07-18-2015 02:18 PM - edited 03-08-2019 01:01 AM
Hi,
I´m working on a switch audit and I´m confused on this exception "VLANs not cleared from trunk". I know i have the Recommendation and Corrective Action, but I don´t know how to look for those Vlans that I have to remove.
I mean, Which command Do I need to use in the swith ? How can I see Vlan that isn´t being used ?
Exception | Description | Recommendation | Reference URL(s) | Network Elements Affected |
VLANs not cleared from trunk | Clearing VLANs from Trunks helps prevent STP being propogated to switches that don't need it for that VLAN | Cisco recommends pruning VLANs from trunks where they are not needed to maximize STP stability. | ** | Router(config-if)# switchport trunk allowed vlan {none \|{{add \| except \| remove} vlan[,vlan[,vlan[,...]]}} |
** URL: http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2SX/configuration/guide/layer2.html
Thanks for reading this
Solved! Go to Solution.
07-19-2015 02:48 AM
Hello
can you confirm what vlans your trying to remove
As swithces have internal vlans which cannot be removed
sh vlan-internal-usage
Enabling pruning would dynamically remove unused vlans however I find myself his isn't as deterministic as manually pruning vlans
show int trunk = will show You the vlans allowed to cross the trunk and active
Sh vlan brrief = will show what interfaces are assigned to the vlan
Res
paul
07-19-2015 02:48 AM
Hello
can you confirm what vlans your trying to remove
As swithces have internal vlans which cannot be removed
sh vlan-internal-usage
Enabling pruning would dynamically remove unused vlans however I find myself his isn't as deterministic as manually pruning vlans
show int trunk = will show You the vlans allowed to cross the trunk and active
Sh vlan brrief = will show what interfaces are assigned to the vlan
Res
paul
07-20-2015 12:40 PM
Hello my friend,
I used the command above, and I get this..
show vlan internal usage
VLAN Usage
---- --------------------
1006 online diag vlan0
1007 online diag vlan1
1008 online diag vlan2
1009 online diag vlan3
1010 online diag vlan4
1011 online diag vlan5
1012 PM vlan process (trunk tagging)
1013 Control Plane Protection
1014 Partial shortcut vlan
1015 vrf_0_vlan
1016 IPv6-mpls RSVD VLAN
1017 Egress internal vlan
1018 Multicast VPN 0 QOS vlan
1019 IPv6 Multicast Egress multicast
Show Vlan Brief
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Gi5/1, Gi6/1, Gi6/20
2 BACKBONE_MZ active Gi12/4, Gi12/5, Gi12/24, Gi12/25, Gi12/26, Gi12/36, Gi13/5, Gi13/6, Gi13/24, Gi13/25, Gi13/26
3 INTER-ROUTING active
5 AP active Gi12/13, Gi12/14, Gi12/15, Gi12/16, Gi13/13, Gi13/14, Gi13/15, Gi13/16
7 BACKBONE_MZ_2 active Gi7/2, Gi8/2, Gi12/43, Gi12/44, Gi13/36, Gi13/43, Gi13/44, Gi13/47, Gi13/48
10 TP active
13 DIR active Gi12/2, Gi13/2
15 TANGO active Gi12/1, Gi12/6, Gi12/10, Gi12/11, Gi12/12, Gi13/1, Gi13/3, Gi13/10, Gi13/11
20 EVD active
25 VoiceM active Gi12/22, Gi12/23, Gi13/22, Gi13/23
30 DIR-GESTION active Gi12/3, Gi13/4
41 Gestion_A1_TEMPORAL active Gi12/33
59 VIR-ICE_(IT) active Gi12/27, Gi12/28, Gi12/29, Gi12/30, Gi12/39, Gi12/42, Gi13/27, Gi13/28, Gi13/29, Gi13/30, Gi13/39, Gi13/42
63 O&M active Gi12/9, Gi13/9
65 Tx active Gi5/18, Gi6/18
88 IT-SERVICES active
89 O&M_Tx active
510 VOICE_3 active
528 Probe_1 active Gi12/35, Gi13/35
532 O&M_Lx active Gi12/37, Gi12/38, Gi12/45, Gi12/46, Gi13/37, Gi13/38, Gi13/45, Gi13/46
533 O&M_PBR active Gi12/31, Gi12/32, Gi12/40, Gi12/41, Gi13/31, Gi13/32, Gi13/33, Gi13/40, Gi13/41
534 IP-GESTION active Gi12/34, Gi13/34
542 IP-DATOS active
572 USED_FOR_NETWORK_MGMT active
578 Ix_RO active
579 ET_Guest active
586 ET_Datos active
600 Gestion_NER active
612 Gestion_Rx_NER active
730 IPL2-GESTION active
881 IP_TP_SIG active
883 IP_DL_OyM active
1000 MetroEthernet_BBO active
show interfaces trunk
Port Mode Encapsulation Status Native vlan
Gi5/5 on 802.1q trunking 1
Gi5/14 on 802.1q trunking 1
Gi5/16 on 802.1q trunking 1
Gi5/20 on 802.1q trunking 1
Gi6/5 on 802.1q trunking 1
Gi6/14 on 802.1q trunking 1
Gi6/16 on 802.1q trunking 1
Gi12/19 on 802.1q trunking 1
Gi13/19 on 802.1q trunking 1
Po1 on 802.1q trunking 1
Po2 on 802.1q trunking 1
Po3 on 802.1q trunking 1
Port Vlans allowed on trunk
Gi5/5 1-4094
Gi5/14 1,10,20
Gi5/16 542,730,881,883
Gi5/20 2,579,586,612
Gi6/5 1-4094
Gi6/14 1,10,20
Gi6/16 542,730,881,883
Gi12/19 88-89
Gi13/19 88-89
Po1 1-4094
Po2 1-83,85-89,91-4094
Po3 1-83,85-89,91-4094
Port Vlans allowed and active in management domain
Gi5/5 1-3,5,7,10,13,15,20,25,30,41,59,63,65,88-89,510,528,532-534,542,572,578-579,586,600,612,730,881,883,1000
Gi5/14 1,10,20
Gi5/16 542,730,881,883
Gi5/20 2,579,586,612
Gi6/5 1-3,5,7,10,13,15,20,25,30,41,59,63,65,88-89,510,528,532-534,542,572,578-579,586,600,612,730,881,883,1000
Gi6/14 1,10,20
Gi6/16 542,730,881,883
Gi12/19 88-89
Gi13/19 88-89
Po1 1-3,5,7,10,13,15,20,25,30,41,59,63,65,88-89,510,528,532-534,542,572,578-579,586,600,612,730,881,883,1000
Po2 1-3,5,7,10,13,15,20,25,30,41,59,63,65,88-89,510,528,532-534,542,572,578-579,586,600,612,730,881,883,1000
Po3 1-3,5,7,10,13,15,20,25,30,41,59,63,65,88-89,510,528,532-534,542,572,578-579,586,600,612,730,881,883,1000
Port Vlans in spanning tree forwarding state and not pruned
Gi5/5 1-3,5,7,10,13,15,20,25,30,41,59,63,65,88-89,510,528,532-534,542,572,578-579,586,600,612,730,881,883,1000
Gi5/14 1,10,20
Gi5/16 542,730,881,883
Gi5/20 2,579,586,612
Gi6/5 1-3,5,7,10,13,15,20,25,30,41,59,63,65,88-89,510,528,532-534,542,572,578-579,586,600,612,730,881,883,1000
Gi6/14 1,10,20
Gi6/16 542,730,881,883
Gi12/19 88-89
Gi13/19 88-89
Po1 1-3,5,7,10,13,15,20,25,30,41,59,63,65,88-89,510,528,532-534,542,572,578-579,586,600,612,730,881,883,1000
Po2 1-3,5,7,10,13,15,20,25,30,41,59,63,65,88-89,510,528,532-534,542,572,578-579,586,600,612,730,881,883,1000
Po3 1-3,5,10,13,15,20,30,41,63,65,578,1000
Do I have to check these interfaces Gi5/5 ; Gi6/5 ; Po1 ; Po2 ; Po3 ???
07-20-2015 10:15 AM
Hello David,
You can check the below on the switch which will show you the vlans and the ports associated with them. If you do not have any ports for a vlans listed, I assume it is safe for you to remove that vlan from trunk.
sh vlan
Hope this helps,
Madhu.
****Kindly rate useful posts*****
07-20-2015 11:27 AM
just enable Vlan pruning if your VTP is successfully implemented (or implemented at all)
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide