How does pruning work?
VTP pruning enhances network bandwidth use by reducing unnecessary flooded traffic, such as broadcast, multicast, and unicast packets. VTP pruning increases available bandwidth by restricting flooded traffic to those trunk links that the traffic must use to access the appropriate network devices. By default, VTP pruning is disabled.
For VTP pruning to be effective, all devices in the management domain must either support VTP pruning or, on devices that do not support VTP pruning, you must manually configure the VLANs allowed on trunks.
How is pruning controlled? What is the default pruning behavior?
Enabling VTP pruning on a VTP server enables pruning for the entire management domain. VTP pruning takes effect several seconds after you enable it. By default, VLANs 2 through 1000 are eligible for pruning. VTP pruning does not prune traffic from pruning-ineligible VLANs. VLAN 1 is always ineligible for pruning; traffic from VLAN 1 cannot be pruned.
When the last switchport in a vlan is removed from said vlan, how and when is VTP triggered to prune said vlan?
Normally VTP does everything triggered and pruning will be done on the switch right away and then it triggers a vtp update. If you want to know the exact timer, then we will have to dig into Wireshark and do the experimental.
Now in case the cable is unplugged from the port, then it may take up to 30 sec to prune and thatâs because of the Spanning-tree instance that will be created.
I hope I could answer your questions.
shantel
(Shantel - Networklessons.com)
Split this topic
42
Hi Rene,
Thank you very much for your lesson on VTP.
Just one question ⌠I understand that the transparent switch will forward the vtp information for any domain. But will a client switch in say K1 domain forward the vtp information which it got from its neighbor which is in K2 domain forward that information to other K2 domain switches which are its other neighbors âŚ
Imagine you have three switches connected like so: SWA ====SWB====SWC where the ==== connections are trunks.
SWA is a VTP server in VTP_Domain1 and SWC is a client in that same domain, but SWB is a client in VTP_Domain2, then any VTP information sent by SWA will NOT be received by SWC. In order for that to occur, SWB must be in the same domain or be a transparent bridge.
I guess, this means that if we have a vlan (V1) in 2 switches which do not have direct physical connection, then VTP can be used for the management of these swithches, either only with the creation of vlan V1 in all the intermediate switches or making these intermediate switches transparent. In other words, V1 may have to be created all along the path, if there are 2 hosts sitting in 2 different buildings but belonging to the same vlan V1 and if we are using VTP for manangement (or else switches along the path can be transparent switches). Is this limiting the use of VTP âŚ
If we are not using VTP, then I guess we need not create V1 all along the path, and just need to allow V1 along the trunk lines. Am I correct in my observation ?
VTP updates are sent out trunk ports regardless of which VLANs are configured on the switches themselves. It doesnât matter what VLANs are configured on them. So if you have two switches, one VTP server and one VTP client that are not directly connected that have the same VTP domain, version and password, in order for them to sync up their VLAN information, the intermediate switch(es) must either be transparent OR have the same VTP config. VTP is not affected by the initial VLAN configuration of the switches, either intermediate or not, either transparent or not.
If youâre not using VTP, then you have to manually create all the VLANs that all the switches will use to communication in each switch on the network.
Hello Laz,
Letâs say a switch was connected to a VTP domain in a network. Now I have disconnected the switch from the network and want to revert the domain name back to null (as every switch has it by default). Is there any way to do it?
Yes, it is possible to change the VTP domain. There are no special requirements to do so. You can change the domain any time with the vtp domain domain-name command where domain-name is the name of the VTP domain you want to use.
Concerning the vtp mode off, Cisco explains it like so:
VTP off - A switch in VTP off mode functions in the same manner as a VTP transparent switch, except that it does not forward VTP advertisements on trunks.
Hello Laz,
Thanks for taking the time and reply to me. I am sorry for the confusion. When we power on a switch right out of the box, it has no vtp domain name(null). My question was how can we revert the domain name back to null or to the default settings of vtp as a switch comes with the default settings right out of the box. I was trying to delete the vlan.dat file on a 3750 to do it, but because of some reason it was not working. Then I tried it on a 2950. I did not work either. Finally I rebooted the device and all the vtp configuration went back to default (all the vtp configuration was wiped off). I have read everywhere that deleting vlan.dat file will remove the vtp setting to default. That is why I was doing it, but it did not work until I reloaded the device. It did not work on 3750 though even when I reloaded the device. I think that is because of some software issue. However, thank you so much as usual for your time and help.
After I did some vtp configuration:
After I deleted vlan.dat file and reloaded the device.
In order to revert the VTP configuration to its original âout of the boxâ state, you are correct when you say you should delete the vlan.dat file. The reloading of the device is necessary because active VLAN data is stored in RAM. This means if you delete the vlan.dat file, nothing will change until you reload and the VLAN info in RAM is purged. It kind of works the same way as the running-config file in RAM and the startup-config file in the NVRAM.
A more detailed description of vlan.dat file management on catalyst switches including the 3750 can be found here.
I have a question. A VTP Client can update a VTP server if it has a higher revision number? I thought that was just the serverâs job to update. I
Also, you state this: It will only change the domain-name if it doesnât have a domain-name.
So if a vtp client already has a domain-name, and we change the domain-name on a vtp server, it wonât propagate down to the client? How do we get around this? Change it back to Null first?
The answer to your question (unfortunately) is yes. If you have a client IN THE SAME DOMAIN with the SAME PASSWORD that has a higher revision number, the servers will all revert to the highest revision number. Just like Rene said, because a VTP server is also a client, it will be updated by any device with a higher revision number.
Having said that, if one is careful (with the appropriate domain names and passwords) VTP can be very useful. Just be careful.
Concerning the domain names, if a client does not have a domain name set, then it will automatically adopt the domain name of the extant VTP server (if one exists). If the client has already been configured with a domain name and it is different than that of the server, you can manually change the domain name so it matches. Once thatâs done (and passwords match as well, if any) then propagation will take place.
The following is good to know. Thinking back on a failure in my environment the likely cause was because of this.
âA VTP client can overwrite a VTP server if the revision number is higher because a VTP server is also a VTP clientâ
But below indicate this is now fixed in VTP version 3.
âVTP primary server: only the primary server is able to create / modify / delete VLANs. This is a great change as you can no longer âaccidentlyâ wipe all VLANs like you could with VTP version 1 or 2.â
As I understand VTP, pruning is only eligible on VLANs 2-1001. This makes sense since we know that vlan 1 is the default access vlan and is often used for control traffic. We also know VTP v1 and v2 donât support/propagate extended range vlans and store vlan information of 1-1005 in the vlan database file (vlan.dat). However, in VTP v3, extended range VLANs ARE supported/propagated and all VLAN information (1-4094) are stored in the the vlan database file (unless Iâm wrong and only 1-1005 are stored in the vlan.dat file). Why is it then, that extended VLANs (1006-4094) arenât eligible for pruning even if we were to be running VTP v3 on all switches? I havenât been able to find the answer anywhere and Cisco also doesnt explain why either in the link that I referenced below which is their official documentation on VTP pruning eligibility.
That is a good questionâŚextended range VLANs are saved in the VLAN database when you use VTPv3. I donât see any technical reason why we are unable to prune VLAN 1006-4094 when using VTPv3 so it seems itâs a design reason. I also tried to look up why they did this but I canât find anything at allâŚI guess this will remain a mystery for now.
So what is the conclusion? VTP is good or bad? VTP Pruning is the solution to the second problem (VLAN flooding), is there any solution to the first problem?
In addition, while VTP is enabled each switch in the same domain name learns the VLAN information. But in the show VLAN command, no ports were assigned to the VLAN created. Then how will a receiving switch decide on which port the corresponding VLAN is present (I am not talking about trunk ports).
Itâs not so much a matter of whether VTP is good or bad. The question is, is it right for you? VTP is EXTREMELY useful especially when you have tens or even hundreds of VLANs. Really, if you have that many, you canât live without VTP. You just have to know its dangers and take the appropriate precautions when implementing it. I know many deployments that use VTP successfully without any issues.
This is a very good question and it clarifies a misconception that exists with VTP. The only thing that VTP does is share the VLAN information. It does not configure VLANs on specific ports. This must be done on each switch individually. So when a receiving switch gets a frame, it will place it on whatever VLAN you have manually configured on that port.
