10-21-2009 09:04 AM - edited 03-06-2019 08:14 AM
This is probably a stupid question, but I am going to ask anyway.
If I enable pruning on a switch, compared to just adding the allowed VLANS on the trunk, is there a difference?
What would be the best way for the traffic to get to only the switch desired? Allowed vlans or enable pruning?
Solved! Go to Solution.
10-21-2009 09:09 AM
There is a difference.
With VTP pruning the vlan traffic is not sent across the trunk link if it is not needed but STP for that vlan still extends across the trunk link.
If you use the vlan allowed list if the vlan is not allowed on the trunk then STP does not extend across the trunk for that vlan.
Personally i prefer the allowed command but it does depend on how large your infrastructure is and how dynamic ie. how often are vlans needed and then not needed on switches.
Jon
10-21-2009 09:09 AM
hello Dustin,
there is difference and it is the following:
be aware that VTP pruning can manage unnecessary flooding of multicast, broadcast, unknown unicast traffic but it does not limit the number of STP instances running on your switches.
switchport trunk allowed vlan list
has the added benefit to provide STP scalability by removing unneeded STP instances.
This has to be take in account if you use PVST+ or Rapid PVST.
20 vlans are not a problem but 130 vlans can be a problem for some low end switches.
also the limits on number of vlans can be different for VTP and for STP:
there are devices accepting up to 128 vlans in their VTP DB but only 64 STP instances.
The result that has been seen also in the forums are vlans with STP disabled without any human intervention!
(taken from my own post in a recent thread of today)
>> What would be the best way for the traffic to get to only the switch desired? Allowed vlans or enable pruning?
on the long term I prefer allowed vlans for the reasons explained above.
Hope to help
Giuseppe
10-21-2009 09:09 AM
There is a difference.
With VTP pruning the vlan traffic is not sent across the trunk link if it is not needed but STP for that vlan still extends across the trunk link.
If you use the vlan allowed list if the vlan is not allowed on the trunk then STP does not extend across the trunk for that vlan.
Personally i prefer the allowed command but it does depend on how large your infrastructure is and how dynamic ie. how often are vlans needed and then not needed on switches.
Jon
10-21-2009 09:09 AM
hello Dustin,
there is difference and it is the following:
be aware that VTP pruning can manage unnecessary flooding of multicast, broadcast, unknown unicast traffic but it does not limit the number of STP instances running on your switches.
switchport trunk allowed vlan list
has the added benefit to provide STP scalability by removing unneeded STP instances.
This has to be take in account if you use PVST+ or Rapid PVST.
20 vlans are not a problem but 130 vlans can be a problem for some low end switches.
also the limits on number of vlans can be different for VTP and for STP:
there are devices accepting up to 128 vlans in their VTP DB but only 64 STP instances.
The result that has been seen also in the forums are vlans with STP disabled without any human intervention!
(taken from my own post in a recent thread of today)
>> What would be the best way for the traffic to get to only the switch desired? Allowed vlans or enable pruning?
on the long term I prefer allowed vlans for the reasons explained above.
Hope to help
Giuseppe
10-21-2009 09:13 AM
thank you for your insight. I was leaning toward Allowed Vlan, but i guess i just needed a push. :)..
THank you!
10-21-2009 09:16 AM
Cisco,
I always use allowed VLANs and do not bother with VTP pruning, because there is going to be an instance of STP for all those unwanted VLANs, therefore why bother doing it at all
HTH
Reza
10-21-2009 09:18 AM
It seems like no one is using Pruning. I wonder why its even an option at all. Maybe its just out there to let us have these discussions. :)
10-21-2009 09:22 AM
Dustin
Pruning does have it's uses. For example switches where users are allocated their vlan by authentication. Each users vlan would need to be accessible on the switch. If the vlan was not active on the switch ie. no user was logged in on that vlan then there is no need to send that vlans traffic to the switch.
But if a user then logs in you would need to then allow that vlans traffic to the switch. So that's the sort of thing i meant by a dynamic environment.
But yes in a controlled environment without the sort of requirements as above i would look to use the allowed command.
Jon
10-21-2009 09:24 AM
Thanks Jon. I appreciate your view on this! We only have about 20 vlans, so i will use the allowed command.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: