Solved: VTP Pruning question

raphael.ribas · ‎03-04-2013

Hi,

I'm doing a VTP pruning experiment using the following network structure in PT, unfortunately it's not available. And I think 'switchport trunk allowed' command is not an alternative since it will yield different results.

Scenario:

-vtp pruning is enabled in all switch

-pc0 pings pc1

Okay, so based on my readings VTP pruning enables a switch to prune VLAN traffics that it has no members of. Having so will dynamically allow traffic to that VLAN.

In this scenario what will Switch1 do?

-prune vlan20 as it has no directly connected interfaces belonging to vlan20?

-or allow vlan20 since beyond it, Switch2 has a member of vlan20

-will pc0 be able to ping pc1?

Can someone please enlighten me the actual process of pruning? What are considered as members? Are members just directly connected interfaces or as well entries registered in cam table?

Regards,

Jan Hrnko · ‎03-04-2013

Hi Raphael,

I'm doing a VTP pruning experiment using  the following network structure in PT, unfortunately it's not available. And I think 'switchport trunk allowed' command is not an alternative since it will yield different results.

Yes, you are absolutely right. You would need to enable pruning on the switch with command:

Switch(config)# vtp pruning

Moreover, if you enable this command on VTP server, it will advertise that pruning has to be enabled in the whole VTP domain.

In this scenario what will Switch1 do?

-prune vlan20 as it has no directly connected interfaces belonging to vlan20?

-or allow vlan20 since beyond it, Switch2 has a member of vlan20

-will pc0 be able to ping pc1?

When a switch has a port associated with a VLAN, it will send an advertisement to its neighbors (switches) that it has indeed an active port in that VLAN. The neighbors will receive that information. Now, they can decide whether to forward the flooded traffic through the trunk or not.

So that means that Switch 1 will:

prune vlan20 as it has no directly connected interfaces belonging to vlan20?

No, it will not prune the traffic, because Switch0 and Switch2 will let him know that they have ports associated with vlan20

-or allow vlan20 since beyond it, Switch2 has a member of vlan20

-will pc0 be able to ping pc1?

These are correct.

One more thing. VTP pruning has no effect on switches in the VTP transparent mode (you would need to configure it manually there)

Best regards,

Jan

View solution in original post

Julio Carvajal · ‎03-04-2013

Hello Raphael,

Switch 1 will not prune that particular vlan as both S2 and S3 will let them know via VTP updates that they have members or devices on it's interfaces on that particular vlan.

When a Cisco switch has ports associated with a VLAN, it will send an advertisement to its neighboring switches informing them about the ports it has active on that VLAN. This information is then stored by the neighbors and used to decide if flooded traffic from a VLAN should be forwarded to the switch via the trunk port or not

So in this scenario traffic will flow from one pc to the other one

Regards,

Remember to rate all of the helpful posts

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

View solution in original post

Jan Hrnko · ‎03-04-2013

Hi Raphael,

I'm doing a VTP pruning experiment using  the following network structure in PT, unfortunately it's not available. And I think 'switchport trunk allowed' command is not an alternative since it will yield different results.

Yes, you are absolutely right. You would need to enable pruning on the switch with command:

Switch(config)# vtp pruning

Moreover, if you enable this command on VTP server, it will advertise that pruning has to be enabled in the whole VTP domain.

In this scenario what will Switch1 do?

-prune vlan20 as it has no directly connected interfaces belonging to vlan20?

-or allow vlan20 since beyond it, Switch2 has a member of vlan20

-will pc0 be able to ping pc1?

When a switch has a port associated with a VLAN, it will send an advertisement to its neighbors (switches) that it has indeed an active port in that VLAN. The neighbors will receive that information. Now, they can decide whether to forward the flooded traffic through the trunk or not.

So that means that Switch 1 will:

prune vlan20 as it has no directly connected interfaces belonging to vlan20?

No, it will not prune the traffic, because Switch0 and Switch2 will let him know that they have ports associated with vlan20

-or allow vlan20 since beyond it, Switch2 has a member of vlan20

-will pc0 be able to ping pc1?

These are correct.

One more thing. VTP pruning has no effect on switches in the VTP transparent mode (you would need to configure it manually there)

Best regards,

Jan

Julio Carvajal · ‎03-04-2013

Hello Raphael,

Switch 1 will not prune that particular vlan as both S2 and S3 will let them know via VTP updates that they have members or devices on it's interfaces on that particular vlan.

When a Cisco switch has ports associated with a VLAN, it will send an advertisement to its neighboring switches informing them about the ports it has active on that VLAN. This information is then stored by the neighbors and used to decide if flooded traffic from a VLAN should be forwarded to the switch via the trunk port or not

So in this scenario traffic will flow from one pc to the other one

Regards,

Remember to rate all of the helpful posts

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

raphael.ribas · ‎03-04-2013

Totally get it now! Thanks a bunch!