03-19-2014 12:58 PM - edited 03-07-2019 06:47 PM
I have inherited the management of two Nexus 5548's. I am required to prune the management vlan from any vlan trunk links belonging to the managed network's infrastructure. I know these do not support VTP Pruning. Any suggestions would be appreciated.
03-19-2014 01:05 PM
Jeff
What vlan is the management vlan in your environment ?
Do you mean you simply want to stop that vlan going across the trunk link ?
Jon
03-19-2014 01:16 PM
My management vlan is 8. In gov STIGs it requires this pruning. The audit was run against on IOS STIG since there are currently no NX-OS STIGs that I am aware of. This is what it says:
By default all the VLANs that exist on a switch are active on a trunk link. Since the switch is being managed via OOBM connection, management traffic should not traverse any trunk links.
03-19-2014 01:19 PM
Jeff
Okay, i just think of pruning as an automatic thing ie. if a switch on the other end of the link doesn't have any ports in that vlan then it is pruned off the trunk link.
But you just want to remove a vlan off the trunk links by the sounds of it so you can use the "switchport trunk allowed .." command on the trunk interface.
See this configuration guide for details -
Jon
03-19-2014 01:31 PM
I do see that the VLAN is being allowed on those ports. I can remove the Managment VLAN and see how that effects the configuration. Hopefully this will get approved as a way of "Pruning". I appreciate you inputs.
03-19-2014 01:45 PM
Jeff
It should be approved because it is more secure than simply pruning ie. if you only pruned and then a port was allocated into the vlan on another switch the vlan would be allowed across the trunk link.
If you don't allow the vlan on the trunk link it doesn't matter if a port is accidentally allocated into that vlan, traffic still won't go across the trunk link.
Jon
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide