Vlan Pruning

Go down

Vlan Pruning

Post by sheraz on Sun Aug 30, 2015 12:35 pm

i have studied vlan pruning, but i dont know why i think that i am not quite familiar with its concept fully and that is why i have a question and the question is that as a CCIE level engineer how will you explain what is vlan pruning in the simplest words to a person who has not in depth  knowledge of vlans


Posts : 1
Join date : 2015-08-30
Age : 27
Location : Multan city

View user profile

Back to top Go down

Re: Vlan Pruning

Post by daniel.larsson on Sun Aug 30, 2015 3:35 pm

Hi Sheraz,

First you would have to know what a VLAN is so i will assume that you know exactly what a VLAN is.
As you know you can span VLAN's across multiple switches in a switched network, either by using the VTP-protocol or by manually configuring the VLANs on every switch.

To move traffic between VLANs you need a Trunk-Connection (cisco terminology, other vendors uses Tagged port as the terminology).

Now to explain what VLAN pruning is in the simpliest Word that would be.

VLAN-pruning is a feature within the Cisco IOS that allows you to block Broadcast and Multicast traffic inside a VLAN so that it doesn't spread to switches with no Active ports in that VLAN.
It will automagically use the command "switchport trunk allowed vlan x,y,z" to only allow the VLAN:s on the trunk that are Active on the uplink/downlink switch.

What that means is that from a design perspective, it doesn't make sense to send broadcast and multicast traffic to the entire VLAN (meaning all switches that is using this VLAN). It only makes sense to send this traffic to switches that actually uses this VLAN.

So what it does is that it blocks multicast and broadcast traffic on the trunk-ports (interswitch-links like downlinks/uplinks) if the upstream/downstream switch has no Active ports in that VLAN.

Very important note: You need to be very careful when using the vtp-pruning since you can end up blackholing/misconfiguring your VLAN-traffic in some topologies.

In this topology for example it works well for users on Switch 1 and Switch 4:

As the image explains (used an already good image instead of making my own topology), any broadcast and multicast traffic is blocked between Switch 2 and 3, and from switch 4 up towards switch 5 and 6.
Because there are no Active ports in that VLAN, they are only used in Switch 1 and Switch 4 - so it makes sense to only send traffic towards those switches.

But be very careful. What happens if you put hosts on Switch 6 in the same VLAN?

As you probably imagined, they are completely isolated because the VTP-pruning.
Because from Switch 4 perspective, Switch 5 have no Active ports in that VLAN so the VLAN is pruned (blocked upstreams).
And from Switch 6 perspective, Switch 5 has no Active ports in that VLAN so it's pruned downstream. (blcked downstreams).

So what you did with VLAN pruning there is actually blackholed your traffic and made a faulty configuration/design.

The key goal with VTP is to block traffic from spreading further in your network than it has to.

But it's stupid by design in that .... it will only look at the downstream and the upstream switch to see if there are any Active ports in that VLAN. It will not care what happens further away in your network.
So the general best practice configuration is to never enable VTP-pruning if your VLAN-s span more than a sing-e switch-hop away.

If you have VLAN:s spanning more than one switch-hop away you can manually prune your VLANs using the "switchport trunk allowed vlans X" command and specify which vlans you want to allow on the trunk.

Note: That's actually what VTP-pruning will do for you. It will "prune", remove VLAN:s from the allowed list on the trunk-port, if it's not Active on that link.

Just let me know if that didn't make any sense for you Smile!

Posts : 47
Join date : 2015-04-30
Age : 35
Location : Boras, Sweden

View user profile http://cciersv5.board-directory.net

Back to top Go down

Back to top

Permissions in this forum:
You cannot reply to topics in this forum