VTP ensures that all switches in the VTP domain are aware of all VLANs. However, there are occasions when VTP can create unnecessary traffic. All unknown unicasts and broadcasts in a VLAN are flooded over the entire VLAN. All switches in the network receive all broadcasts, even in situations in which few users are connected in that VLAN. VTP pruning is a feature that you use in order to eliminate or prune this unnecessary traffic.
In most cases CORE Switch is the default gateway for the Clients.
Typical Troubleshooting is as follows
1) Is the ARP complete ?
CORE#sh ip arp 10.10.1.144Protocol Address Age (min) Hardware Addr Type InterfaceInternet 10.10.1.144 100 8cb6.4faa.8a41 ARPA Vlan93
YES IT IS
2) Is the switch learning mac address ?
CORE# sh mac-address-table address 8cb6.4faa.8a41 <NOT LEARNING MAC ADDRESS>
That should not cause connectivity loss as the packets will be flooded and will make its way to the clients
3) Lets check the spanning tree status for vlan 93
CORE # show spanning-tree vlan 93<SNIP>Gigabitethernet 1/1 shows forwarding
Well, spanning tree status is forwarding – so my packets are supposed to leave interface Gi1/1
Lets SPAN interface Gi1/1 and see if packets are leaving – Result: SPAN Captures show no packets leave the interface.
Crazy !! so it is the CORE switch that is culprit – lets replace it ??
NO WAY -- Are we sure it is a hardware issue – No
What have we missed ? Hmm.. Lets add a static mac entry and see if that helps
CORE(config)# mac address-table static 8cb6.4faa.8a41 vlan 93 int gi1/1
CORE# ping 10.10.1.144
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.10.1.144, timeout is 2 seconds:
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms
Lets remove the static mac address and now initiate traffic from end client – mac address learned and everyone in the network can reach the client
From the troubleshhoting performed so far the observations made are as follows:
We intermittently lose connectivity to client. When traffic is initiated from client, we are immediately able to establish connectivity to client and finally, we observe that the problem is seen when mac address of client ages out on the CORE switch
So what feature can block unicast flooding?
switchport block unicast command on the interface - not configured here
VTP pruning – Ah ha!!
Let us check if any vlan is pruned
CORE#show int gi1/1 trunk
Port Mode Encapsulation Status Native vlan
Gi1/1 on 802.1q trunking 1
Port Vlans allowed on trunk
Port Vlans allowed and active in management domain
Port Vlans in spanning tree forwarding state and not pruned
CORE#show int gi1/1 pruning
Port Vlans pruned for lack of request by neighbor
Gi1/1 11-18,20-21,23-30,32,60-61,90-103,111,138,155-156,201-203,400 -> All these VLAN’s are pruned because neighbor did not request for them
Port Vlan traffic requested of neighbor
Gi1/1 1,10-18,20-30,32,60-61,90-103,111,138,155-156,201-203,400 -> This is what CORE Switch is requesting from its neighbor switch
So VTP pruning was the culprit – As the mac address of end client aged out, the switch would have to unicast flood the packet to all ports on VLAN 93, which is not sent on Gi1/1 as VLAN 93 was pruned.
Once VTP pruning is turned off – All connectivity issues are corrected.
When can such a scenario occur ?
1) In environment which has switches in VTP server/client mode along with switch that maybe in VTP transparent mode
2) When a non Cisco switch that does not understand VTP is connected to a Cisco Switch which has VTP turned ON (in most cases)
So please keep in mind that VTP pruning can be the cause of connectivity issues.
In an all Cisco environment where all switches are configured to be in VTP server or client mode, you can turn ON VTP pruning as this will help limit unnecessary flooding in the network and is of great help.
After all, VTP pruning need not be a PIA
(PS: For those of you who are wondering what PIA stands for.. Don’t worry about it )
For an IDS Design we would like to configure multiple RSPAN session which is working fine for some other Cisco Products like IE-4010-4S24P, WS-C3750-48TS, IE-3000-8TC…unfortunately we struggling to enable this on our IE-3300-8P2S devices using ie3x00-univ...
Hi, I would like to find out how a phantom queue can be configured in Cisco. A definition of it from  is presented here: "A phantom queue is a simulated queue, associated with each switch egress port, that sets ECN  marks based ...
I bought some FET-10G transceiver modules to connect a Cisco UCS 6140XP (single master switch) to Cisco Nexus 2248TP fabric extenders but i can't make them work.As per documentation the transceivers should work as "It is supported on fabric links from a N...
Hello guys, could you please advise if this is related to a bug or some other issue? Crashinfo in the attachment. Appreciate the help. SW uptime is 2 days, 8 hours, 12 minutesSystem returned to ROM by error - Debug Exception (Cou...
I am trying to access the web interface on an ISR 1100 series router. The model is the C1111-4P. It is running version 16.9. I have tried by downloading and installing the SDM-V25 facility on my PC. I have tried various (old) versio...