vtp vlan prunning

JacobMunson · ‎08-04-2014

When enabling VTP vlan punning on the VTP server and using the trunk allow command on trunk ports should all vlans still sync to the vtp clients? Is there any way to prevent this? My VTP server has a large list of vlans and I would like only the vlans that are allowed across the trunk to sync to the vtp client at the other end.

Peter Paluch · ‎08-04-2014

Hi Jacob,

Unfortunately, there is no way of limiting which VLANs are synchronized across a trunk with VTP. VTP makes all switches have the same knowledge about all VLANs, regardless whether they are used or not. The VTP Pruning only causes the traffic in particular VLANs to be dynamically allowed or disallowed on trunks, based on which VLAN is used at the neighboring switch, but it does not in any way influence the list of VLANs that will be created thanks to VTP.

This is a simple rule: With VTP, all your switches know all your VLANs, period. Neither dynamic pruning via VTP Pruning, nor manual pruning using switchport trunk allowed vlan will have any impact.

The only way for switches to have non-identical VLAN databases is to run them in VTP Transparent or Off modes, or have multiple VTP domains (just for the completeness' sake - I doubt this would be a sensible solution).

Best regards,
Peter

Joseph W. Doherty · ‎08-04-2014

Disclaimer

The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.

Liability Disclaimer

In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.

Posting

The whole point of VTP, perhaps its primary raison d'être, is to maintain a common VLAN database for your L2 topology. Other than you having a "large list" of VLANs, do you believe this is actually adverse to your LAN performance or perhaps you just don't like to wade through a long list of unused VLANs on any one switch?

Although Peter doesn't see the sense, his mention of using multiple VTP domains will probably be the best way to "partition" what VLANs are known by different parts of your LAN; assuming you want to continue to use VTP at all. (As Peter also notes, using transparent or off modes will allow each switch to have VLANs defined only to it.)

BTW, VTP pruning doesn't function exactly like manual pruning, and if you do define multiple VTP domains, I believe VTP pruning will be per VTP domain.

Peter Paluch · ‎08-04-2014

Hi Joseph,

Thank you for joining!

Although Peter doesn't see the sense, his mention of using multiple VTP domains will probably be the best way to "partition" what VLANs are known by different parts of your LAN

Well, I do not see the sense mostly because of the fact that a switch can be in only one VTP domain, and if we wanted to use the multiple domain scenario flexibly, we'd need each distribution layer switch to be in multiple VTP domains at the same time which is not possible. Here, I am assuming that different groups of access layer switches would be placed into different VTP domains but the distribution layer switches must aggregate all VLANs regardless.

Best regards,
Peter

Joseph W. Doherty · ‎08-04-2014

Disclaimer

The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.

Liability Disclaimer

In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.

Posting

Peter, yep, it would be nice if a switch supported multiple VTP domains, but you could still partition without out it.

"Here, I am assuming that different groups of access layer switches would be placed into different VTP domains but the distribution layer switches must aggregate all VLANs regardless."

Well in that case, you could have the distribution in transparent or off mode and maintain the downstream VLANs manually (on that distribution switch). (I.e. you might have a VTP domain for each branch of the distribution.)

But you might also assume distribution <> core is routed, perhaps each distribution switch (or distribution cluster) would be one VTP domain.

Or, you could also have switches connected to each other, sharing VLANs, but in different VTP domains. The latter, of course, wouldn't share their VLAN databases.

Doing any of this, really only makes sense if your topology supports some clean partitioning of VLANs.