why use VTP pruning if it requires all switches to be in server mode

Answered Question
Apr 13th, 2010

Hello,

I really hope that someone that works for Cisco can help shed some light on this.  I can't understand why VTP pruning would be a promoted technology when establishing a single VTP server several VTP clients infrastructure seems to be the safest most secure way of running VTP on ones network.

The link:

https://www.cisco.com/en/US/docs/switches/lan/catalyst2940/software/release/12.1_19_ea1/configuration/guide/swvtp.html#wp1072526

States:

You can only enable VTP pruning on a switch in VTP server mode.

But in the cisco academy network cirriculum for CCNP BCMSN it states:

2.5     Correcting Common VLAN Configuration Errors      
2.5.6  Best Practice for VTP Configuration

The following is a list of general best practices with regard to configuring VTP in the enterprise composite network model:
Have only one or two switches specifically configured as VTP servers and the remainder as clients.

So the best practice is to not use VTP pruning?

To further complicate things it seems as if VTP client switches with higher revision numbers can actually overwrite the VLAN dat file on VTP servers

This link:

http://www.ciscosistemas.org/en/US/tech/tk389/tk689/technologies_configuration_example09186a00807d5d42.shtml#new_switch

States:

If the configuration revision number of the switch that you inserted is       higher than the configuration revision number of the VTP domain, it propagates       its VLAN database through the VTP domain.  This occurs whether the switch is a VTP client or a VTP server. A VTP       client can erase VLAN information on a VTP server.

Given these facts wouldn't it be best to put all switches in transparent mode?

Joshua

I have this problem too.
0 votes
Correct Answer by Jon Marshall about 6 years 8 months ago

Joshua

I don't work for Cisco but the short answer is yes, transparent mode is the safest mode to use. In fact there are a few people in these forums who think VTP is one of the worst things Cisco have done at L2.

VTP server/client and VTP pruning are almost "plug and play" type features that require very little effort. You enable them on the VTP server and that's it. Note best practice is to have 2 VTP servers not one. But i would use VTP transparent and manually allow vlans on the trunk links with the "switchport trunk vlan allowed ..." command. This gives you far greater control of your L2 topology and using the switchport trunk vlan allowed command limits STP to only those vlans allowed on the trunks.

So is there ever a use for VTP server/pruning. If you have a large network and not enought time or staff to do everything VTP server/client/pruning can be a real time saver.

Jon

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
Jon Marshall Tue, 04/13/2010 - 10:46

Joshua

I don't work for Cisco but the short answer is yes, transparent mode is the safest mode to use. In fact there are a few people in these forums who think VTP is one of the worst things Cisco have done at L2.

VTP server/client and VTP pruning are almost "plug and play" type features that require very little effort. You enable them on the VTP server and that's it. Note best practice is to have 2 VTP servers not one. But i would use VTP transparent and manually allow vlans on the trunk links with the "switchport trunk vlan allowed ..." command. This gives you far greater control of your L2 topology and using the switchport trunk vlan allowed command limits STP to only those vlans allowed on the trunks.

So is there ever a use for VTP server/pruning. If you have a large network and not enought time or staff to do everything VTP server/client/pruning can be a real time saver.

Jon

Actions

This Discussion