VLAN Pruning with VTP Pruning

Answered Question
Jul 3rd, 2014
User Badges:

I am having a hard time understanding VTP Pruning and how broadcasts/traffic affects Trunk Ports on switches, which have VLANs in their database. I am hoping someone can explain it in a different way then what documentation is explaining.

According to the following documentation
http://www.ciscopress.com/articles/article.asp?p=29803

“By default all the VLANs that exist on a switch are active on a trunk link”.

Does this mean if I see the VLAN in the database “sh vlan”, the Trunk Port could receive traffic, even if no port is assigned to the vlan?


My Goal:
I am trying to weed out or remove unused vlans from my VTP Client switches. VTP is pulling the full database down; however, I am only using three (3) vlans on some edge (access layer) switches. I am worried, since all VLANs are in the database, if a broadcast storm happens on a different vlan that is not assigned to my particular switch - it will affect the Trunk ports of all switches.

In addition, it would make troubleshooting so much easier since the vlan database is trimmed – when running “sh vlan”.

Also, I am doing some manual pruning at my VTP server by the “vlan allowed” command on the trunk port; however, the full database is still visable on the edge (access layer) switches.

Thank you.
JJ

Correct Answer by Joseph W. Doherty about 3 years 1 month ago

Disclaimer

The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.

Liability Disclaimer

In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.

Posting

"Does this mean if I see the VLAN in the database “sh vlan”, the Trunk Port could receive traffic, even if no port is assigned to the vlan?"

Yes, and its for any traffic flooded to the VLAN, which, besides broadcast, could include unicast (for unknown destination MAC) and multicast.

VTP auto pruning is effectively doing what you do with manual pruning, i.e. block sending traffic down trunks when there are no VLANs ports downstream of that trunk.  The advantage of auto pruning, it's "automatic" with addition/removal of VLAN ports on the downstream switch.

I recall there's some "gotcha" with auto pruning vs. manual tuning, but I cannot remember what it is.

BTW, the VLAN traffic that is blocked doesn't impact the VTP database, which as you've noticed, doesn't change.

 

[edit]

I just found two issue differences between auto pruning and manual pruning.

First, auto pruning doesn't reduce STP domains.

Second, auto pruning has issues with transparent mode VTP.  It also may have issues with non-Cisco (non-VTP) switches.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
Joseph W. Doherty Thu, 07/03/2014 - 07:01
User Badges:
  • Super Bronze, 10000 points or more

Disclaimer

The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.

Liability Disclaimer

In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.

Posting

"Does this mean if I see the VLAN in the database “sh vlan”, the Trunk Port could receive traffic, even if no port is assigned to the vlan?"

Yes, and its for any traffic flooded to the VLAN, which, besides broadcast, could include unicast (for unknown destination MAC) and multicast.

VTP auto pruning is effectively doing what you do with manual pruning, i.e. block sending traffic down trunks when there are no VLANs ports downstream of that trunk.  The advantage of auto pruning, it's "automatic" with addition/removal of VLAN ports on the downstream switch.

I recall there's some "gotcha" with auto pruning vs. manual tuning, but I cannot remember what it is.

BTW, the VLAN traffic that is blocked doesn't impact the VTP database, which as you've noticed, doesn't change.

 

[edit]

I just found two issue differences between auto pruning and manual pruning.

First, auto pruning doesn't reduce STP domains.

Second, auto pruning has issues with transparent mode VTP.  It also may have issues with non-Cisco (non-VTP) switches.

Actions

This Discussion