Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2364
Views
5
Helpful
4
Replies

VTP Pruning question

Go to solution
Willard Dennis
Level 1
Level 1

‎11-22-2011 09:45 AM - edited ‎03-07-2019 03:32 AM

Hi all,

We have just recently cut over from an older core switch/router platform (running CatOS 8.x) to a newer platform running IOS 15. So all the SVI's for our VLANs moved over from the old platform to the new, and a trunk link (4x1GB etherchannel) was configured between the two. All the other access layer switches that had trunk links to the old core were also migrated to the new core (also still trunked of course.) Most of the company's servers, the IP PBX and phones, and some other departmental access switches are still homed into the old core (they will soon be migrated to the new core as we have time.)

The old core and most of the access layer switches are running VTP v2 in a given domain. The new core is also in the same VTP domain, but is in transparent mode (we plan to do away with VTP as a part of this migration, but it hasn't happened yet for all switches.)

So, we have been having a problem since the cut with the old core switch doing VTP pruning of various VLANs off the trunk link between the old core and new core. This isolates the devices on that VLAN on the old core, because that VLAN's devices can not reach their network gateway which is now on the new core. I am familiar with the concept of VTP Pruning, but I thought that if there were other switches "down the line" from the switch that does not have ports in a given VLAN, that the switch that would otherwise do the pruning would NOT prune the VLANs from the trunk. So what I'm trying to say is like this:

[ switch 1 ] ===trunk=== [switch 2 ] ===trunk=== [ switch 3 ]

(has ports               (does NOT                (has ports                    

in V100)                 have ports               in V100)

                          in V100)

So, if in this case "switch 1" is the old core, and "switch 2" is the new core, why would switch 1 prune V100 off the trunk link between itself and switch 2 if there is another switch (or switches) past switch 2 that have that same VLAN?

Note that I am not having VLAN pruning problems on any of the other trunks into the new core.

Thanks for any wisdom you can provide...

Will

1 person had this problem
Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
krahmani323
Level 3
Level 3

‎11-22-2011 12:27 PM

Hello Will,

Indeed it seems a bit weird…

As far as Switch 2 is in transparent mode it should not send « VTP Join » messages to Switch 1 (Join messages are exchanged for the pruning eligibility on the Sw1-Sw2 trunk ).

=================

Does the ‘show vtp status’ of Switch 2 display a ‘VTP Pruning Mode’ to Enabled ?

It should not be the case as per its VTP transparent mode, but I have read that on some situations (for exemple when changing from Server with pruning allowed to transparent VTP mode) that pruning could still be active (just like bug CSCtf07138 is documenting => After VTP Pruning is disabled or VTP is moved to transparent mode, VLANs remained pruned on trunks)...

[Sometimes ‘VTP Pruning Mode’ is set to yes but not functionning => it is just cosmetic]

If it was the case I would have tried to (Of course if the business constraints allow it as i twill impact)=>

  • •-          Change the VTP domain name to another TEST.
  • •-          Change the VTP mode to server.
  • •-          Enter the command to disable VTP pruning.
  • •-          Come back to VTP mode transparent
  • •-          Come back to your VTP domain name.

. I would also have monitor the live exchanges of the « Join  messages » on  Switch 1 & 2 => IOS\ show vtp counter  CatOS\ show vtp statistics. Are "join transmitted" messages counter incrementing on switch 1 but not "Join Received" ?

. I would also have tested a shut-no shut of the trunk.

=========================

In fact I am also wondering if all of this behaviour is just the expected one as per the following statment point =>

In your situation (and to avoid any testing tasks which could disrupt your network) I would have follow the following statment from the 8.x CatOS => http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/catos/8.x/configuration/guide/vtp.html#wp1028612

« Network devices in VTP transparent mode do not send VTP join messages. On Catalyst 6500 series switches with trunk connections to network devices in VTP transparent mode, configure the VLANs that are used by the transparent-mode network devices or that need to be carried across trunks as pruning ineligible (use the clear vtp pruneeligible command). »

So in your scenarion  I would use the command clear vtp pruneeligible 100, in order to exclude the vlan 100 for any pruning eligibility on the trunk and define the vlans you DO NOT want to be pruned on the trunk  …

Hope that helps. Thanks.

Regards.

Karim

View solution in original post

4 Replies 4

Go to solution
JohnTylerPearce
Level 7
Level 7

‎11-22-2011 09:53 AM

Well from my understanding of VTP Pruning (sorry if it's not totally correct it's been a while since I messed with VTP, where I work I killed VTP as soon as I got there, we run nothing by transparent right now) if switch 2 does not have any ports in

vlan 100, then switch 1 (If VTP Pruning is enabled) will prune off vlan from the trunk going to Switch1 to Switch2. If you had

a port that included vlan 100 on Switch2, I bet it would not be pruned anymore. I'm not sure if you can manually added

a vlan across a trunk if you have vtp pruning enabled or not.

0 Helpful

Go to solution
krahmani323
Level 3
Level 3

‎11-22-2011 12:27 PM

Hello Will,

Indeed it seems a bit weird…

As far as Switch 2 is in transparent mode it should not send « VTP Join » messages to Switch 1 (Join messages are exchanged for the pruning eligibility on the Sw1-Sw2 trunk ).

=================

Does the ‘show vtp status’ of Switch 2 display a ‘VTP Pruning Mode’ to Enabled ?

It should not be the case as per its VTP transparent mode, but I have read that on some situations (for exemple when changing from Server with pruning allowed to transparent VTP mode) that pruning could still be active (just like bug CSCtf07138 is documenting => After VTP Pruning is disabled or VTP is moved to transparent mode, VLANs remained pruned on trunks)...

[Sometimes ‘VTP Pruning Mode’ is set to yes but not functionning => it is just cosmetic]

If it was the case I would have tried to (Of course if the business constraints allow it as i twill impact)=>

  • •-          Change the VTP domain name to another TEST.
  • •-          Change the VTP mode to server.
  • •-          Enter the command to disable VTP pruning.
  • •-          Come back to VTP mode transparent
  • •-          Come back to your VTP domain name.

. I would also have monitor the live exchanges of the « Join  messages » on  Switch 1 & 2 => IOS\ show vtp counter  CatOS\ show vtp statistics. Are "join transmitted" messages counter incrementing on switch 1 but not "Join Received" ?

. I would also have tested a shut-no shut of the trunk.

=========================

In fact I am also wondering if all of this behaviour is just the expected one as per the following statment point =>

In your situation (and to avoid any testing tasks which could disrupt your network) I would have follow the following statment from the 8.x CatOS => http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/catos/8.x/configuration/guide/vtp.html#wp1028612

« Network devices in VTP transparent mode do not send VTP join messages. On Catalyst 6500 series switches with trunk connections to network devices in VTP transparent mode, configure the VLANs that are used by the transparent-mode network devices or that need to be carried across trunks as pruning ineligible (use the clear vtp pruneeligible command). »

So in your scenarion  I would use the command clear vtp pruneeligible 100, in order to exclude the vlan 100 for any pruning eligibility on the trunk and define the vlans you DO NOT want to be pruned on the trunk  …

Hope that helps. Thanks.

Regards.

Karim

Go to solution
Richard Michael
Cisco Employee
Cisco Employee

‎11-22-2011 12:36 PM

Hello Will,

Since the switch 2 is in transparent mode it would just pass the updates that is coming from the server to the client. I assume that the switch 3 is a client. hence the updates that comes from switch 1 to switch 3 would pass on but the reverse would get dropped by the transparent switch in between.

Because of the lack of traffic from the neighbor the server would automatically prune the vlans. When you have VTP pruning you shouldnt have a client hanging with a transparent switch which then connects back to server.Its always better if client directly have communication with server.

The command show int XX pruning would give you the details whether the pruning is requested by neighbor or of the neighbor.

By default all the VLANs on the trunk are eligible for pruning. You can remove VLANs from the list of eligible VLANs using these commands. After a VLAN has been removed from the eligible list, it cannot be pruned by VTP. To add the VLANs back, use the command


switchport trunk pruning vlan add vlanlist  ( you can add or remove)

Let me know if you have any questions.

Thanks,

Ricky Micky

*Pls rate useful posts

0 Helpful

Go to solution
Willard Dennis
Level 1
Level 1

‎12-03-2011 06:35 PM

Thanks Karim, I believe you have the correct answer with your response to use the command 'clear vtp pruneeligible in this case. I think the new core was not sending VTP join mssgs to the old core, and the old core was therefore pruning the vlans off the trunks (not sure how it decided when to do the pruning, but it was happening.) Using the 'clear vtp pruneeligibile' command on the missing vlans put them back on the trunk, and all is well now. Thanks for everyone's quick responses! (and sorry I'm just now getting back to update this thread!)

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card