I was pondering my network design today and came upon an idea that makes lots of sense to me, but I fear that it may be a terrible idea. I just don't have enough knowledge or experience to convince myself one way or the other.
My network consists of a core layer and an edge layer (see diagram below). Currently if I need to add a vlan, I must create it on the core, add it to the uplinks for all edge switches, create it on the edge switches, and add it to the uplinks back to the core.
The idea that came to me is to configure the edge switch ends of the uplinks to do all VLANs, but to specify allowed vlans on the core for each link. This would eliminate at least one step in the process of adding a new vlan. There are some VLANs on the core that have no need to exist on some or all of the edge switches, but there is little to no likelihood that a VLAN will ever exist on an edge switch that doesn't already exist on the core.
If this is a terrible idea, please explain why. If it is a decent idea, again please explain why. I appreciate any constructive criticism you might have to share.
Best Answer
There's a big difference between "allowed" vlans and "created" vlans. Very few (read: NONE) of the switches I'm aware of can handle 4095 vlans. Entering the equiv of
vlan create 1-4095(i.e. all vlans) will result in an error.switchport trunk allowed vlan 1-4095is not the same as having all vlans on the switch -- just that the port will not filter any vlans.Bottom line, you still have to go to every switch in the land to create any new vlan(s) and assign them to the necessary ports. Vlan pruning is simply a means to reduce traffic to switches that have no need for it. A broadcast packet will be replicated to all corners unless the vlan is pruned.
(and the only two protocols I know of to communicate vlan configuration -- VTP (cisco), and GVRP -- are a can of snakes, I just don't do it.)