This is the blade switch:

interface GigabitEthernet0/21

description

switchport trunk encapsulation dot1q

switchport mode trunk

channel-group 11 mode desirable

!

interface Port-channel11

switchport trunk encapsulation dot1q

switchport mode trunk

!

Currently all VLANS in our domain are transiting these trunks.

From the reasearch I have done on Cisco, it was explaining that I need to use the:

switchport trunk pruning (then specify VLANs) command. Can i just do this on the port-channels and not the actuall Gig ports in the GigabitEthernet channel? I have a lot of switches that I need to find a proficient way of lowering the stp instances. I thought you have to enable the pruning on the VTP server so the VLANs I want to prune on the low end switches will be eligible?. Please let me know what I'm misunderstanding. Thank, Ted

Hello Ted,

VTP and STP PVST+ are two different protocols that actually don't interact

if your problem is that you have reached max STP instances on switches the best way is to define link by link the list of vlans permitted

on etherchannel link all changes have to be done on the port-channel link only (or problems can arise including bridging loops if you touch member links)

You may consider if can be an easier change to pass to the MST 802.1w so that you can decuple number of vlans and number of STP instances but this requires suitable IOS images on all devices so it is a major change anyway.

We actually use this policy of allowing specific vlans in our server farms.

see for example

http://www.cisco.com/en/US/docs/switches/lan/catalyst3750/software/release/12.2_25_sed/configuration/guide/swvlan.html#wp1221846

and

Pruning increases available bandwidth by restricting flooded traffic to those trunk links that the traffic must use to access the destination devices. You can only enable VTP pruning on a switch in VTP server mode.

http://www.cisco.com/en/US/docs/switches/lan/catalyst3750/software/release/12.2_25_sed/configuration/guide/swvtp.html#wpxref99689

simply with VTP pruning multicast, broadcast and unknown unicast is not propagated out a trunk if the switch on the other side has no access-ports or trunks ports for the specific vlan.

This doesn't stop STP instance for the vlan that is pruned.

Hope to help

Giuseppe

Ok so what your saying is my configs are correct for what I'm trying to accomplish? Adding the pruning to both sides of the port-channel only? So I do not have to enable pruning on the VTP domain because these two protocols are independent. What would be your best way to determine what vlan needs to be pruned? Check vlan counters and interface configs? Oh by the way I'm unable to change our core environment to MST... Thanks, Ted

Hello Ted,

no vtp pruning needs to be enabled on vtp server.

What I'm trying to say is that you want to reduce the STP instances this is not enough.

However, VTP pruning in your environment can provide other benefits

Hope to help

Giuseppe

Ok - I have blade switches that I can not add one more vlan to because I have maxed out all available stp instances (core melt down if I try). I understand the benefits of enabling pruning on the VTP domain, but this will need to be done after I fix the max instances seen on my low end switches. My plan is to limit the vlans on all low end switch trunks via port-channeling first to fix the issue i have. I am researching how to figure out which VLAN's i don't want to allow. Thanks for your assistance.

Giuseppe, help me understand something. All VLANs now are being sent through the trunk. If I add switchport trunk allowed then just add the vlans I want this will stop everything else? Also since the low end switches already know about those vlans what will I need to do to delete them? Thanks again, Ted

Hello Ted,

the list of allowed vlans has to be configured on both ends of each etherchannel.

once that no port (including trunk ports this the key point) on the access switch is part of vlan X (an unused vlan on that switch) the STP instance for Vlan X is stopped and should be removed.

So after some time the

show spanning-tree summary should show a lower number of STP instances giving you space for specific adds.

I understand this is a lot of work but unfortunately is something that has to be done.

I give you an example taken from one of our campus to show you the target scenario:

sh vtp status

VTP Version : running VTP1 (VTP2 capable)

Configuration Revision : 90

Maximum VLANs supported locally : 1005

Number of existing VLANs : 31

there are 31 vlans in the vtp domain without ad hoc list of vlans permitted on uplinks I would have 31 STP instances

instead thanks to selective trunking I have:

sh spanning-tree sum | inc vlans

17 vlans 16 0 0 106 122

only 17 vlans of 31 have an associated STP instance

the list is configured manually on both sides of each uplink to distribution switches.

Hope to help

Giuseppe

Ok can you validate these configs below. I'm not sure which one of these I am going to need to uses.

!

Conifg t

interface Port-channel11

switchport trunk pruning(VLANs)

or

switchport trunk allowed vlan x,y,z

!

S1E1-lnsomnptc

interface Port-channel11

switchport trunk pruning(VLANs)

or

switchport trunk allowed vlan x,y,z

Also after I set this allowed VLAN or pruning VLANs I will need to clear the unused ones manually since they are ready know about these.

Do you have a config to do this?

Thanks, Ted

Hello Ted,

you need to use

interface Port-channel11

switchport trunk allowed vlan x,y,z

on both ends

be aware that VTP max vlans is usually higher then max STP instances.

I think you just need to do this on all links (this is the heavy part)

and list of vlans is link specific

By the way, you cannot delete vlans on VTP client swiches unless you revert them to transparent mode.

I saw switches reverting automatically to transparent mode to protect themselves from execessive vlans in the VTP advertisements

Hope to help

Giuseppe

So for an example once I issue switchport trunk allowed vlan x,y, z on both ends of the low end switch that currently has max stp instances and this will automatically make the vlan's that I added to the switchport trunk allowed vlan command to transit and non others correct? I thought I needed manually clear the vlans since the switch already had learned about them. Currently everything in the VTP domain of course comes through on these trunks Thanks,

I will have to prune because I have 128 VLANS and growing. I am at the max 128 max stp instances on my low end switches. If i just allow certain vlan through I will effectively still have 128 instances because of the VTP is still propagating these vlans on down correct?

Thanks for helping me get a better understanding of this. Have a good one.