Vlan Pruning

Unanswered Question
Jun 7th, 2010
User Badges:


Our environment consists of over 800 access switches and 300+ vlans. We use the 3 layer model; core, distribution, access, with routing done at the core and distribution layers via OSPF.

At our old facility we had our core doing all the routing with about 100 vlans and 150 access switches. We had a VTP domain configured and VTP pruning was configured. We had situations where a device was added with a higher revision # and all the vlans were overwritten causing machines to lose access to the network till all vlans were re created. So moving to the newer larger facility we had designed our network without VTP to avoid this major flaw in VTP.

So with efficency in mind we would like to prue the downlinks to the access switches. With the amount of traffic that is being generated on our network this is starting to become a concern and with so many access switches this would be a large job to do manually. So my question is this:

Is there a way to prune the vlans on the down links to our access switches automatically. The key word here being automatically.


Does anyone have any suggestions on how we can configure or reconfigure our network to make it more efficient?

thanks in advance.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
arlon Mon, 06/07/2010 - 09:45
User Badges:

I think its not possible to make pruning automaticaly without VTP.

Use diferent VTP domain name and password in each aggregation block to avoid such a failure what you are mentioned.

If you need to change the domain name when you are moving switch to an other area the revision number will be the default.

Jon Marshall Mon, 06/07/2010 - 11:45
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

If you are not running VTP server/client mode then you cannot run VTP pruning. If you can't run VTP pruning then there is no automatic way to "prune" vlans off trunk links.

You suffered from one of the worst flaws in VTP ie. a switch with a higher revision overwriting the existing vlan database.

You have 2 choices really -

1) either introduce far stricter procedures for adding a switch to your network and run VTP server/client mode


2) run VTP transparent mode and use the "switchport trunk allowed vlan .." on the trunk links.

Personally i would go with 2 if at all possible and altho it is a lot of work to setup once it has been done unless you are adding multiple vlans every other day your administrative overhead should be quite small.

If there really is too much admin overhead to do it this way you will have to use VTP server/client and like i say tighten up your procedures.


joealbergo Mon, 06/07/2010 - 12:48
User Badges:

I learned in my Cisco class that anytime you add a switch to a network.




adding to that... the name of VTP Domain must be the same in order for it to change or revise the other switches.

and if you delete the config then you won't have any revision number but "0" in place.


This Discussion