08-20-2012 06:12 AM
Hello,
after trying to understand VTP pruning I thought to test it physically.
I have a infrastructure with three switches (2x CAT2960 with IOS 12.2 (53) SE1 and 1x CAT 3560 with IOS 12.2 (55) SE6) connected in a line (2960-----3560-----2960), each with one trunk. On every trunk VLAN´s 2 and 3 are allowed. There is an interface for VLAN 3 on each switch and only one interface for VLAN 2 on the 3560 which is root for VLAN´s 2 and 3. The entire network runs VTPv2 and the first 2960 is VTP Server. The third 2960 is connected to my PC with port configuration switchport mode access and switchport access vlan 2. VTP pruning is enabled on the VTP server switch and due to it in the whole network. I´ve mirrored the trunk port on the first 2960 to monitor the traffic which gets through this trunk port.
In my opinion, VTP pruning drops all packets that leave the 3560 on the trunk port connected to the first 2960. The show interfaces pruning command confirms this fact (Vlans pruned for lack of request by neighbor: 2 and Vlan traffic requested of neighbor: 2-3). So broadcasts from my PC to the network should be pruned at this port. But in the mirrored port there are still broadcast packets from my PC visible. And after clearing the mac address-table, the MAC from my PC appears.
I have tried different configurations belonging to root´s for VLAN´s and the VLAN 2 interface. The show interfaces pruning command output is logical every time but the mac address always appears in the mac add table on the first 2960.
That doesn´t make sense to me. In this example there is a correct configuration (command show interfaces pruning) but there are no consequences belonging to the network.
Could anyone help me?
Best regards.
09-02-2012 09:21 PM
Hello!
Can you say version VTP?
Enabling VTP pruning on a VTP version 3 switch enables pruning only on the switch that you enable it on. VTP pruning is not propagated as it is with VTP version 1 and VTP version 2.
09-04-2012 12:26 AM
I´ve tested it with v2 and v3. And nothing happened.
And I had paid attention to your second point.
So unfortunately it is not solution for my problem.
My question is: Why can I see the broadcast on the mirrored port? The VLAN from the broadcast should be pruned.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide