04-13-2010 10:36 AM - edited 03-06-2019 10:36 AM
Hello,
I really hope that someone that works for Cisco can help shed some light on this. I can't understand why VTP pruning would be a promoted technology when establishing a single VTP server several VTP clients infrastructure seems to be the safest most secure way of running VTP on ones network.
The link:
States:
You can only enable VTP pruning on a switch in VTP server mode.
But in the cisco academy network cirriculum for CCNP BCMSN it states:
2.5 Correcting Common VLAN Configuration Errors
2.5.6 Best Practice for VTP Configuration
The following is a list of general best practices with regard to configuring VTP in the enterprise composite network model:
Have only one or two switches specifically configured as VTP servers and the remainder as clients.
So the best practice is to not use VTP pruning?
To further complicate things it seems as if VTP client switches with higher revision numbers can actually overwrite the VLAN dat file on VTP servers
This link:
States:
If the configuration revision number of the switch that you inserted is higher than the configuration revision number of the VTP domain, it propagates its VLAN database through the VTP domain. This occurs whether the switch is a VTP client or a VTP server. A VTP client can erase VLAN information on a VTP server.
Given these facts wouldn't it be best to put all switches in transparent mode?
Joshua
Solved! Go to Solution.
04-13-2010 10:46 AM
Joshua
I don't work for Cisco but the short answer is yes, transparent mode is the safest mode to use. In fact there are a few people in these forums who think VTP is one of the worst things Cisco have done at L2.
VTP server/client and VTP pruning are almost "plug and play" type features that require very little effort. You enable them on the VTP server and that's it. Note best practice is to have 2 VTP servers not one. But i would use VTP transparent and manually allow vlans on the trunk links with the "switchport trunk vlan allowed ..." command. This gives you far greater control of your L2 topology and using the switchport trunk vlan allowed command limits STP to only those vlans allowed on the trunks.
So is there ever a use for VTP server/pruning. If you have a large network and not enought time or staff to do everything VTP server/client/pruning can be a real time saver.
Jon
04-13-2010 10:46 AM
Joshua
I don't work for Cisco but the short answer is yes, transparent mode is the safest mode to use. In fact there are a few people in these forums who think VTP is one of the worst things Cisco have done at L2.
VTP server/client and VTP pruning are almost "plug and play" type features that require very little effort. You enable them on the VTP server and that's it. Note best practice is to have 2 VTP servers not one. But i would use VTP transparent and manually allow vlans on the trunk links with the "switchport trunk vlan allowed ..." command. This gives you far greater control of your L2 topology and using the switchport trunk vlan allowed command limits STP to only those vlans allowed on the trunks.
So is there ever a use for VTP server/pruning. If you have a large network and not enought time or staff to do everything VTP server/client/pruning can be a real time saver.
Jon
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: