VTP Pruning and the CAM

Answered Question
Sep 3rd, 2009

Hello,

I'm just wondering if you have vtp pruning configured and you have pruned vlans, should you see MAC addresses belonging to those pruned vlans on a switch?

Basically if vlan 100 pruned from sw1, should you still see mac addresses of devices associated with vlan 100?

Thank you in advance.

I have this problem too.
0 votes
Correct Answer by Giuseppe Larosa about 7 years 3 months ago

Hello Tom,

>> Thank you for your response, but just one more question, if a vlan is pruned wouldn't that exclude STP BPDUs from being learn on that vlan?

no, STP still runs for pruned vlans.

automatic vlan pruning doesn't limit the STP diameter in a network

to do this you need to use

switchport trunk allowed vlan x,y,z

if you do so only STP instances for permitted vlans run on the link.

This is important because other collegues have reported scalability issues caused by this misunderstanding.

low end switches have limit in STP instances number that can arise.

>> CDP yes only on native vlan

Hope to help

Giuseppe

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
Giuseppe Larosa Thu, 09/03/2009 - 06:39

Hello Tomasz,

if switch1 has pruned vlan 100 this means it has no real hosts on it.

because CAM table is built by looking at source MAC address of frames if no frames are received sw1 cam table should have 0 entries in vlan100 in the long time.

It may get few temporary entries for frames with un unknown unicast destination.

Hope to help

Giuseppe

tomek0001 Thu, 09/03/2009 - 06:53

Guiseppe,

Thank you for your response, but wouldn't those unknown unicast be blocked by the pruning?

I'm attaching little more details about my setup.

I have this topology

sw3

/

sw1------------ sw4

\

sw2

Sw2 is the vtp server, everyone else is a client. I have pruning enabled. It looks like sw4 is pruning vlan 10 and sw1 is prunning everything except vlan 1,10,146. Below are some outputs for the question. So my question is why it is that in the CAM table i still see MAC's of devices on all of the other vlans like 8,22,43,58,67..etc that I think shouldn't be there since sw1 is pruning them?

SW4#sh int trunk

Port Mode Encapsulation Status Native vlan

Fa0/13 auto n-isl trunking 1

Port Vlans allowed on trunk

Fa0/13 1-4094

Port Vlans allowed and active in management domain

Fa0/13 1,5,7-10,22,43,58,67,79,146

Port Vlans in spanning tree forwarding state and not pruned

Fa0/13 1,5,7-9,22,43,58,67,79,146

SW4#sh int pruning

Port Vlans pruned for lack of request by neighbor

Fa0/13 10

Port Vlan traffic requested of neighbor

Fa0/13 1,10,146

Rack1SW4#sh mac-address-table

1 001e.f702.a7a1 DYNAMIC Fa0/6

1 001e.f74d.5995 DYNAMIC Fa0/13

1 001e.f74d.59c0 DYNAMIC Fa0/13

1 001f.2680.77c0 DYNAMIC Fa0/13

1 001f.2680.7840 DYNAMIC Fa0/13

146 001e.f74d.5995 DYNAMIC Fa0/13

146 001e.f766.c621 DYNAMIC Fa0/4

8 001e.f74d.5995 DYNAMIC Fa0/13

22 001e.f74d.5995 DYNAMIC Fa0/13

22 001f.6cde.8928 DYNAMIC Fa0/13

43 001e.f74d.5995 DYNAMIC Fa0/13

43 001f.6cde.87d8 DYNAMIC Fa0/13

58 001e.f74d.5995 DYNAMIC Fa0/13

67 001e.f74d.5995 DYNAMIC Fa0/13

5 001e.f74d.5995 DYNAMIC Fa0/13

7 001e.f74d.5995 DYNAMIC Fa0/13

9 001e.f74d.5995 DYNAMIC Fa0/13

10 001e.f74d.5995 DYNAMIC Fa0/13

79 001e.f74d.5995 DYNAMIC Fa0/13

SW1#sh int fa0/19 trunk

Port Mode Encapsulation Status Native vlan

Fa0/19 desirable n-isl trunking 1

Port Vlans allowed on trunk

Fa0/19 1-4094

Port Vlans allowed and active in management domain

Fa0/19 1,5,7-10,22,43,58,67,79,146

Port Vlans in spanning tree forwarding state and not pruned

Fa0/19 1,10,146

Rack1SW1#sh int fa0/19 pruning

Port Vlans pruned for lack of request by neighbor

Fa0/19 5,7-9,22,43,58,67,79

Port Vlan traffic requested of neighbor

Fa0/19 1,5,7-9,22,43,58,67,79,146

tomek0001 Thu, 09/03/2009 - 06:57

So basically sw1 is pruning vlans 5,7-9,22,43,58,67,79 to sw4 but in sw4 these are addresses from these vlans.

8 001e.f74d.5995 DYNAMIC Fa0/13

22 001e.f74d.5995 DYNAMIC Fa0/13

22 001f.6cde.8928 DYNAMIC Fa0/13

43 001e.f74d.5995 DYNAMIC Fa0/13

43 001f.6cde.87d8 DYNAMIC Fa0/13

58 001e.f74d.5995 DYNAMIC Fa0/13

67 001e.f74d.5995 DYNAMIC Fa0/13

5 001e.f74d.5995 DYNAMIC Fa0/13

7 001e.f74d.5995 DYNAMIC Fa0/13

9 001e.f74d.5995 DYNAMIC Fa0/13

79 001e.f74d.5995 DYNAMIC Fa0/13

Giuseppe Larosa Thu, 09/03/2009 - 07:17

Hello Tomasz,

00-1E-F7 (hex) Cisco Systems

001EF7 (base 16) Cisco Systems

80 West Tasman Dr.

SJC-M/1

San Jose CA 95134

UNITED STATES

STP BPUs and CDP messages are sent so you can see some MAC addresses but they should be of neighboring devices

Hope to help

Giuseppe

tomek0001 Thu, 09/03/2009 - 07:37

Guiseppe,

Thank you for your response, but just one more question, if a vlan is pruned wouldn't that exclude STP BPDUs from being learn on that vlan? Wouldn't cdp only be learn on vlan 1?

Thank you for you help.

Tom

Correct Answer
Giuseppe Larosa Thu, 09/03/2009 - 07:42

Hello Tom,

>> Thank you for your response, but just one more question, if a vlan is pruned wouldn't that exclude STP BPDUs from being learn on that vlan?

no, STP still runs for pruned vlans.

automatic vlan pruning doesn't limit the STP diameter in a network

to do this you need to use

switchport trunk allowed vlan x,y,z

if you do so only STP instances for permitted vlans run on the link.

This is important because other collegues have reported scalability issues caused by this misunderstanding.

low end switches have limit in STP instances number that can arise.

>> CDP yes only on native vlan

Hope to help

Giuseppe

tomek0001 Thu, 09/03/2009 - 07:48

Guiseppe,

Thank you very much that makes things very clear. Thank you again!

Bela Mareczky Thu, 09/03/2009 - 12:30

Hi!

Please be careful using VTP pruning:

Refer the following bug link:

http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCsv21612

Thy symptom:

The switch is a Cisco 2960G/48 port. If one of its configured dot1q trunk port status changes state to down or up, the switch CPU usage is near 100% ! (while causing outage of any other user traffic and services)

Switch#sh proc cpu hi

111111111111111111111111111 11111111111111111111111111

0000000000000000000000000009999900000000000000000000000000

0000000000000000000000000009999900000000000000000000000000

100 **********************************************************

90 **********************************************************

80 **********************************************************

70 **********************************************************

60 **********************************************************

50 **********************************************************

40 **********************************************************

30 **********************************************************

20 **********************************************************

10 **********************************************************

0....5....1....1....2....2....3....3....4....4....5....5....

0 5 0 5 0 5 0 5 0 5

CPU% per second (last 60 seconds)

11111

0000011111111111111111111111111111111111111113111111111111

0000077899787887897878787777977788778998898796898789887889

100 ####*

90 ####*

80 ####*

70 ####*

60 ####*

50 ####*

40 ##### *

30 ##### *

20 #########*###############*################################

10 ##########################################################

0....5....1....1....2....2....3....3....4....4....5....5....

0 5 0 5 0 5 0 5 0 5

CPU% per minute (last 60 minutes)

* = maximum CPU% # = average CPU%

Switch#sh proc cpu

...

CPU utilization for five seconds: 100%/0%; one minute: 99%; five minutes: 85%

PID Runtime(ms) Invoked uSecs 5Sec 1Min 5Min TTY Process

162 8059105 18498182 435 81.95% 83.15% 70.02% 0 PM Callback

Hope this helps!

Regards, Belabacsi

Actions

This Discussion