Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 

VTP PRUNING

Hi,

I have 4 core switches which are interconnected to each other. The first switch has 2 VLAN interfaces which are used only in that switch.

I have pruned these VLAN information from going to the other 3 switches, but it doesnt seem to work.

I have applied "VTP PRUNING" command globally and also applied "switchport trunk allowed vlan remove 100,200" on the gigabit trunks..

These are 4507 L3 switches used by me..

Is there anything else to be done ?

1 ACCEPTED SOLUTION

Accepted Solutions
New Member

Re: VTP PRUNING

Although VTP is making VLAN 100 & 200 known to the edge switches, your 'switchport trunk allowed vlan remove 100,200' will stop these VLANs being trunked to the switch. I would advise doing this on both ends of the trunk ie. both the core and the edge switch. So you have stopped the VLAN traffic.

If you need to go a step further and stop the edge switches to knowing about vlans 100 & 200 ie. not show up in a 'sh vlan', you have a couple of options:

- as Larry suggested, put the edge switches in a different VTP domain

- make the edge switches VTP transparent and manually add/remove vlans

I don't know your requirements but what you have done is OK.

6 REPLIES
New Member

Re: VTP PRUNING

What are you using to determine vlans 100 & 200 being trunked to the other switches?

For example, have you configured all your switches to use VTP? If so, all the vlans in the server(s) will be propagated to all the client switches in the domain. That does not mean the vlans are trunked to the switch, just the switch has that vlan configured.

VTP pruning does something like stopping traffic (ie. broadcasts etc) being sent over trunks if the switch at the end of the trunk does not have any interfaces in that VLAN. It does not stop the vlan being trunked.

Re: VTP PRUNING

Yes.. I have VTP running between all switches. My Core switch is the VTP server and all the 3 other switches are VTP clients.

If I give a "sh vlan" on the downstream switches, I can see the VLAN's 100 and 200 which are not a part of this switch.I have enabled VTP pruning on all switches, so my broadcasts will automatically stop ?

Cant I selectively remove these VLANs to be trunked onto the downstream switches ?

Thanks for your inputs

Gold

Re: VTP PRUNING

Yes, you can selectively remove VLANs either by VTP pruning or by manually clearing them off the VLAN trunks.

On the CatOS switches, you can verify that the traffic for the pruned/removed VLANs is not being sent over the VLAN trunk ports by running the "show trunk" command. This will confirm the VLANs that are not allowed manually (by showing the ones that are allowed), and VLANs that are pruned automatically (by showing you the ones NOT pruned).

VTP with all switches in same domain will propagate information about the VLAN existing in the domain, to all members of the domain. (VTP information goes out over VLAN 1, the default VLAN, which is why you aren't allowed to remove or prune that VLAN from a VLAN trunk link.)

If you need to completely eliminate the propagation of information about those VLANs' existence to the other switches, you can control this by putting the switches in different VTP management domains. A switch in one domain will advertise the VLANs in that domain; switches in another domain will ignore those advertisements. (The downside to this is, if you want to create a VLAN that is used in more than one domain, you have to create it in each domain. Likewise when you go to remove it.)

Also, if you use multiple VTP domains, the switches on the "edge" or border of each domain will show domain mismatches. This is expected behavior; it shows you where the boundaries are.

Hope this helps.

Re: VTP PRUNING

I cant put the different switches on different domains. They are all in the same VTP domain.

my case goes as below:

Core switch (VTP server)

VLAN 100 - couple of servers

VLAN 200 - dedicated to another customer.

Edge switch (VTP Client)

NO components on VLAN 100 & 200 , only VLAN1 exists.

I do not want to see the information of VLAN 100 & VLAN 200 in this switch as there is no need of it..

I have enabled "VTP Pruning" and also tried doing "Switchport trunk allowed VLAN remove 100,200" on the trunk link, but of no use.

I can still see VLAN 100 & 200 on the edge switch, with the "sh vlan" command.

Is there any thing left out ?

New Member

Re: VTP PRUNING

Although VTP is making VLAN 100 & 200 known to the edge switches, your 'switchport trunk allowed vlan remove 100,200' will stop these VLANs being trunked to the switch. I would advise doing this on both ends of the trunk ie. both the core and the edge switch. So you have stopped the VLAN traffic.

If you need to go a step further and stop the edge switches to knowing about vlans 100 & 200 ie. not show up in a 'sh vlan', you have a couple of options:

- as Larry suggested, put the edge switches in a different VTP domain

- make the edge switches VTP transparent and manually add/remove vlans

I don't know your requirements but what you have done is OK.

Re: VTP PRUNING

sounds cool. Thanks for the information.

293
Views
0
Helpful
6
Replies
CreatePlease to create content