Manual pruning

[MrOyvind]

Hi

On transparent switches manual pruning is required!
I`m not sure about where to place the trunk configuration, only that it should be configured upstreams!
Should the switchport trunk pruning at the trunk interface be configured only at one end of the trunk, or in both ends of the trunk between two switches?
Upstreams in this configuration means upstreams from a layer 3 device or spanning tree root ?
If two transparent switches are connected together via trunk and a layer 3 device at the one end, with different VLAN`s, and I want to only prune the VLANS`s at the edge switch. Is it right to configure VTP pruning only at the trunk interface on the edge switch ? Or the trunk upstreams from the layer 3 on the switch in the middle ?

Thank you

 

[VinceWhirlwind]

If all your switches are transparent, then you don't need to worry about VTP pruning because - correct me if I'm wrong - transparent switches don't send VTP updates.

 

[MrOyvind]

Pruning stops unicast, broadcast an other unwanted traffic consuming bandwidth on switches where there is no active users.
It`s not about VTP updates. But in server\client switched networks its`s configured only on the VTP server.
A search on the web says it should be configured on the upstream links in Transparent mode.
But I need the details.

 

[ADB100]

VTP transparent switches don't send VTP updates, nor do they act on VTP updates received. However they will pass VTP messages on - i.e. a VTP Server switch is connected on a trunk to a VTP Transparent switch, this in turn connects to a VTP Client on a trunk. If the VTP Server issues a VTP update the VTP Transparent switch will not do anything with the update (add, remove, rename VLANs etc) however the update will travel to the VTP Client switch and this will act on the update.

VTP Transparent (or disabled if available in the IOS) all the way. Manual pruning with only specifically allowed VLANs per trunk - keep in control...

Andy

 

[MrOyvind]

The reason for my question is that one of the lab questions in the IPswitch certification is to create manual pruning on transparent switches.
I will try to take the certificate very soon, but need the details about where to place the trunk configurations in a network with transparent switches, configured with different VLAN`s on each switch.
Thank you.

 

[VinceWhirlwind]

VTP pruning is when you limit what VTP updates are sent out from a switch. VLAN "pruning" has not much to do with VTP.

Each switch has ports in certain VLANs. You only create the VLANs on that switch if they are required on that switch and the uplink port(s) on that switch only need to pass those VLANs that exist on that switch.

Similarly on the upstream switch - you only need to allow on the downlink interface the VLANs that the connected switchport is allowing.

So a switchport like this:
!
interface GigabitEthernet1/0/50
description UPLINK
switchport trunk encapsulation dot1q
switchport mode trunk
!
By default (Cisco) allows all/any VLANs.

If you configure it like this:
!
interface GigabitEthernet1/0/50
description UPLINK
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 199,500
switchport mode trunk
!
You are "pruning" the VLANs to only allow 199 & 500 through that interface.

If you are working from a proper design, then this just comes naturally. If you are working on somebody else's config (eg, the exam question you mention) then the first thing is to draw up the design.
Draw the switches, identify what VLANs are required where, and then you can write up all the interface VLAN configurations.

 

[MrOyvind]

OK, I understand the switchport trunk allowed vlan. I thought the manual trunking would be configured like this :

interface g0/1
switchport trunk pruning vlan x,x

It seems to be wrong!

 

[VinceWhirlwind]

Because the word "pruning" is used in relation to VTP, it might be best to use the terminology VLAN "allowed" when talking about VLANs.

 

[CommAdmin]

Just a note, I ocnfigured as such (where allowed/pruning is concerned):

interface gix/y
switchport trunk allowed vlan 1

>> Then I added

switchport trunk pruning vlan 2-1001

I believe when you use the "allowed" statement, all other VLANS not "allowed" are pruned. The pruning statement doesn't show up in the config at all, either standard or 'show runn all'.

But then you probably already knew this... ;-)

 

[Quadratic]

Just one thing to be mindful of there with that command syntax. When you want to add another vlan (let's say, vlan 5) to that trunk, the syntax would be:

switchport trunk allowed vlan ***!!!>>>add<<<!!!*** 5

In case you didn't catch it, the word "add" there is of incredible importance. Without it, in that example a "switchport trunk allowed vlan 5" would overwrite the existing trunk configuration to only allow that one vlan through.

Having said that, I agree with the overall concensus here. Always explicitely permit vlans on a trunk, and implicitely deny all. It's the most efficient approach you can take.

CCNP, CCDP, CCIP
Core Network Planner, ISP