↪️
ccie.nyquist.eu
  • Table of Contents
  • Layer 2 Technologies
    • Ethernet Switching
      • L2 Switch Operations
      • Spanning Tree
        • 802.1d – STP
        • 802.1w – RSTP
        • 802.1s – MSTP
      • VTP 101
      • Private VLANs
      • VLANs
      • EtherChannel 101
    • Layer 2 WAN Protocols
      • HDLC
        • HDLC 101
      • PPP
        • PPP 101
        • PPP Authentication - PAP
        • PPP Authentication – CHAP
        • PPP Authentication – EAP
        • PPP Multilink
        • PPPoFR – PPP over Frame Relay
        • PPPoE – PPP over Ethernet
      • Frame Relay
        • Frame Relay 101
        • Frame Relay 102
        • Frame Relay Encapsulations – IETF vs Cisco
        • Multilink Frame Relay
        • Frame Relay Switching
        • Routing over Frame Relay
      • Bridging
        • Bridging on a router
        • MTU 101
    • Wireless
      • Wireless Principles
      • Wireless Implementations
      • Wireless Roaming
      • Wireless Authentication
        • WPA2 PSK
        • WPA2 802.1X
  • IPv4
    • IPv4 Addressing
      • Backup Interfaces
      • FHRP 101
      • DHCP 101
      • DNS 101
      • ARP 101
      • IPv4 101
      • Tunnel Interfaces
        • GRE Tunnels
      • BFD – Bidirectional Forwarding Detection
    • IPv4 Routing
      • How the routing table is built
        • How CEF works
        • Routing Order of Operations
        • NSF – Non Stop Forwarding
      • RIP
        • RIP 101
      • EIGRP
        • EIGRP 101
        • EIGRP Metric
        • More EIGRP Features
      • OSPF
        • OSPF 101
        • OSPF Areas
        • OSPF LSAs
        • OSPF Mechanics
      • IS-IS
        • IS-IS 101
        • IS-IS Mechanics – CLNP
      • BGP
        • BGP 101
        • BGP Attributes
        • More BGP
      • Route Redistribution
      • Policy based Routing
      • PfR 101 – Perfromance Routing
      • ODR
  • IPv6
    • IPv6-101
    • IPv6 Routing
    • Interconnecting IPv6 and IPv4
  • MPLS
    • MPLS 101
    • MPLS L3 VPN
  • Multicast
    • Multicast 101
    • PIM 101
    • IGMP 101
    • Inter Domain Multicast
    • IPv6 Multicast
    • Multicast features on switches
  • Security
    • NAT 101
    • NAT for Overlapping Networks
    • ACLs 101
    • ACLs 102
    • Cisco IOS Firewall
    • Zone Based Firewall
    • AAA 101
    • Controlling CLI Access
    • Control Plane
    • Switch Security
      • Switchport Traffic Control
      • Switchport Port Security
      • DHCP Snooping and DAI
      • 802.1x
      • Switch ACLs
    • IPSec VPN 101
      • IKE / ISAKMP 101
      • IPSEC Crypto Maps 101
      • IPSEC VTI 101
      • DMVPN 101
    • EAP 101
  • Network Services
    • NTP 101
    • HTTP 101
    • File Transfer 101 – TFTP & FTP
    • WCCP 101
  • QoS
    • QoS 101
    • Classification and Marking
    • Congestion Management
      • Legacy Congestion Management
      • SPD – Selective Packet Discard
      • CBWFQ
      • IP RTP Priority
    • Congestion Avoidance – WRED
    • Policing and Shaping
      • CAR 101
    • Compression and LFI
      • Header and Payload Compression
      • LFI for MultiLink PPP
    • Frame Relay QoS
      • Per VC Frame Relay QoS
    • RSVP 101
    • Switching QoS
  • Network Optimization
    • NetFlow 101 – TNF – Traditional NetFlow
    • NetFlow 102 – FNF – Flexible NetFlow
    • IP SLA 101
    • IP Accounting 101
    • Logging 101
    • SNMP and RMON 101
    • Cisco CLI Tips and Tricks
    • AutoInstall
    • Enhanced Object Tracking
    • Troubleshooting 101
    • SPAN, RSPAN, ERSPAN
  • Network Architecture
    • Hierarchical Network Architecture
    • SD Access
    • SD WAN
Powered by GitBook
On this page
  • How it works
  • VTP version 1 and 2
  • Improvements in VTP version 3
  • VTP Versions
  • Version 1
  • Version 2
  • Version 3
  • VTP Mode
  • Server
  • Client
  • Transparent
  • Domain
  • Passwords
  • VTP Pruning

Was this helpful?

  1. Layer 2 Technologies
  2. Ethernet Switching

VTP 101

How it works

VTP (VLAN Trunking Protocol) is used to advertise VLAN information between connected switches in a network. VTP messages are sent only on trunk ports. VTP advertises the VLAN_ID, VLAN_NAME, VLAN_TYPE and VLAN_STATE information for each VLAN. VTP doesn’t send any information regarding port assignment to VLANs.

There are 3 modes VTP can run in: server, client and transparent. Switches running in client mode can’t make changes to the VLAN information and only changes on switches in server mode are advertised to the other switches.

VTP version 1 and 2

Changes on VTP servers result in the VTP revision number being incremented and the propagation of new VLAN information in VTP messages. Upon receiving the message, a VTP server or client verifies the received revision number against it’s stored revision number and if the received one is higher, will save the new information in the vlan.dat file.

Improvements in VTP version 3

Due to numerous issues that can occur if there are multiple VTP servers that can change the configuration in a domain, VPTv3 introduces the concept of Primary VTP Server, which is the only switch that can perform changes to the VLAN information (together with the transparent switches, but they are independent). All other VTP servers actually work like clients, the difference being that they can be promoted to a Primary Serer role. To make things safer, switches will only accept VTP changes from the primary server they know and will ignore changes if another primary server comes up, even if its updates have a higher revision number.

VTP Versions

Sw(config)# vtp version {1|2|3}
!Default: 1

Version 1

  • supports only Normal Range VLANs: 1-1005

  • In transparent mode, it forwards only version 1 advertisements received on trunk links if VTP domain is NULL or if it matches the domain in the message

Version 2

  • supports only Normal Range VLANs: 1-1005

  • In transparent mode, it forwards any VTP advertisements received on trunk links if VTP domain is NULL or if it matches the domain in the message

Version 3

  • Supports Normal and Extended Range VLANs (1-4094), including Private VLANs, but is only available starting with IOS 12.2.(52)SE.

  • In transparent mode, it forwards VTP advertisements received on trunk links if VTP domain is NULL or if it matches the domain in the message

  • Passwords are not shown in clear text anymore.

  • Supports an OFF mode where VTP is disabled (per switch, or per interface) and received VTP messages are dropped:

    Sw(config-if)# no vtp
  • Server role changed to support a single primary VTP server and several secondary VTP servers. Only the primary server can change the VLAN information, and only one can exist at one time. VTP primary server role is requested through an EXEC command

  • Backwards compatibile to VTPv1 and v2 by falling back to the detected version on each port

  • VTPv3 is a generalized protocol to exchange database information to other switches, so it is able to distribute MST region configurations as well

VTP Mode

To set the vtp mode, use:

Sw(config)# vtp mode {client|server|transparent|off}
! Default: server
! off is only available in VTPv3

To see the mode, use:

Sw# show vtp status

Server

  • It can create, modify and delete VLANs

  • It sends and receives VLAN configuration in VTP advertisements, over trunk links.

  • It will accept configuration changes from other VTP Servers

In version 3, to make a VTP server primary, use:

Sw# vtp primary

Client

  • It cannot create, modify and delete VLANs

  • It sends and receives VLAN configuration in VTP advertisements, over trunk links.

  • It will accept configuration changes from other VTP Servers

Transparent

  • It can create, modify and delete VLANs, but they have local significance

  • Forwards VLAN configuration in VTP advertisements, over trunk links, as long as the messages are for the same domain as the switch, or if the switch hasn’t been configured with a domain name (domain=NULL).

  • It will not accept configuration changes from other VTP Servers

Domain

To accept VTP advertisements, switches must be in the same VTP Domain. By default, a switch is set up as a VTP Server, but with a NULL domain name and it will act like a transparent VTP switch. If the VTP Domain is NULL, the switch will set its VTP domain to the first Domain that it sees in a VTP advertisement. You can manually set the domain with:

Sw(config)# vtp domain VTP-DOMAIN

Passwords

For each VTP domain, a VTP password can be set in order to authenticate VTP advertisements.

Sw(config)# vtp password VTP-PASS [hidden]
! hidden is only available for VTPv3

To see the password used:

Sw(config)# show vtp password
!It will show either plain text or the encrypted password, depending on how it was configured

VTP Pruning

Pruning prevents VLANs from being carried over trunks where they are not needed. Pruning can be enabled only on one VTP server

Sw(config)# vtp pruning

VTP Pruning can only prune a list of pruning-eligible VLANs that are configured per interface:

Sw(config-if)# switchport trunk pruning vlan {add VLAN-LIST|remove VLAN-LIST|except VLAN-LIST|none}
Previous802.1s – MSTPNextPrivate VLANs

Last updated 3 years ago

Was this helpful?