Solved: VTP on 2960-S with more than 64 VLANs

benjones · ‎01-04-2019

We have a VTP domain which currently holds 67 VLANs. The domain is running VTP version 3, and has two servers (both on 3750s). In general, this is working fine and has several clients which have replicated the VLAN database correctly.

We have a pair of 2960-S access switches which I recently tried to join to the VTP domain, however upon issuing a `vtp mode client`, a `show vtp status` reports that they are in transparent mode. After some debugging, this appears to be because they are running the LAN lite IOS image, which only supports 64 VLANs stored locally. I confirmed this by trimming our VLAN database to contain < 65 VLANs, and the switches entered VTP client mode successfully. Unfortunately, keeping the number of VLANs under 65 is not a long term solution for us.

Since these access switches only need to access a small number of VLANs (less than 10), I assumed I would be able to reconfigure the trunk on both sides to only contain the required VLANs (with `switchport trunk allowed vlan 1,2,3,4`). Unfortunately although this did limit the VLANs in the trunk as expected, VTP still did not work in this configuration (when I increased the VLAN count beyond 64).

Ideally I wanted to avoid VTP pruning, but is this the only way to make this work? Or is there something I've missed?

Thanks in advance!

chrihussey · ‎01-04-2019

Hello,

The VLAN database has no real correlation with the allowed VLANs on a trunk. So allowing only certain VLANs on a trunk does not have an affect on the VLAN database.

If these are just access switches on their own, without other switches behind them, it may be best just to keep them in transparent mode and create only the needed VLANs.

Hope this helps.

View solution in original post

paul driver · ‎01-04-2019

Hello

unless you upgrade the iOS your stuck -

as there is only two switchs and if those are not interconnecting other switches why carnt you just leave them in transparent mode and manually prune the switch vlans and its interconnects for stp

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

Karsten Iwen · ‎01-04-2019

I don't think VTP pruning is a solution here as this feature doesn't limit the existence of the VLANs but only the flooding on VLANs. But I haven't tested that.

I see two ways to get that running:

Run them transparently and configure the needed VLANs manually.
Use them in a different location where they are not member of your main VTP domain. These switches could be great DMZ-switches on the other side of your firewall
(ok, and third, replace them with something not "LAN Lite")

chrihussey · ‎01-04-2019

Hello,

The VLAN database has no real correlation with the allowed VLANs on a trunk. So allowing only certain VLANs on a trunk does not have an affect on the VLAN database.

If these are just access switches on their own, without other switches behind them, it may be best just to keep them in transparent mode and create only the needed VLANs.

Hope this helps.

benjones · ‎01-04-2019

Thanks for the responses.

I had wondered about the relationship between the VLAN database and the allowed VLANs on a trunk / VTP pruning; doing some research suggested that VTP pruning was a viable solution, but from the responses here it doesn't sound like that's the case. It makes more sense that the two things aren't related, so thanks for clearing that up.

I think I'll just run the 2 2960s in transparent mode and configure the VLANs manually, given that they only require access to a small number. They'll likely get replaced at some point soon, but they're functional for now at least.

Thanks to everyone for your help.

paul driver · ‎01-04-2019

Hello

@chrihussey wrote:

Hello,

The VLAN database has no real correlation with the allowed VLANs on a trunk. So allowing only certain VLANs on a trunk does not have an affect on the VLAN database

@chrihussey - This in a sense is incorrect -My understanding it does have a reference - As vtp is only used to advertise what vlans exist, If you don't monitor what vlans are allowed on the trunks then you could have the same amount of stp instances as there is vlans in the vlan database traversing this interconnects, thats why its advisable to only allow the vlans that you require to traverse these trunks so to decrease the amount of stp instances on the switch.

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

chrihussey · ‎01-08-2019

Thanks Paul, but that is not what I was saying. I'm in total agreement about pruning and allowing only the necessary VLANs on trunks to limit the size of spanning tree domains. However, regardless of the allowed VLANs on a trunk, the VLAN database stays the same. If there are 70 VLANs in the database, allowing only 3 VLANs on a trunk does not change the amount of VLANs in the database. There will still be 70. That is the point I was making.