VTP 101

How it works
VTP (VLAN Trunking Protocol) is used to advertise VLAN information between connected switches in a network. VTP messages are sent only on trunk ports. VTP advertises the VLAN_ID, VLAN_NAME, VLAN_TYPE and VLAN_STATE information for each VLAN. VTP doesn’t send any information regarding port assignment to VLANs.
There are 3 modes VTP can run in: server, client and transparent. Switches running in client mode can’t make changes to the VLAN information and only changes on switches in server mode are advertised to the other switches.
VTP version 1 and 2
Changes on VTP servers result in the VTP revision number being incremented and the propagation of new VLAN information in VTP messages. Upon receiving the message, a VTP server or client verifies the received revision number against it’s stored revision number and if the received one is higher, will save the new information in the vlan.dat file.
Improvements in VTP version 3
Due to numerous issues that can occur if there are multiple VTP servers that can change the configuration in a domain, VPTv3 introduces the concept of Primary VTP Server, which is the only switch that can perform changes to the VLAN information (together with the transparent switches, but they are independent). All other VTP servers actually work like clients, the difference being that they can be promoted to a Primary Serer role. To make things safer, switches will only accept VTP changes from the primary server they know and will ignore changes if another primary server comes up, even if its updates have a higher revision number.
VTP Versions
Sw(config)# vtp version {1|2|3}
!Default: 1
Version 1
supports only Normal Range VLANs: 1-1005
In transparent mode, it forwards only version 1 advertisements received on trunk links if VTP domain is NULL or if it matches the domain in the message
Version 2
supports only Normal Range VLANs: 1-1005
In transparent mode, it forwards any VTP advertisements received on trunk links if VTP domain is NULL or if it matches the domain in the message
Version 3
Supports Normal and Extended Range VLANs (1-4094), including Private VLANs, but is only available starting with IOS 12.2.(52)SE.
In transparent mode, it forwards VTP advertisements received on trunk links if VTP domain is NULL or if it matches the domain in the message
Passwords are not shown in clear text anymore.
Supports an OFF mode where VTP is disabled (per switch, or per interface) and received VTP messages are dropped:
Sw(config-if)# no vtp
Server role changed to support a single primary VTP server and several secondary VTP servers. Only the primary server can change the VLAN information, and only one can exist at one time. VTP primary server role is requested through an EXEC command
Backwards compatibile to VTPv1 and v2 by falling back to the detected version on each port
VTPv3 is a generalized protocol to exchange database information to other switches, so it is able to distribute MST region configurations as well
VTP Mode
To set the vtp mode, use:
Sw(config)# vtp mode {client|server|transparent|off}
! Default: server
! off is only available in VTPv3
To see the mode, use:
Sw# show vtp status
Server
It can create, modify and delete VLANs
It sends and receives VLAN configuration in VTP advertisements, over trunk links.
It will accept configuration changes from other VTP Servers
In version 3, to make a VTP server primary, use:
Sw# vtp primary
Client
It cannot create, modify and delete VLANs
It sends and receives VLAN configuration in VTP advertisements, over trunk links.
It will accept configuration changes from other VTP Servers
Transparent
It can create, modify and delete VLANs, but they have local significance
Forwards VLAN configuration in VTP advertisements, over trunk links, as long as the messages are for the same domain as the switch, or if the switch hasn’t been configured with a domain name (domain=NULL).
It will not accept configuration changes from other VTP Servers
Domain
To accept VTP advertisements, switches must be in the same VTP Domain. By default, a switch is set up as a VTP Server, but with a NULL domain name and it will act like a transparent VTP switch. If the VTP Domain is NULL, the switch will set its VTP domain to the first Domain that it sees in a VTP advertisement. You can manually set the domain with:
Sw(config)# vtp domain VTP-DOMAIN
Passwords
For each VTP domain, a VTP password can be set in order to authenticate VTP advertisements.
Sw(config)# vtp password VTP-PASS [hidden]
! hidden is only available for VTPv3
To see the password used:
Sw(config)# show vtp password
!It will show either plain text or the encrypted password, depending on how it was configured
VTP Pruning
Pruning prevents VLANs from being carried over trunks where they are not needed. Pruning can be enabled only on one VTP server
Sw(config)# vtp pruning
VTP Pruning can only prune a list of pruning-eligible VLANs that are configured per interface:
Sw(config-if)# switchport trunk pruning vlan {add VLAN-LIST|remove VLAN-LIST|except VLAN-LIST|none}

802.1s – MSTP

Private VLANs

Last modified 10mo ago

Copy link

On this page

How it works

VTP version 1 and 2

Improvements in VTP version 3

VTP Versions

Version 1

Version 2

Version 3

VTP Mode

Server

Client

Transparent

Domain

Passwords

VTP Pruning