No traffic between different VTP domains

Answered Question
Aug 29th, 2009
User Badges:

Hey everyone,

We are currently rebuilding our network and for the time being we want two seperate networks on different VTP domains so that the VLAN's don't mix. Anyways, DTP is turned off (nonegotiate) on all the trunks that are between the VTP domains. The trunks are showing as up and connected. For some reason traffic is not being passed between domains. Using VTP version 1.


Any ideas?

Correct Answer by Peter Paluch about 7 years 10 months ago

Hello James,


Just recently there has been a similar discussion here:


http://forum.cisco.com/eforum/servlet/NetProf?page=netprof&forum=Network%20Infrastructure&topic=LAN%2C%20Switching%20and%20Routing&topicID=.ee71a04&fromOutline=&CommCmd=MB%3Fcmd%3Ddisplay_location%26location%3D.2cd46bbf


It is possible that you have the VTP Pruning running but because of VTP domain mismatch on both ends of the trunk interconnecting the two VTP domains, the trunk is effectively pruned of all VLANs. Try turning off the VTP Pruning, or even better, leave it running but on the interdomain trunks, declare all VLANs as not being pruning-eligible by configuring:


switchport trunk pruning vlan none


This command must be used on both ends of a trunk link. Let us know if it helped.


Best regards,

Peter


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
Peter Paluch Sat, 08/29/2009 - 09:54
User Badges:
  • Cisco Employee,

Hello James,


Just recently there has been a similar discussion here:


http://forum.cisco.com/eforum/servlet/NetProf?page=netprof&forum=Network%20Infrastructure&topic=LAN%2C%20Switching%20and%20Routing&topicID=.ee71a04&fromOutline=&CommCmd=MB%3Fcmd%3Ddisplay_location%26location%3D.2cd46bbf


It is possible that you have the VTP Pruning running but because of VTP domain mismatch on both ends of the trunk interconnecting the two VTP domains, the trunk is effectively pruned of all VLANs. Try turning off the VTP Pruning, or even better, leave it running but on the interdomain trunks, declare all VLANs as not being pruning-eligible by configuring:


switchport trunk pruning vlan none


This command must be used on both ends of a trunk link. Let us know if it helped.


Best regards,

Peter


james-mccarthy Sat, 08/29/2009 - 10:50
User Badges:

Ok so it started working magically. I don't understand what happened but the problem is solved.

Giuseppe Larosa Sat, 08/29/2009 - 10:59
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

Hello James,

if VTP pruning is enabled multicast/broadcast/unknown unicast traffic is forwarded for vlan x if the switch connected to the other side of trunk port has adviced "dear mate I have users in vlan x".


Now if the link is the boundary between two different VTP domains the other device cannot communicate this need to the other side because for the different VTP domain name, MD5 secret its messages are simply ignored.

Declaring all vlans not prunable fix this problem on per port link basis (this is important or the impact would be wide).


Hope to help

Giuseppe


Peter Paluch Sat, 08/29/2009 - 11:04
User Badges:
  • Cisco Employee,

Hello,


No magic here :) Let me explain it.


The VTP Pruning is a mechanism added to the VTP protocol to dynamically allow or deny transporting individual VLANs on a trunk. Imagine that two switches are connected with a trunk, on both switches (call them S1 and S2) the VLANs 10 and 20 are created, however, on S2, there is currently no access port in the VLAN 20. It doesn't make sense to send VLAN 20 frames to S2 because they would be dropped. The VTP Pruning allows the S2 to tell S1 that the VLAN 20 is currently unused on it and that it is not necessary to send frames in VLAN 20 to it. The S1 switch will therefore prune the VLAN 20 from the trunk - it is as if you wrote "switchport trunk allowed vlan except 20" on the S1's trunk interface. Of course, when the VLAN 20 becomes used on S2, it will again tell the S1 to unblock its trunk for the VLAN 20.


The VTP Pruning is internally provided by switches exchanging periodic VTP Join messages that contain a list of all VLANs and their used/unused status (as a bit field). If no VTP Join messages are received then no information about the usage of VLANs can be provided. In this case, the switch assumes that all VLANs are unused and therefore, all VLANs will pruned on a trunk.


When you separated your network into two VTP domains, you gave each VTP domain a unique name (perhaps even a different password). A switch in one VTP domain drops VTP packets coming from other VTP domain. This is the cause of what happened: the VTP Join messages were sent by both switches but they were dropped upon receiving. As a result, no usable information about VLAN usage on the trunk was available to either switch, so the VTP Pruning pruned all VLANs from that trunk.


By entering the command I suggested in my previous post, you have told the switch to not to prune any VLAN from the trunk using the VTP Pruning, no matter what. We have simply opened the trunk for all VLANs despite the VTP Pruning would tell otherwise.


I am glad you got it running.


Best regards,

Peter


Peter Paluch Sat, 08/29/2009 - 11:10
User Badges:
  • Cisco Employee,

Hello,


One more thing. This solution is not entirely mine. I am very thankful to Jorgemario Brenesjaikel from the discussion I have mentioned earlier - it was him who pointed out an issue with VTP Pruning that I was not originally aware of.


Jorgemario, thanks very much indeed!


Best regards,

Peter


Actions

This Discussion