cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1917
Views
10
Helpful
7
Replies

vtp pruning vs. removing manually

John Blakley
VIP Alumni
VIP Alumni

Is there any real difference in pruning vlans vs. allowing which vlans over the trunk manually?

Thanks!

John

HTH, John *** Please rate all useful posts ***
2 Accepted Solutions

Accepted Solutions

Jon Marshall
Hall of Fame
Hall of Fame

John

AS Istvan notes, the main difference is VTP pruning does not limit the STP diameter across the switches whereas manually the vlan off a trunk limits it's diameter.

The other aspect is a security issue. By manually allowing on the vlans you want over a trunk port you have far more control over which vlans can be used on which switches. With VTP pruning all it needs is for one port in a vlan to become active and that vlan is then available on the switch.

Jon

View solution in original post

Hi John,

It is not only the root switch that knows what ports to prune.

VTP enabled switches exchange prune messages.

When a switch on a leaf of a spanning tree has no users on a particular vlan, it sends prune request messages over its trunk ports for those vlans.

Upstream switches prune the requested vlans on the ports where the prune requests were received.

On the other hand, when users reappear on a particular vlan, that vlan is added back to the vlan-list of the respective ports after exchanging the respective VTP messages.

Cheers:

Istvan

View solution in original post

7 Replies 7

yagnesh_tel
Level 1
Level 1

Vlan pruning using vtp pruning is a global config setting. So all unnecessary vlan will be pruned from ALL the trunks on the switch automatically whereas allowing VLAN command is interface setting so it gives you control which VLAN should be allowed/not allowed on the particular interface. Offcourse latter requires more manual efforts to keep configuration uptodate and can be used where you want to allow certain vlans on certain trunk links.

Purpose of both the configuration is to restrict unnecessary VLAN traffic flooding.

Istvan_Rabai
Level 7
Level 7

Hi John,

Yes, there is a difference.

If you enable VTP pruning, it will block broadcast and multicast traffic to unused vlans, but the STP instances for those vlans will still be running over the trunks.

If you prune the vlans from the trunks manually using the "switchport trunk allowed vlan" command, it will prune the STP instances for those vlans as well.

If you have a lot of vlans, pruning manually can save a lot of processor cycles, but it is a good solution if you are sure users will never use those vlans on the downstream switches.

Cheers:

Istvan

Istvan,

Does vtp pruning configuration information come from the root switch? If so, how does the root switch know what vlans to prune from a switch that's 4 switches away from it?

And, I assume that you can only prune vlans from switches that are configured as servers or clients, correct? Transparent mode wouldn't be affected by pruning?

Thanks!

John

HTH, John *** Please rate all useful posts ***

Hi John,

It is not only the root switch that knows what ports to prune.

VTP enabled switches exchange prune messages.

When a switch on a leaf of a spanning tree has no users on a particular vlan, it sends prune request messages over its trunk ports for those vlans.

Upstream switches prune the requested vlans on the ports where the prune requests were received.

On the other hand, when users reappear on a particular vlan, that vlan is added back to the vlan-list of the respective ports after exchanging the respective VTP messages.

Cheers:

Istvan

John

You set VTP pruning globally by enabling it on a VTP server. The server then informs other server and clients that pruning is enabled.

Each switch then notifies it's neigboring switches which vlans it has active ports for and only traffic for those vlans will be forwarded to this switch over the trunk links.

Edit - apologies Istvan, i keep cross posting.

Jon

No problem Jon,

It's always better to enlighten a topic from several points of view.

Thanks:

Istvan

Jon Marshall
Hall of Fame
Hall of Fame

John

AS Istvan notes, the main difference is VTP pruning does not limit the STP diameter across the switches whereas manually the vlan off a trunk limits it's diameter.

The other aspect is a security issue. By manually allowing on the vlans you want over a trunk port you have far more control over which vlans can be used on which switches. With VTP pruning all it needs is for one port in a vlan to become active and that vlan is then available on the switch.

Jon

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: