VTP Pruning and the CAM

Answered Question
Sep 3rd, 2009
User Badges:

Hello,

I'm just wondering if you have vtp pruning configured and you have pruned vlans, should you see MAC addresses belonging to those pruned vlans on a switch?


Basically if vlan 100 pruned from sw1, should you still see mac addresses of devices associated with vlan 100?


Thank you in advance.



Correct Answer by Giuseppe Larosa about 7 years 7 months ago

Hello Tom,


>> Thank you for your response, but just one more question, if a vlan is pruned wouldn't that exclude STP BPDUs from being learn on that vlan?


no, STP still runs for pruned vlans.


automatic vlan pruning doesn't limit the STP diameter in a network


to do this you need to use


switchport trunk allowed vlan x,y,z


if you do so only STP instances for permitted vlans run on the link.


This is important because other collegues have reported scalability issues caused by this misunderstanding.


low end switches have limit in STP instances number that can arise.


>> CDP yes only on native vlan


Hope to help

Giuseppe


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
Giuseppe Larosa Thu, 09/03/2009 - 06:39
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

Hello Tomasz,


if switch1 has pruned vlan 100 this means it has no real hosts on it.


because CAM table is built by looking at source MAC address of frames if no frames are received sw1 cam table should have 0 entries in vlan100 in the long time.


It may get few temporary entries for frames with un unknown unicast destination.


Hope to help

Giuseppe

tomek0001 Thu, 09/03/2009 - 06:53
User Badges:

Guiseppe,

Thank you for your response, but wouldn't those unknown unicast be blocked by the pruning?


I'm attaching little more details about my setup.


I have this topology



sw3


/


sw1------------ sw4


\


sw2



Sw2 is the vtp server, everyone else is a client. I have pruning enabled. It looks like sw4 is pruning vlan 10 and sw1 is prunning everything except vlan 1,10,146. Below are some outputs for the question. So my question is why it is that in the CAM table i still see MAC's of devices on all of the other vlans like 8,22,43,58,67..etc that I think shouldn't be there since sw1 is pruning them?



SW4#sh int trunk


Port Mode Encapsulation Status Native vlan

Fa0/13 auto n-isl trunking 1


Port Vlans allowed on trunk

Fa0/13 1-4094


Port Vlans allowed and active in management domain

Fa0/13 1,5,7-10,22,43,58,67,79,146


Port Vlans in spanning tree forwarding state and not pruned

Fa0/13 1,5,7-9,22,43,58,67,79,146


SW4#sh int pruning


Port Vlans pruned for lack of request by neighbor

Fa0/13 10


Port Vlan traffic requested of neighbor

Fa0/13 1,10,146



Rack1SW4#sh mac-address-table


1 001e.f702.a7a1 DYNAMIC Fa0/6

1 001e.f74d.5995 DYNAMIC Fa0/13

1 001e.f74d.59c0 DYNAMIC Fa0/13

1 001f.2680.77c0 DYNAMIC Fa0/13

1 001f.2680.7840 DYNAMIC Fa0/13

146 001e.f74d.5995 DYNAMIC Fa0/13

146 001e.f766.c621 DYNAMIC Fa0/4

8 001e.f74d.5995 DYNAMIC Fa0/13

22 001e.f74d.5995 DYNAMIC Fa0/13

22 001f.6cde.8928 DYNAMIC Fa0/13

43 001e.f74d.5995 DYNAMIC Fa0/13

43 001f.6cde.87d8 DYNAMIC Fa0/13

58 001e.f74d.5995 DYNAMIC Fa0/13

67 001e.f74d.5995 DYNAMIC Fa0/13

5 001e.f74d.5995 DYNAMIC Fa0/13

7 001e.f74d.5995 DYNAMIC Fa0/13

9 001e.f74d.5995 DYNAMIC Fa0/13

10 001e.f74d.5995 DYNAMIC Fa0/13

79 001e.f74d.5995 DYNAMIC Fa0/13


SW1#sh int fa0/19 trunk


Port Mode Encapsulation Status Native vlan

Fa0/19 desirable n-isl trunking 1


Port Vlans allowed on trunk

Fa0/19 1-4094


Port Vlans allowed and active in management domain

Fa0/19 1,5,7-10,22,43,58,67,79,146


Port Vlans in spanning tree forwarding state and not pruned

Fa0/19 1,10,146



Rack1SW1#sh int fa0/19 pruning


Port Vlans pruned for lack of request by neighbor

Fa0/19 5,7-9,22,43,58,67,79


Port Vlan traffic requested of neighbor

Fa0/19 1,5,7-9,22,43,58,67,79,146


tomek0001 Thu, 09/03/2009 - 06:57
User Badges:

So basically sw1 is pruning vlans 5,7-9,22,43,58,67,79 to sw4 but in sw4 these are addresses from these vlans.


8 001e.f74d.5995 DYNAMIC Fa0/13

22 001e.f74d.5995 DYNAMIC Fa0/13

22 001f.6cde.8928 DYNAMIC Fa0/13

43 001e.f74d.5995 DYNAMIC Fa0/13

43 001f.6cde.87d8 DYNAMIC Fa0/13

58 001e.f74d.5995 DYNAMIC Fa0/13

67 001e.f74d.5995 DYNAMIC Fa0/13

5 001e.f74d.5995 DYNAMIC Fa0/13

7 001e.f74d.5995 DYNAMIC Fa0/13

9 001e.f74d.5995 DYNAMIC Fa0/13

79 001e.f74d.5995 DYNAMIC Fa0/13

Giuseppe Larosa Thu, 09/03/2009 - 07:17
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

Hello Tomasz,


00-1E-F7 (hex) Cisco Systems

001EF7 (base 16) Cisco Systems

80 West Tasman Dr.

SJC-M/1

San Jose CA 95134

UNITED STATES



STP BPUs and CDP messages are sent so you can see some MAC addresses but they should be of neighboring devices


Hope to help

Giuseppe


tomek0001 Thu, 09/03/2009 - 07:37
User Badges:

Guiseppe,

Thank you for your response, but just one more question, if a vlan is pruned wouldn't that exclude STP BPDUs from being learn on that vlan? Wouldn't cdp only be learn on vlan 1?


Thank you for you help.


Tom


Correct Answer
Giuseppe Larosa Thu, 09/03/2009 - 07:42
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

Hello Tom,


>> Thank you for your response, but just one more question, if a vlan is pruned wouldn't that exclude STP BPDUs from being learn on that vlan?


no, STP still runs for pruned vlans.


automatic vlan pruning doesn't limit the STP diameter in a network


to do this you need to use


switchport trunk allowed vlan x,y,z


if you do so only STP instances for permitted vlans run on the link.


This is important because other collegues have reported scalability issues caused by this misunderstanding.


low end switches have limit in STP instances number that can arise.


>> CDP yes only on native vlan


Hope to help

Giuseppe


tomek0001 Thu, 09/03/2009 - 07:48
User Badges:

Guiseppe,

Thank you very much that makes things very clear. Thank you again!


Bela Mareczky Thu, 09/03/2009 - 12:30
User Badges:

Hi!


Please be careful using VTP pruning:


Refer the following bug link:


http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCsv21612


Thy symptom:

The switch is a Cisco 2960G/48 port. If one of its configured dot1q trunk port status changes state to down or up, the switch CPU usage is near 100% ! (while causing outage of any other user traffic and services)


Switch#sh proc cpu hi

111111111111111111111111111 11111111111111111111111111

0000000000000000000000000009999900000000000000000000000000

0000000000000000000000000009999900000000000000000000000000

100 **********************************************************

90 **********************************************************

80 **********************************************************

70 **********************************************************

60 **********************************************************

50 **********************************************************

40 **********************************************************

30 **********************************************************

20 **********************************************************

10 **********************************************************

0....5....1....1....2....2....3....3....4....4....5....5....

0 5 0 5 0 5 0 5 0 5

CPU% per second (last 60 seconds)

11111

0000011111111111111111111111111111111111111113111111111111

0000077899787887897878787777977788778998898796898789887889

100 ####*

90 ####*

80 ####*

70 ####*

60 ####*

50 ####*

40 ##### *

30 ##### *

20 #########*###############*################################

10 ##########################################################

0....5....1....1....2....2....3....3....4....4....5....5....

0 5 0 5 0 5 0 5 0 5

CPU% per minute (last 60 minutes)

* = maximum CPU% # = average CPU%




Switch#sh proc cpu

...

CPU utilization for five seconds: 100%/0%; one minute: 99%; five minutes: 85%

PID Runtime(ms) Invoked uSecs 5Sec 1Min 5Min TTY Process

162 8059105 18498182 435 81.95% 83.15% 70.02% 0 PM Callback


Hope this helps!


Regards, Belabacsi

Actions

This Discussion