cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1442
Views
5
Helpful
4
Replies

vlan pruning vs vlan allowed

dragec
Level 1
Level 1

hi,

wich method is better for controling vlans on large LAN? allowed vlan on trunk ports or vlan pruning?

4 Replies 4

Edison Ortiz
Hall of Fame
Hall of Fame

They both provide the same feature however VTP Pruning only works in a VTP Server/Client environment while manual pruning on the interfaces works in VTP Server/Client as well VTP transparent design.

Also with manual pruning on the interfaces, you have a granular control of what gets pruned on the interfaces while VTP Pruning is a dynamic process.

HTH,

__

Edison.

Kevin Dorrell
Level 10
Level 10

As Edison says, they do roughly the same thing. But there is one fundamental, if theoretical difference. Whereas "vlan allow" modifies the Spanning-Tree topology, VTP pruning does not.

That sounds confusing and counter-intuitive, doesn't it? Think of it as the VTP pruning being overlayed on the Spanning Tree topology defined by the "vlan allowed".

OK, imagine a multi-VLAN topology. If you are running PVST+ or rapid-pvst, then each VLAN will have its own topology. That topology will be determined by the access links and trunks where that VLAN is allowed. Take a pencil diagram of your switched LAN, and erase those links where the VLAN is not allowed. Then run Spanning Tree from the root. That is the topology for this particular VLAN.

Now add VTP pruning into the mix. What this does is for each switch to ask to ask of its downstream neighbor "Do you have any clients downstream (i.e. away from the root) on this trunk." If not, then I shall not send you any broadcasts on this VLAN on this trunk, even if the port is in forwarding.

Suppose you have an access switch that is uplinked to two distribution switches. On that VLAN, the access switch will have put one of its uplinks in STP forwarding and one in blocking. At the other end of these links, the distribution switches will both be in forwarding on this VLAN. You can see why the main link would be in forwarding, but why should the distribution switch forward on the backup link. That is where VTP pruning comes in: the distribution switch port is still in forwarding, but pruned.

(You might think it doesn't matter that the distribution switch forwards broadcasts, only to blocked at the access switch. But don't forget that this link may be the active link for other VLANs.)

Let us take this one step further. So far, we have two distribution switches, one forwarding and the other forwarding-but-pruned. Now suppose the access switch does not have any other active ports on the VLAN. What is the point of either distribution switch forwarding to that access switch? None at all. Enter VTP pruning once more. In this case, both distribution switches are forwarding-but-pruned.

So this leads us to another interesting difference between STP and VTP pruning. STP will block ports at the downstream end, (away from the root). VTP will prune ports at the upstream end (closer to the root). "vlan allowed" will remove the link for the topology altogether as far as that VLAN is concerned.

So, if that all makes sense, the conclusion is that these three techniques (vlan allowed, STP, and VTP pruning) are actually complementary.

Kevin Dorrell

Luxembourg

CCDE level explanation! I loved your reply! Thank you very much.

BTW, a VTP issue I ran into years ago, if a transit switch did not have an access port in a VLAN, VTP pruning would drop the VLAN.

sw1(v3)<trunk>sw2<trunk>sw3(v3)

VTP pruning would prevent v3 flowing across sw2.  Don't know whether this was a bug or feature as we just disabled VTP pruning and allowed/disallowed VLANs on trunks.

Review Cisco Networking for a $25 gift card