• Skip to content
  • Skip to footer

Packet6

San Francisco Bay Area Wi-Fi Professional Services

  • About Us
  • Blog
  • Services
  • Contact Us

CCNP SWITCH – Manual Pruning

September 17, 2014 by Rowell Dionicio Leave a Comment

In VTP, objective 1.4.a, we discussed VTP pruning. That is the automatic method of pruning VLANs from going across trunk links when it was not necessary. The ideal way to prune VLANs over a trunk is to do it manually.

By default, all VLANs configured are allowed:

SW1#sh interfaces f0/1 trunk

Port Mode Encapsulation Status Native vlan
Fa0/1 on 802.1q trunking 1

Port Vlans allowed on trunk
Fa0/1 1-4094

Port Vlans allowed and active in management domain
Fa0/1 1,10,20,30,40,100

Port Vlans in spanning tree forwarding state and not pruned
Fa0/1 1,10,20,30,40,100

Let’s say I want to manually prune VLAN 100 from the trunk link. We configure it with the command switchport trunk allowed vlan remove vlan-list

SW1(config)#int f0/1
SW1(config-if)#switchport trunk allowed vlan remove 100
SW1(config-if)#end

Now let’s verify if VLAN 100 is allowed on the trunk.

SW1#sh int f0/1 trunk

Port Mode Encapsulation Status Native vlan
Fa0/1 on 802.1q trunking 1

Port Vlans allowed on trunk
Fa0/1 1-99,101-4094

Port Vlans allowed and active in management domain
Fa0/1 1,10,20,30,40

Port Vlans in spanning tree forwarding state and not pruned
Fa0/1 1,10,20,30,40

Using the switchport trunk allowed vlan remove vlan-list command will remove it from the trunk interface completely. This method works if VTP pruning is not enabled.

How can you manually prune VLANs with VTP pruning enabled?

After removing the manual pruning settings from above, let’s take a look at our trunk interface:

SW1#sh int f0/1 trunk

Port Mode Encapsulation Status Native vlan
Fa0/1 on 802.1q trunking 1

Port Vlans allowed on trunk
Fa0/1 1-4094

Port Vlans allowed and active in management domain
Fa0/1 1,10,20,30,40,100

Port Vlans in spanning tree forwarding state and not pruned
Fa0/1 1,10,20,30,40,100

Now we will enable VTP pruning:

SW1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
SW1(config)#vtp pruning
Pruning switched on
SW1(config)#

SW1(config)#do show interface f0/1 switchport
Name: Fa0/1
Switchport: Enabled
Administrative Mode: trunk
Operational Mode: trunk
Administrative Trunking Encapsulation: dot1q
Operational Trunking Encapsulation: dot1q
Negotiation of Trunking: On
Access Mode VLAN: 1 (default)
Trunking Native Mode VLAN: 1 (default)
Administrative Native VLAN tagging: enabled
Voice VLAN: none
Administrative private-vlan host-association: none
Administrative private-vlan mapping: none
Administrative private-vlan trunk native VLAN: none
Administrative private-vlan trunk Native VLAN tagging: enabled
Administrative private-vlan trunk encapsulation: dot1q
Administrative private-vlan trunk normal VLANs: none
Administrative private-vlan trunk associations: none
Administrative private-vlan trunk mappings: none
Operational private-vlan: none
Trunking VLANs Enabled: ALL
Pruning VLANs Enabled: 2-1001
Capture Mode Disabled
Capture VLANs Allowed: ALL

Protected: false
Unknown unicast blocked: disabled
Unknown multicast blocked: disabled
Appliance trust: none
SW1(config)#do show interface f0/1 trunk

Port Mode Encapsulation Status Native vlan
Fa0/1 on 802.1q trunking 1

Port Vlans allowed on trunk
Fa0/1 1-4094

Port Vlans allowed and active in management domain
Fa0/1 1,10,20,30,40,100

Port Vlans in spanning tree forwarding state and not pruned
Fa0/1 1

On the trunk interface, let’s define which VLANs should NOT be pruned.

SW1(config)#interface f0/1
SW1(config-if)#switchport trunk pruning vlan remove 10,20,30,40
SW1(config-if)#end
SW1#
SW1#show interface f0/1 switchport
Name: Fa0/1
Switchport: Enabled
Administrative Mode: trunk
Operational Mode: trunk
Administrative Trunking Encapsulation: dot1q
Operational Trunking Encapsulation: dot1q
Negotiation of Trunking: On
Access Mode VLAN: 1 (default)
Trunking Native Mode VLAN: 1 (default)
Administrative Native VLAN tagging: enabled
Voice VLAN: none
Administrative private-vlan host-association: none
Administrative private-vlan mapping: none
Administrative private-vlan trunk native VLAN: none
Administrative private-vlan trunk Native VLAN tagging: enabled
Administrative private-vlan trunk encapsulation: dot1q
Administrative private-vlan trunk normal VLANs: none
Administrative private-vlan trunk associations: none
Administrative private-vlan trunk mappings: none
Operational private-vlan: none
Trunking VLANs Enabled: ALL
Pruning VLANs Enabled: 2-9,11-19,21-29,31-39,41-1001
Capture Mode Disabled
Capture VLANs Allowed: ALL

Protected: false
Unknown unicast blocked: disabled
Unknown multicast blocked: disabled
Appliance trust: none
SW1#show interface f0/1 trunk

Port Mode Encapsulation Status Native vlan
Fa0/1 on 802.1q trunking 1

Port Vlans allowed on trunk
Fa0/1 1-4094

Port Vlans allowed and active in management domain
Fa0/1 1,10,20,30,40,100

Port Vlans in spanning tree forwarding state and not pruned
Fa0/1 1,10,20,30,40

Notice that with the show interface f0/1 switchport displays the list of VLANs being pruned.

The results of the show interface f0/1 trunk displays at the very bottom, which VLANs are NOT pruned.

Takeaways

Issuing the switchport trunk allowed vlan remove vlan-id will remove that VLAN completely off of the trunk link. A safer method would be to enable VTP pruning and then add a list of VLANs that should NOT be pruned – switchport trunk pruning vlan remove vlan-list.

Related

Filed Under: Certification Tagged With: 300-115, ccnp, SWITCH, vtp

About Rowell Dionicio

I am Rowell Dionicio, a network engineer with a coffee addiction and a passion for Wi-Fi. Follow me on Twitter, LinkedIn, Facebook and YouTube.

Footer

LET’S TALK

Are you ready to improve your wireless network?

WE'RE LISTENING

© Copyright 2018 Packet6 · All Rights Reserved ·