cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1366
Views
0
Helpful
3
Replies

Vlan Pruning

d_ferraro
Level 1
Level 1

Hello,

Our environment consists of over 800 access switches and 300+ vlans. We use the 3 layer model; core, distribution, access, with routing done at the core and distribution layers via OSPF.

At our old facility we had our core doing all the routing with about 100 vlans and 150 access switches. We had a VTP domain configured and VTP pruning was configured. We had situations where a device was added with a higher revision # and all the vlans were overwritten causing machines to lose access to the network till all vlans were re created. So moving to the newer larger facility we had designed our network without VTP to avoid this major flaw in VTP.

So with efficency in mind we would like to prue the downlinks to the access switches. With the amount of traffic that is being generated on our network this is starting to become a concern and with so many access switches this would be a large job to do manually. So my question is this:

Is there a way to prune the vlans on the down links to our access switches automatically. The key word here being automatically.

or

Does anyone have any suggestions on how we can configure or reconfigure our network to make it more efficient?

thanks in advance.

3 Replies 3

arlon
Level 1
Level 1

I think its not possible to make pruning automaticaly without VTP.

Use diferent VTP domain name and password in each aggregation block to avoid such a failure what you are mentioned.

If you need to change the domain name when you are moving switch to an other area the revision number will be the default.

Jon Marshall
Hall of Fame
Hall of Fame

If you are not running VTP server/client mode then you cannot run VTP pruning. If you can't run VTP pruning then there is no automatic way to "prune" vlans off trunk links.

You suffered from one of the worst flaws in VTP ie. a switch with a higher revision overwriting the existing vlan database.

You have 2 choices really -

1) either introduce far stricter procedures for adding a switch to your network and run VTP server/client mode

or

2) run VTP transparent mode and use the "switchport trunk allowed vlan .." on the trunk links.

Personally i would go with 2 if at all possible and altho it is a lot of work to setup once it has been done unless you are adding multiple vlans every other day your administrative overhead should be quite small.

If there really is too much admin overhead to do it this way you will have to use VTP server/client and like i say tighten up your procedures.

Jon

I learned in my Cisco class that anytime you add a switch to a network.

MAKE SURE TO EITHER CHANGE THE NAME OF THE VTP DOMAIN.

or

DELETE THE CONFIG SO YOU HAVE THE LOWEST REVISION NUMBER.

adding to that... the name of VTP Domain must be the same in order for it to change or revise the other switches.

and if you delete the config then you won't have any revision number but "0" in place.

Review Cisco Networking for a $25 gift card