[c-nsp] Spanning Tree Max VLAN's 35xx
Laura Kristoff
l-grill at northwestern.edu
Wed Aug 30 16:23:10 EDT 2006
sthaug at nethelp.no wrote:
>>> What is the best way to filter out VLAN's headed to the device? If I put
>>> VLAN allow lists on the uplink ports does that do anything to limit the STP
>>> instances or is all of that being carried by VTP to the switch regardless of
>>> filters? What about VTP Pruning on the VTP server?
>>>
>> We ran into this a lot. What we finally did is to change all of our
>> switches to transparent mode (so basically disabled VTP). You'd
>> still have to go and manually delete all the unused VLANs after you make
>> the change. It may not work for you if you like the automation provided
>> by VTP, but we prefer to just manually create the vlans we need on our
>> switches.
>>
>
> [...] We look at
> VTP as both unusable (because it forces the same VLANs on all switches)
> and dangerous (a screwup on the VTP master can have major impact).[...]
That's a good point about the "danger" aspect of it. We've got bitten by
that before. In fact even a switch configured as a VTP client can
overwrite a switch configured as a VTP server if the revision number on
the client happens to be higher (like when it was used in the lab and
underwent a bunch of changes to the vlan configuration). Very scary.
More information about the cisco-nsp
mailing list