cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2254
Views
5
Helpful
1
Replies

why use VTP pruning if it requires all switches to be in server mode

Joshua Davis
Level 1
Level 1

Hello,

I really hope that someone that works for Cisco can help shed some light on this.  I can't understand why VTP pruning would be a promoted technology when establishing a single VTP server several VTP clients infrastructure seems to be the safest most secure way of running VTP on ones network.

The link:

https://www.cisco.com/en/US/docs/switches/lan/catalyst2940/software/release/12.1_19_ea1/configuration/guide/swvtp.html#wp1072526

States:

You can only enable VTP pruning on a switch in VTP server mode.

But in the cisco academy network cirriculum for CCNP BCMSN it states:

2.5     Correcting Common VLAN Configuration Errors      
2.5.6  Best Practice for VTP Configuration

The following is a list of general best practices with regard to configuring VTP in the enterprise composite network model:
Have only one or two switches specifically configured as VTP servers and the remainder as clients.

So the best practice is to not use VTP pruning?

To further complicate things it seems as if VTP client switches with higher revision numbers can actually overwrite the VLAN dat file on VTP servers

This link:

http://www.ciscosistemas.org/en/US/tech/tk389/tk689/technologies_configuration_example09186a00807d5d42.shtml#new_switch

States:

If the configuration revision number of the switch that you inserted is       higher than the configuration revision number of the VTP domain, it propagates       its VLAN database through the VTP domain.  This occurs whether the switch is a VTP client or a VTP server. A VTP       client can erase VLAN information on a VTP server.

Given these facts wouldn't it be best to put all switches in transparent mode?

Joshua

1 Accepted Solution

Accepted Solutions

Jon Marshall
Hall of Fame
Hall of Fame

Joshua

I don't work for Cisco but the short answer is yes, transparent mode is the safest mode to use. In fact there are a few people in these forums who think VTP is one of the worst things Cisco have done at L2.

VTP server/client and VTP pruning are almost "plug and play" type features that require very little effort. You enable them on the VTP server and that's it. Note best practice is to have 2 VTP servers not one. But i would use VTP transparent and manually allow vlans on the trunk links with the "switchport trunk vlan allowed ..." command. This gives you far greater control of your L2 topology and using the switchport trunk vlan allowed command limits STP to only those vlans allowed on the trunks.

So is there ever a use for VTP server/pruning. If you have a large network and not enought time or staff to do everything VTP server/client/pruning can be a real time saver.

Jon

View solution in original post

1 Reply 1

Jon Marshall
Hall of Fame
Hall of Fame

Joshua

I don't work for Cisco but the short answer is yes, transparent mode is the safest mode to use. In fact there are a few people in these forums who think VTP is one of the worst things Cisco have done at L2.

VTP server/client and VTP pruning are almost "plug and play" type features that require very little effort. You enable them on the VTP server and that's it. Note best practice is to have 2 VTP servers not one. But i would use VTP transparent and manually allow vlans on the trunk links with the "switchport trunk vlan allowed ..." command. This gives you far greater control of your L2 topology and using the switchport trunk vlan allowed command limits STP to only those vlans allowed on the trunks.

So is there ever a use for VTP server/pruning. If you have a large network and not enought time or staff to do everything VTP server/client/pruning can be a real time saver.

Jon

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: