cisco hands-on experience

Understanding VLAN Trunk Protocol

Understanding VLAN Trunk Protocol


1. Introduction

Vlan Trunk Protocol (VTP) reduces administrative effort in a switched network.
There are 3 different types of vtp operating modes.

          • Server
          • Client
          • Transparent


When you configure a new Vlan on one VTP Server, the Vlan is distributed through all switches
in the VTP domain. This reduces the need to configure the same Vlan on every Switch in a Layer 2
environment. VTP is a Cisco proprietary protocol thas is available on most of the Cisco Catalyst series products.
VTP minimizes misconfigurations and configuration inconsistencies that can result in a number of problems,
such as duplicate VLAN names, incorrect VLAN-type specifications, and security violations. Before you create VLANs,
you must decide whether to use VTP in your network. With VTP, you can make configuration changes centrally on one or more
network devices and have those changes automatically communicated to all the other network devices in the network.

There are 3 protocol versions with VTP. Let me explain the differences.

    1. Version 2
      VTP version 2 supports the following features not supported in version 1:

      • Token Ring support—VTP version 2 supports Token Ring LAN switching and VLANs
        Token Ring Bridge Relay Function and Token Ring Concentrator Relay Function.
      • Unrecognized Type-Length-Value (TLV) Support—A VTP server or client propagates configuration changes to its other trunks,
        even for TLVs that it is not able to parse. The unrecognized TLV is saved in NVRAM.
      • Version-Dependent Transparent Mode—In VTP version 1, a VTP transparent network device inspects VTP messages for the domain name
        and version and forwards a message only if the version and domain name match. Because only one domain is supported,
        VTP version 2 forwards VTP messages in transparent mode without checking the version.
      • Consistency Checks—In VTP version 2, VLAN consistency checks (such as VLAN names and values) are performed only when you enter
        new information through the CLI or SNMP. Consistency checks are not performed when new information is obtained from a VTP message,
        or when information is read from NVRAM. If the digest on a received VTP message is correct, its information is accepted without consistency checks.


    2. Version 3
      In Cisco IOS Release 12.2(33)SXI and later releases, VTP version 3 is supported.
      VTP version 3 supports all the features in version 1 and version 2.
      VTP version 3 also supports the following features not supported in version 1 and version 2:

      • Enhanced authentication—In VTP version 3, you can configure the authentication password to be hidden using the vtp password command. When you configure the authentication password to be hidden, it does not appear in plain text in the configuration. Instead, the secret associated with the password is saved in hexadecimal format in the running configuration. The password-string argument is an ASCII string from 1 to 64 characters identifying the administrative domain for the device.The hidden and secretkeywords for VTP password are supported only in VTP version 3.
        If converting to VTP version 2 from VTP version 3, you must remove the hidden or secret keyword prior to the conversion. These keywords are supported on the Catalyst 6500 series switch only.
      • Support for extended range VLAN database propagation—VTP version 1 and version 2 support VLANs 1 to 1000 only. In VTP version 3, the entire VLAN range is supported (VLANs 1 to 4094). The pruning of VLANs still applies to VLANs 1 to 1000 only. Extended-range VLANs are supported in VTP version 3 only. Private VLANs are supported in VTP version 3. If you convert from VTP version 3 to VTP version 2, the VLANs in the range 1006 to 4094 are removed from VTP control.
      • VLANs 1002 to 1005 are reserved VLANs in VTP version 1, version 2, and version 3.
      • Support for propagation of any database in a domain—In VTP version 1 and version 2, a VTP server is used to back up the database to the NVRAM and allows you to change the database information.

        In Cisco IOS Release 12.2(33)SXI and later releases, VTP version 3 supports Multiple Spanning Tree (802.1s) (MST) database propagation separate from the VLAN database only. In the MST database propagation, there is a VTP primary server and a VTP econdary server. A primary server allows you to alter the database information, and the database updates sent out are honored by all the devices in the system. A secondary server can only back up the updated VTP configuration received from the primary server in the NVRAMs. The status of the primary and secondary servers is a runtime status and is not configurable.

      • By default, all devices come up as secondary servers. You can enter the vtp primary privileged EXEC mode command to specify a primary server.
        The primary-server status is needed only when database changes have to be performed and is obtained when the administrator issues a takeover message in the domain. The primary-server status is lost when you reload, switch over, or the domain parameters change. The secondary servers back up the configuration and continue to propagate the database. You can have a working VTP domain without any primary servers. Primary and secondary servers may exist on an instance in the domain.
        In VTP version 3, there is no longer a restriction to propagate only VLAN database information. You can use VTP version 3 to propagate any database information across the VTP domain. A separate instance of the protocol is running for each application that uses VTP.
        Two VTP version 3 regions can only communicate over a VTP version 1 or VTP version 2 region in transparent mode.
      • CLI to turn off/on VTP on a per-trunk basis—You can enable VTP on a per-trunk basis using the vtp interface configuration mode command. You can disable VTP on a per-trunk basis using the no form of this command. When you disable VTP on the trunking port, all the VTP instances for that port are disabled. You will not be provided with the option of setting VTP to OFF for the MST database and ON for the VLAN database.


2. Understanding the VTP Domain

A VTP domain (also called a Vlan management domain) is made up of one or more Layer2 interconneted network devices that
share the same VTP domain. A network device can only configured for one VTP domain.
You can configure the VTP settings either you use the CLI or SNMP protocol.

VTP Server mode is the default and a switch is in a no-management domain and the VTP configuration number is 0.
A switch ignores VTP advertisement with a different VTP domain name.

3. Understanding VTP Modes
    • Server – In VTP server mode, you can create, modify, and delete VLANs and specify other configuration parameters (such as VTP version and VTP pruning) for the entire VTP domain. VTP servers advertise their VLAN configuration to other network devices in the same VTP domain and synchronize their VLAN configuration with other network devices based on advertisements received over trunk links. VTP server is the default mode.
    • Client—VTP clients behave the same way as VTP servers, but you cannot create, change, or delete VLANs on a VTP client.
    • Transparent—VTP transparent network devices do not participate in VTP. A VTP transparent network device does not advertise its VLAN configuration and does not synchronize its VLAN configuration based on received advertisements. However, in VTP version 2, a transparent network device will forward received VTP advertisements from its trunking LAN ports. In VTP version 3, a transparent network device is specific to an instance.
    • Off—In VTP off mode, a network device functions in the same manner as a VTP transparent device except that it does not forward VTP advertisements.
4. Understanding VTP Pruning

VTP pruning enhances network bandwidth use by reducing unnecessary flooded traffic, such as broadcast, multicast, unknown, and flooded unicast packets. VTP pruning increases available bandwidth by restricting flooded traffic to those trunk links that the traffic must use to access the appropriate network devices. By default, VTP pruning is disabled.

In VTP versions 1 and 2, when you enable or disable pruning, it is propagated to the entire domain and accepted by all the devices in that domain. In VTP version 3, the domain administrator must manually enable or disable VTP pruning explicitly on each device.

For VTP pruning to be effective, all devices in the management domain must support VTP pruning. On devices that do not support VTP pruning, you must manually configure the VLANs allowed on trunks.

Figure 1-1 shows a switched network without VTP pruning enabled. Interface 1 on network Switch 1 and port 2 on Switch 4 are assigned to the Red VLAN. A broadcast is sent from the host connected to Switch 1. Switch 1 floods the broadcast, and every network device in the network receives it, even though Switches 3, 5, and 6 have no ports in the Red VLAN.


figure 1-1 / VTP without pruning
figure 1-2 / VTP with pruning

For a better and deeper understandig following the links subsequent

Understanding VLAN Trunk Protocol (VTP)

VLAN Trunking Protocol (VTP)

5. Final configuration and important hints.

It is very important to have a look at the ‘configuration revision’ number, instead of considering the client
or server status. It is totally no matter.
The more vlans are configured on the switch, the higher is the configuration revision number.
If you bring up a device at the first time to a network you must be very carefully. If the revision number of a switch which is configured as
a client is higher than the revision number of a server switch, the client switch will overwrite the whole switching area with his
vlan database. So, if you not be very carefully, you can destroy a whole and hugh network.

There is no difference between server and client mode in combination with the configuration revision number.
You have only differences in operating mode. (see content above)

In transparent mode only VTP adverstisements in the same VTP domain will be forwarded and propagated over the LAN.

show command

Switch_xy#sh vtp status
VTP Version capable             : 1 to 3
VTP version running             : 2
VTP Domain Name                 :
VTP Pruning Mode                : Disabled
VTP Traps Generation            : Disabled
Device ID                       : 0cbc.96e4.6e00
Configuration last modified by at 0-0-00 00:00:00</p>
Feature VLAN:
VTP Operating Mode                : Transparent
Maximum VLANs supported locally   : 255
Number of existing VLANs          : 10
Configuration Revision            : 0
MD5 digest                        : 0x3E 0x9E 0xC0 0×94 0×31 0×60 0xDA 0×15
0xEE 0×41 0xF2 0xD4 0×42 0×57 0xD9 0×31

Leave a Reply


captcha *