In VTP, objective 1.4.a, we discussed VTP pruning. That is the automatic method of pruning VLANs from going across trunk links when it was not necessary. The ideal way to prune VLANs over a trunk is to do it manually.
By default, all VLANs configured are allowed:
SW1#sh interfaces f0/1 trunk Port Mode Encapsulation Status Native vlan Fa0/1 on 802.1q trunking 1 Port Vlans allowed on trunk Fa0/1 1-4094 Port Vlans allowed and active in management domain Fa0/1 1,10,20,30,40,100 Port Vlans in spanning tree forwarding state and not pruned Fa0/1 1,10,20,30,40,100
Let’s say I want to manually prune VLAN 100 from the trunk link. We configure it with the command switchport trunk allowed vlan remove vlan-list
SW1(config)#int f0/1 SW1(config-if)#switchport trunk allowed vlan remove 100 SW1(config-if)#end
Now let’s verify if VLAN 100 is allowed on the trunk.
SW1#sh int f0/1 trunk Port Mode Encapsulation Status Native vlan Fa0/1 on 802.1q trunking 1 Port Vlans allowed on trunk Fa0/1 1-99,101-4094 Port Vlans allowed and active in management domain Fa0/1 1,10,20,30,40 Port Vlans in spanning tree forwarding state and not pruned Fa0/1 1,10,20,30,40
Using the switchport trunk allowed vlan remove vlan-list command will remove it from the trunk interface completely. This method works if VTP pruning is not enabled.
How can you manually prune VLANs with VTP pruning enabled?
After removing the manual pruning settings from above, let’s take a look at our trunk interface:
SW1#sh int f0/1 trunk Port Mode Encapsulation Status Native vlan Fa0/1 on 802.1q trunking 1 Port Vlans allowed on trunk Fa0/1 1-4094 Port Vlans allowed and active in management domain Fa0/1 1,10,20,30,40,100 Port Vlans in spanning tree forwarding state and not pruned Fa0/1 1,10,20,30,40,100
Now we will enable VTP pruning:
SW1#conf t Enter configuration commands, one per line. End with CNTL/Z. SW1(config)#vtp pruning Pruning switched on SW1(config)# SW1(config)#do show interface f0/1 switchport Name: Fa0/1 Switchport: Enabled Administrative Mode: trunk Operational Mode: trunk Administrative Trunking Encapsulation: dot1q Operational Trunking Encapsulation: dot1q Negotiation of Trunking: On Access Mode VLAN: 1 (default) Trunking Native Mode VLAN: 1 (default) Administrative Native VLAN tagging: enabled Voice VLAN: none Administrative private-vlan host-association: none Administrative private-vlan mapping: none Administrative private-vlan trunk native VLAN: none Administrative private-vlan trunk Native VLAN tagging: enabled Administrative private-vlan trunk encapsulation: dot1q Administrative private-vlan trunk normal VLANs: none Administrative private-vlan trunk associations: none Administrative private-vlan trunk mappings: none Operational private-vlan: none Trunking VLANs Enabled: ALL Pruning VLANs Enabled: 2-1001 Capture Mode Disabled Capture VLANs Allowed: ALL Protected: false Unknown unicast blocked: disabled Unknown multicast blocked: disabled Appliance trust: none
SW1(config)#do show interface f0/1 trunk Port Mode Encapsulation Status Native vlan Fa0/1 on 802.1q trunking 1 Port Vlans allowed on trunk Fa0/1 1-4094 Port Vlans allowed and active in management domain Fa0/1 1,10,20,30,40,100 Port Vlans in spanning tree forwarding state and not pruned Fa0/1 1
On the trunk interface, let’s define which VLANs should NOT be pruned.
SW1(config)#interface f0/1 SW1(config-if)#switchport trunk pruning vlan remove 10,20,30,40 SW1(config-if)#end SW1# SW1#show interface f0/1 switchport Name: Fa0/1 Switchport: Enabled Administrative Mode: trunk Operational Mode: trunk Administrative Trunking Encapsulation: dot1q Operational Trunking Encapsulation: dot1q Negotiation of Trunking: On Access Mode VLAN: 1 (default) Trunking Native Mode VLAN: 1 (default) Administrative Native VLAN tagging: enabled Voice VLAN: none Administrative private-vlan host-association: none Administrative private-vlan mapping: none Administrative private-vlan trunk native VLAN: none Administrative private-vlan trunk Native VLAN tagging: enabled Administrative private-vlan trunk encapsulation: dot1q Administrative private-vlan trunk normal VLANs: none Administrative private-vlan trunk associations: none Administrative private-vlan trunk mappings: none Operational private-vlan: none Trunking VLANs Enabled: ALL Pruning VLANs Enabled: 2-9,11-19,21-29,31-39,41-1001 Capture Mode Disabled Capture VLANs Allowed: ALL Protected: false Unknown unicast blocked: disabled Unknown multicast blocked: disabled Appliance trust: none
SW1#show interface f0/1 trunk Port Mode Encapsulation Status Native vlan Fa0/1 on 802.1q trunking 1 Port Vlans allowed on trunk Fa0/1 1-4094 Port Vlans allowed and active in management domain Fa0/1 1,10,20,30,40,100 Port Vlans in spanning tree forwarding state and not pruned Fa0/1 1,10,20,30,40
Notice that with the show interface f0/1 switchport displays the list of VLANs being pruned.
The results of the show interface f0/1 trunk displays at the very bottom, which VLANs are NOT pruned.
Takeaways
Issuing the switchport trunk allowed vlan remove vlan-id will remove that VLAN completely off of the trunk link. A safer method would be to enable VTP pruning and then add a list of VLANs that should NOT be pruned – switchport trunk pruning vlan remove vlan-list.
