13 Replies Latest reply: Sep 28, 2009 2:45 PM by Bourbon, CCNP, CCIE Candidate RSS

    VLAN Pruning


      Hello CLN


      I have a quick question.  What is the difference between VTP pruning and the switchport trunk allow vlan command?  Don't they do eactly the same thing when it comes to a functional standpoint?


      I did some research on the internet, but different opinions are given on this.  Can someone clear this up?





        • 1. Re: VLAN Pruning

          vtp pruning is a dynamic mechanism ,when the downsream routers do not need the vlan traffic ,it will send pruning message .


          vtp trunk allow is a static mechanism ,it allows the specific vlans pass through the trunk .


          The two have the same result ,that is reduce the unnecessary traffic through the trunk .


          all  the above is  my personal opinion ,thanks ~~

          • 2. Re: VLAN Pruning

            I concur with the previous reply.  VTP will auto-magically prune your trunks.  Among other wonderous functions it performs. 


            Manually pruning a switchport, SVI, or channel group with the 'switchp trunk allowed vlan' command, is the manual way.


            It is always good to prune your trucks.  So I think the manual way was provided for those who don't really need to run VTP.

            • 3. Re: VLAN Pruning

              Thanks for the responses.  I guess it's always helpful to know more than one way to accomplish the same thing.

              • 4. Re: VLAN Pruning

                They do the same, but VTP pruning is the easy way to k1ll your network. If you have VTP servers everywhere (mode that vlan pruning requires the switches to be in), then you could have a complete disaster in your network. Here's why: let's say a company hired 20 more people and does not have any more ports on their switch. Someone could ask a co-worker if there was another switch, and the co-worker could reply by saying, there's one in the lab. We could hook that one up until we get a new switch. If that switch has a VTP revision higher than the ones on the production network, and does not have the same vlan numbers, guess what's going to happen? All the pre-existing vlans in the production network are going to be erased and the switches are going to be in a black hole and unable to communicate with anyone. You see what I mean? If you have only one VTP server and the rest clients, then you'll have no trouble. Hence, even though it's a hastle to type all the vlans in with the command vtp trunk allow, you'll greatly save your sanity from having to recreate all the vlans again if your network gets destroyed. Hope this helps.



                • 5. Re: VLAN Pruning

                  your instance is a good one .the vtp information will only be  updated by a large configuration number ,it is not be  independent of trunk or pruning .


                  if only you use trunk ,the vlan information can be updated ,but the vtp pruning or  vlan trunk allow command is a strategy optimization ,they two have no realtionship .


                  it is my personal opinion ,hope is helpful for you ~~

                  • 6. Re: VLAN Pruning
                    Dave Owens

                    The condition Freecell described could be avoided without the overhead of explicitly allowing vlans on every trunk.

                         A.  Reset your VTP rev number on the lab switch by: changing the domain name to a temp then back again -OR- cycle VTP transparent, server.

                         B.  Enforce a unique VTP domain name/password in your lab.

                         C.  If you're really worried, both!



                    • 7. Re: VLAN Pruning


                      I'm not sure what you mean by no relationship. I do agree with Dave, but in a perfect world, no one would make mistakes, but we're all human. Things can happen. An admin could use the same VTP pw in the lab because he was at a crazy party and came to work with a hangover the next day. I'm just giving my opinion on precaution and optimization.



                      • 8. Re: VLAN Pruning

                        Not necessarily you need all your SWs to be in Server mode,if they are in the same domain a single pruning configuration on one server will be distributed to the other switches by VTP.

                        • 9. Re: VLAN Pruning

                          Well, my understanding is that vtp prunning works only on server mode.

                          • 10. Re: VLAN Pruning
                            Keith Bogart

                            Hi everyone,


                            If you wish to enable VTP pruning with the global command, "vtp pruning" your switch needs to be in VTP Server mode.  However the other switches in your network could be in VTP Client mode and they will also have VTP pruning dynamically enabled when the VTP Server tells them to do so.


                            Hope that helps!


                            • 11. Re: VLAN Pruning

                              Freecell - Don't forget that a switch running in VTP client mode can bring devestation to a network as well, it does not have to be in server mode to overwrite the database.  If it has the same domain name and a higher configuration revision number the database will be overwritten.

                              • 12. Re: VLAN Pruning



                                Yep, didn't forget about that. I thought that when using vlan pruning, you had to have servers everywhere (per cbtnuggets) which isn't true. http://www.cisco.com/univercd/cc/td/doc/product/lan/cat5000/rel_4_2/config/vlans.htm#xtocid79807



                                • 13. Re: VLAN Pruning
                                  Bourbon, CCNP, CCIE Candidate

                                  I'm studying this for CCNP myself, and I could be wrong, but I think the big difference in these that everyone is missing is that:


                                  1.)     With VTP pruning, the broadcasts are blocked from reaching the downstream client switches.  However, the VLAN is still available to be used, at which point the client switches would be "un-pruned" automatically.


                                  2.)     With VLAN "dis"allowed from the trunk, the downstream client switches would NOT have the vlan available, or if they did get it through VTP, if that VLAN were still disallowed from the trunk, it would be degraded - not being able to reach back to the core of the network (assuming that's where the servers and Internet connection) would be.  The VLAN would have to be manually added back to the trunk.


                                  So the differences are really the difference between automation and manual granular control.


                                  Hope this helps,