTP pruning, it will block broadcast and multicast traffic to unused vlans, but the STP instances for those vlans will still be running over the trunks.
If you prune the vlans from the trunks manually using the "switchport trunk allowed vlan" command, it will prune the STP instances for those vlans as well.
If you have a lot of vlans, pruning manually can save a lot of processor cycles, but it is a good solution if you are sure users will never use those vlans on the downstream switches.
Cheers:
Istvan
08-10-2009 04:25 AM
Istvan,
Does vtp pruning configuration information come from the root switch? If so, how does the root switch know what vlans to prune from a switch that's 4 switches away from it?
And, I assume that you can only prune vlans from switches that are configured as servers or clients, correct? Transparent mode wouldn't be affected by pruning?
Thanks!
John
08-10-2009 04:35 AM
Hi John,
It is not only the root switch that knows what ports to prune.
VTP enabled switches exchange prune messages.
When a switch on a leaf of a spanning tree has no users on a particular vlan, it sends prune request messages over its trunk ports for those vlans.
Upstream switches prune the requested vlans on the ports where the prune requests were received.
On the other hand, when users reappear on a particular vlan, that vlan is added back to the vlan-list of the respective ports after exchanging the respective VTP messages.
Cheers:
Istvan
08-10-2009 04:35 AM
John
You set VTP pruning globally by enabling it on a VTP server. The server then informs other server and clients that pruning is enabled.
Each switch then notifies it's neigboring switches which vlans it has active ports for and only traffic for those vlans will be forwarded to this switch over the trunk links.
Edit - apologies Istvan, i keep cross posting.
Jon
08-10-2009 04:41 AM
No problem Jon,
It's always better to enlighten a topic from several points of view.
Thanks:
Istvan
08-10-2009 04:25 AM
John
AS Istvan notes, the main difference is VTP pruning does not limit the STP diameter across the switches whereas manually the vlan off a trunk limits it's diameter.
The other aspect is a security issue. By manually allowing on the vlans you want over a trunk port you have far more control over which vlans can be used on which switches. With VTP pruning all it needs is for one port in a vlan to become active and that vlan is then available on the switch.
Jon
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: