08-12-2022 09:46 AM - edited 08-13-2022 06:52 AM
Hello,
About 18 months ago, we stopped using VTP and switched to assigning 'allowed VLAN' to individual interfaces. Everything has been working well. At that time, the contractor had me turn off VTP on the core switch (default gateway) and leave VTP in transparent mode on the access and distribution switches. He said going forward, we could stop creating VLAN interfaces and simply just create named VLANs. More recently, perhaps when a client lease expires, a DHCP client will not obtain an ip address in a timely manner, if at all. I suspect this might be due to the lack of an 'ip helper-address' on a VLAN interface. Is that likely? Is the configuration okay as described? And how can I help clients reach the DHCP server?
Perhaps this clarifies my question: We were trying to reduce traffic in an OT environment but appear to lose DHCP acknowledgements periodically. Can create a VLAN interface and still isolate traffic using 'allowed vlan'?
P.S. The DHCP server is connected to the core stack of switches.
Solved! Go to Solution.
08-15-2022 04:16 AM - edited 08-15-2022 04:18 AM
No, it was suggested we use 'allowed vlan' in place of VTP Pruning. I meant to indicate the contractor had us turn VTP off on the core, and then left downstream switches in transparent mode. However, I still see your point.
08-15-2022 05:13 AM
haggittmark@tm-america.com wrote:
No, it was suggested we use 'allowed vlan' in place of VTP Pruning. I meant to indicate the contractor had us turn VTP off on the core, and then left downstream switches in transparent mode. However, I still see your point.
If you have an all Cisco VTP network, that is exactly the scenario that VTP pruning was built to serve. It does that very well, and you don't have to remember to change allowed VLAN statements on a bunch of trunks if you need a VLAN in a switch where it wasn't configured before. IMHO that is creating a lot of work for no reason that I can determine.
08-15-2022 04:45 AM - edited 08-15-2022 05:15 AM
Friend make it simple to you,
VLAN in below meaning the VLAN of client not VLAN of DHCP Server
***the VLAN is allow and add in all SW
here
**either you turn OFF VTP and config it manually (ADD VLAN in EACH SW) and allow VLAN in trunk
**or run VTP and make sure the VLAN is allow in trunk between the Access to Core SW
***the VLAN in Access SW only
here you need to config ip helper address in access SW and no need to allow VLAN
only e sure that the DHPC server is ping from VLAN SVI.
08-15-2022 07:14 AM
Starting a new post for related issue. When I create a VLAN interface on an access switch and add an ip helper-address, the network slows down noticeably.
08-15-2022 07:51 AM
I have started a related post for a problem after adding a VLAN interface:
08-16-2022 04:33 AM - edited 08-16-2022 04:33 AM
Thank you Elliot, Reza, and MHM for providing helpful information.
My boss would like me to move on from this post now.
Thank you all community!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide