Showing results for 
Search instead for 
Did you mean: 
Join Customer Connection to register!

Trunks and pruning...

I am trying to find a good reason why I should go through the extra effort of pruning vlans off trunks.  No DTP or VTP in the network.  The core has all the vlans and the IDFs only needs 2 vlans, management and an access vlan.  So the only thing I can think of is if I don't prune all the vlans then extra unneed broadcast traffic will be sent to IDFs that don't need it.  So here is my question.  If the vlan isn't on the IDF switch will the core still send the traffic down the trunk?  Does the "Vlans allowed and active in management domain" mean that is forwarding all boardcast traffic down those links?

Show int trunk on the core

6509#sh int trunk

Port                Mode         Encapsulation  Status        Native vlan

Po1              on           802.1q         trunking      1

Port                Vlans allowed on trunk

Po1               1-4094

Port                Vlans allowed and active in management domain

Po1              1-20

Port                Vlans in spanning tree forwarding state and not pruned

Po1              1-20


c3560#sh int trunk

Port        Mode             Encapsulation  Status        Native vlan

Po1         on               802.1q         trunking      1

Port        Vlans allowed on trunk

Po1         1-4094

Port        Vlans allowed and active in management domain

Po1         1,10

Port        Vlans in spanning tree forwarding state and not pruned

Po1         1,10

CCNP - Wireless
CWNE #136
Joseph W. Doherty
Hall of Fame Expert


The   Author of this posting offers the information contained within this   posting without consideration and with the reader's understanding that   there's no implied or expressed suitability or fitness for any purpose.   Information provided is for informational purposes only and should not   be construed as rendering professional advice of any kind. Usage of  this  posting's information is solely at reader's own risk.

Liability Disclaimer

In   no event shall Author be liable for any damages whatsoever (including,   without limitation, damages for loss of use, data or profit) arising  out  of the use or inability to use the posting's information even if  Author  has been advised of the possibility of such damage.


In answer to your questions, yes and yes.

Beside broadcast, VLAN(s) multicast could be sent down the link along with VLAN(s) unicast flooding.

If you have another switch downstream of the IDF, also trunked, it (the IDF) wouldn't forward the traffic for a VLAN(s) it didn't also recognize.


I want to add a comment to Joseph's reply

To avoid these broadcast and unicast traffic issues and also to secure the core switches from the layer 2 attacks from the IDFs (Users) cisco suggests to go with the Layer 3 links between core and MDF/IDFs.