11-22-2011 09:45 AM - edited 03-07-2019 03:32 AM
Hi all,
We have just recently cut over from an older core switch/router platform (running CatOS 8.x) to a newer platform running IOS 15. So all the SVI's for our VLANs moved over from the old platform to the new, and a trunk link (4x1GB etherchannel) was configured between the two. All the other access layer switches that had trunk links to the old core were also migrated to the new core (also still trunked of course.) Most of the company's servers, the IP PBX and phones, and some other departmental access switches are still homed into the old core (they will soon be migrated to the new core as we have time.)
The old core and most of the access layer switches are running VTP v2 in a given domain. The new core is also in the same VTP domain, but is in transparent mode (we plan to do away with VTP as a part of this migration, but it hasn't happened yet for all switches.)
So, we have been having a problem since the cut with the old core switch doing VTP pruning of various VLANs off the trunk link between the old core and new core. This isolates the devices on that VLAN on the old core, because that VLAN's devices can not reach their network gateway which is now on the new core. I am familiar with the concept of VTP Pruning, but I thought that if there were other switches "down the line" from the switch that does not have ports in a given VLAN, that the switch that would otherwise do the pruning would NOT prune the VLANs from the trunk. So what I'm trying to say is like this:
[ switch 1 ] ===trunk=== [switch 2 ] ===trunk=== [ switch 3 ]
(has ports (does NOT (has ports
in V100) have ports in V100)
in V100)
So, if in this case "switch 1" is the old core, and "switch 2" is the new core, why would switch 1 prune V100 off the trunk link between itself and switch 2 if there is another switch (or switches) past switch 2 that have that same VLAN?
Note that I am not having VLAN pruning problems on any of the other trunks into the new core.
Thanks for any wisdom you can provide...
Will
Solved! Go to Solution.
11-22-2011 12:27 PM
Hello Will,
Indeed it seems a bit weird…
As far as Switch 2 is in transparent mode it should not send « VTP Join » messages to Switch 1 (Join messages are exchanged for the pruning eligibility on the Sw1-Sw2 trunk ).
=================
Does the ‘show vtp status’ of Switch 2 display a ‘VTP Pruning Mode’ to Enabled ?
It should not be the case as per its VTP transparent mode, but I have read that on some situations (for exemple when changing from Server with pruning allowed to transparent VTP mode) that pruning could still be active (just like bug CSCtf07138 is documenting => After VTP Pruning is disabled or VTP is moved to transparent mode, VLANs remained pruned on trunks)...
[Sometimes ‘VTP Pruning Mode’ is set to yes but not functionning => it is just cosmetic]
If it was the case I would have tried to (Of course if the business constraints allow it as i twill impact)=>
. I would also have monitor the live exchanges of the « Join messages » on Switch 1 & 2 => IOS\ show vtp counter CatOS\ show vtp statistics. Are "join transmitted" messages counter incrementing on switch 1 but not "Join Received" ?
. I would also have tested a shut-no shut of the trunk.
=========================
In fact I am also wondering if all of this behaviour is just the expected one as per the following statment point =>
In your situation (and to avoid any testing tasks which could disrupt your network) I would have follow the following statment from the 8.x CatOS => http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/catos/8.x/configuration/guide/vtp.html#wp1028612
« Network devices in VTP transparent mode do not send VTP join messages. On Catalyst 6500 series switches with trunk connections to network devices in VTP transparent mode, configure the VLANs that are used by the transparent-mode network devices or that need to be carried across trunks as pruning ineligible (use the clear vtp pruneeligible command). »
So in your scenarion I would use the command clear vtp pruneeligible 100, in order to exclude the vlan 100 for any pruning eligibility on the trunk and define the vlans you DO NOT want to be pruned on the trunk …
Hope that helps. Thanks.
Regards.
Karim
11-22-2011 09:53 AM
Well from my understanding of VTP Pruning (sorry if it's not totally correct it's been a while since I messed with VTP, where I work I killed VTP as soon as I got there, we run nothing by transparent right now) if switch 2 does not have any ports in
vlan 100, then switch 1 (If VTP Pruning is enabled) will prune off vlan from the trunk going to Switch1 to Switch2. If you had
a port that included vlan 100 on Switch2, I bet it would not be pruned anymore. I'm not sure if you can manually added
a vlan across a trunk if you have vtp pruning enabled or not.
11-22-2011 12:27 PM
Hello Will,
Indeed it seems a bit weird…
As far as Switch 2 is in transparent mode it should not send « VTP Join » messages to Switch 1 (Join messages are exchanged for the pruning eligibility on the Sw1-Sw2 trunk ).
=================
Does the ‘show vtp status’ of Switch 2 display a ‘VTP Pruning Mode’ to Enabled ?
It should not be the case as per its VTP transparent mode, but I have read that on some situations (for exemple when changing from Server with pruning allowed to transparent VTP mode) that pruning could still be active (just like bug CSCtf07138 is documenting => After VTP Pruning is disabled or VTP is moved to transparent mode, VLANs remained pruned on trunks)...
[Sometimes ‘VTP Pruning Mode’ is set to yes but not functionning => it is just cosmetic]
If it was the case I would have tried to (Of course if the business constraints allow it as i twill impact)=>
. I would also have monitor the live exchanges of the « Join messages » on Switch 1 & 2 => IOS\ show vtp counter CatOS\ show vtp statistics. Are "join transmitted" messages counter incrementing on switch 1 but not "Join Received" ?
. I would also have tested a shut-no shut of the trunk.
=========================
In fact I am also wondering if all of this behaviour is just the expected one as per the following statment point =>
In your situation (and to avoid any testing tasks which could disrupt your network) I would have follow the following statment from the 8.x CatOS => http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/catos/8.x/configuration/guide/vtp.html#wp1028612
« Network devices in VTP transparent mode do not send VTP join messages. On Catalyst 6500 series switches with trunk connections to network devices in VTP transparent mode, configure the VLANs that are used by the transparent-mode network devices or that need to be carried across trunks as pruning ineligible (use the clear vtp pruneeligible command). »
So in your scenarion I would use the command clear vtp pruneeligible 100, in order to exclude the vlan 100 for any pruning eligibility on the trunk and define the vlans you DO NOT want to be pruned on the trunk …
Hope that helps. Thanks.
Regards.
Karim
11-22-2011 12:36 PM
Hello Will,
Since the switch 2 is in transparent mode it would just pass the updates that is coming from the server to the client. I assume that the switch 3 is a client. hence the updates that comes from switch 1 to switch 3 would pass on but the reverse would get dropped by the transparent switch in between.
Because of the lack of traffic from the neighbor the server would automatically prune the vlans. When you have VTP pruning you shouldnt have a client hanging with a transparent switch which then connects back to server.Its always better if client directly have communication with server.
The command show int XX pruning would give you the details whether the pruning is requested by neighbor or of the neighbor.
By default all the VLANs on the trunk are eligible for pruning. You can remove VLANs from the list of eligible VLANs using these commands. After a VLAN has been removed from the eligible list, it cannot be pruned by VTP. To add the VLANs back, use the command
switchport trunk pruning vlan add vlanlist ( you can add or remove)
Let me know if you have any questions.
Thanks,
Ricky Micky
*Pls rate useful posts
12-03-2011 06:35 PM
Thanks Karim, I believe you have the correct answer with your response to use the command 'clear vtp pruneeligible
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide