Hello @balaji.bandi 

Thanks for the reply

I'm running VTP version 3

below is my issue,

S1-S5 are connected as per the diagram,

S1- spanning root bridge

S5- VTP server all other switches are the client.

Testing VLAN- 2 

If I connect a pc on S2 VLAN 2 port, S2 includes VLAN 2 also an active VLAN in VTP join message.

After syncing of VTP domain 

Vlan 2 is not pruned on trunks as per my above diagram. (number 2 indicates VTP not pruned.)

Where VLAN 2 is not pruned:

  S1 f0/1,  S3 f0/2,  S4 f0/4, S5 f0/5.

If I change S2 VTP  mode as Transparent, S2 didn't advertise any originated VTP information, it just acts as a relay for other connected switches. so all other switches in domain didn't aware of the VLAN 2 active port in S2, so all trunks are pruned VLAN 2 except S2 trunks in the domain.

now if I connect one device on S5 with VLAN 2 port, how it can communicate with PC in the S2 because all of the broadcast, multicast, and unknown unicast  packets of VLAN 2 is pruned in S1 f0/1, S3 f0/2, S4 f0/4, S5 f0/5. (And S3 f0/3 is  blocked by STP)

What is the solution for this?

Thanks 

Siva

Hello Siva,

Balaji's answer is correct and your lab tests demonstrates this even in VTP version 3.

>>

If I change S2 VTP  mode as Transparent, S2 didn't advertise any originated VTP information, it just acts as a relay for other connected switches. so all other switches in domain didn't aware of the VLAN 2 active port in S2, so all trunks are pruned VLAN 2 except S2 trunks in the domain.

now if I connect one device on S5 with VLAN 2 port, how it can communicate with PC in the S2 because all of the broadcast, multicast, and unknown unicast  packets of VLAN 2 is pruned in S1 f0/1, S3 f0/2, S4 f0/4, S5 f0/5. (And S3 f0/3 is  blocked by STP)

If there is a VTP transparent switch you cannot use VTP pruning, you have answered it by yourself:

>> If I change S2 VTP  mode as Transparent, S2 didn't advertise any originated VTP information, it just acts as a relay for other connected switches. so all other switches in domain didn't aware of the VLAN 2 active port in S2, so all trunks are pruned VLAN 2 except S2 trunks in the domain.

Please note that VTP pruning does NOT reduce the number of STP instances running on each switch it just removes replication of broadcast, multicast, unknown unicast frames for the pruned Vlan but STP for Vlan-2 if using PVST+ or Rapid PVST is still running.

You can verify this.

The VTP pruning is only a forwarding plane optimization that assumes all switches are running either as servers or clients and are able to signal "interesting Vlans" on their access ports.

Hope to help

Giuseppe

Hello @Giuseppe Larosa 

Thanks for the reply.

I have understood that VTP doesn't prune unicast packets that are allowed by STP.

My question is can't we solve this without making all switches as non-transparent?  (I don't think it is possible to have a domain without a transparent switch, if yes then there is no use of VTP pruning isn't it? )

Below are some points I figured out from the Cisco website but I couldn't understand the second point, can you clarify that and how can I apply that second option to my scenario? 

https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3560/software/release/12-2_55_se/configuration/guide/3560_scg/swvtp.html

"" VTP pruning is not designed to function in VTP transparent mode. If one or more switches in the network are in VTP transparent mode, you should do one of these:

• Turn off VTP pruning in the entire network.
• Turn off VTP pruning by making all VLANs on the trunk of the switch upstream to the VTP transparent switch pruning ineligible. ""

Thanks 

Siva

Hello Siva,

VTP pruning is a legacy feature like RIP in the field of routing protocols.

There is another important limitation of VTP pruning that I have forgotten to mention:

VTP pruning handles only the standard Vlans 2-1001.

But the modern range of 802.1Q Vlans (IEEE standard ) is 1 to 4094.

>> By default, VLANs 2 through 1001 are pruning eligible switch trunk ports. If the VLANs are configured as pruning-ineligible, the flooding continues.

this sentence is on the config guide you have linked and hightlight what pruning inelible means :

if a Vlan X is configured as pruning ineligible means that VTP pruning does not happen for Vlan X.

This explains the second option that you have asked to explain

>> Turn off VTP pruning by making all VLANs on the trunk of the switch upstream to the VTP transparent switch pruning ineligible.

The interface command should be the following:

switchport trunk pruning vlan { add | except | none | remove } vlan-list [ ,vlan [ ,vlan [ ,,, ]]

probably the none option is what is described as second option.

If you use Vlan 2002 in your lab you should see that VTP pruning does not apply to it. (to be tested as you are using VTPv3).

In my work experience I have never seen a production network using VTP pruning feature.

The best way to achieve scalability both in the control plane and in the forwarding plane is to use manual configuration of the list of allowed Vlans on each trunk port.

Using

switchport trunk allowed vlan ....

Only in this way you minimize STP resource usage (number of STP instances) on access layer switches (when using PVST+ or Rapid PVST).

Also the limitation to use only standard Vlans is a great limit.

Hope to help

Giuseppe

Hello @Giuseppe Larosa 

Thanks for the reply

Configuring pruning ineligibility on all interfaces is not an efficient way for administrators isn't it? instead we can manually prune by the applying allowed VLANs on all interfaces as you said. finally, I have got solution only by disabling VTP pruning  :-(

Thank you very much for your help @Giuseppe Larosa 

Regards

Siva

Sure always there is pros and cons, so we need to choose best way to achieve the goal of requirement always.

Thank you @balaji.bandi 

Hello Siva,

in my opinion VTP pruning is not so useful for at least three reasons:

a) it does not support the full range of IEEE 802.1D vlans 1-4094, only Vlans 2-1001 can be pruned.

This is a great limitation. VTPv3 supports also extended Vlan range. It would be nice to test if VTP pruning on extended Vlan is supported on the whole range or not.

b) it is not possible to enable it if there are switches in VTP transparent mode (they are not able to signal locally connected Vlans on access ports)

c) it provides a false sense of scalability, but in reality it does not help in scalability in the control plane when using PVST+ or Rapid PVST.

VTP pruning provides only a forwarding plane advantage to avoid unnecessary flooding.

Many years ago when switches had a fast ethernet uplink and using extended Vlans was not so common VTP pruning was a useful tool.

Nowdays with 10 GE or N X 10 GE uplinks we can afford unnecessary flooding.

And again when we use the switchport trunk allowed Vlan we are not pruning we are changing the topology and controlling the use of STP protocol instances. It is effective both on the control plane and on the forwarding plane.

There is a lot of misunderstanding about this VTP pruning is NOT equivalent to manual control of permitted Vlans.

The price to pay is that we have not a "plug and play" network, but the gain in scalability can make the difference.

Hope to help

Giuseppe

Good information @Giuseppe Larosa 

Thanks

Siva