VTP

VLAN TRUNKING PROTOCOL

The Cisco proprietary VLAN Trunking Protocol

provides the service by which Cisco switches can
exchange VLAN configuration information.
VTP advertises the existence of each VLAN based
on its VLAN ID and VLAN name.
The name VLAN Trunking Protocol is because it
needs trunk links to propagate.
The complete process by which all switches have
the same VLAN information is known as VTP
Synchronization.
• What is the purpose of VTP?
• Used to synchronize VLAN information between
switches.
• Simplifies the management of VLANs.

• What is VTP not?

• Not a requirement of Ethernet networks.
• Does not define the broadcast domain.
 VTP modes…

Using VTP to announce, learn, synchronize VLAN

configuration information, a switch must be in
• VTP server mode
• VTP client mode
The another mode of VTP is
• VTP transparent mode
 VTP Server

• Creates and Delete VLANs.

• Advertises VLAN information using VTP messages.
• Synchronize with VLAN information from other VTP
advertisements.

• This is Default mode of Cisco Catalyst Switches.

• VLAN information is saved in vlan.dat file in flash memory.
 VTP Client

• Cannot Create/Delete VLANs.

• Advertises VLANs or VTP messages it
received.
• Synchronize with VLAN information from
other advertisements.
 VTP Transparent

• Creates/deletes locally significant VLANs, can not

advertise local VLAN information.
• Transparently forwards other VTP advertisements.
• Does not synchronize with VLAN information from
other advertisements.

• Note:- In this mode VLAN information is saved in

running-configuration file and flash memory.
 Synchronizing VLAN database

• For each trunk link, switches send VTP

messages and receive to listen them.
• Check received VTP messages with its local
VTP parameters.
• If the VTP parameters match, synchronize the
VLAN configuration database with the
message received. If not discard that VTP
message.
 VTP Configuration Revision Number

• Sequence number of the VLAN configuration

database.
• The number is incremented by 1 each time the
server switch changes the VLAN configuration. By
default it is 0.
• The VTP synchronization process follows the idea
that each switch must have the VLAN
configuration database with the best /highest
configuration revision number.
• A VTP domain is synchronized when revision
number matches in every switch.
 Requirements for VTP to work between two
switches…

• The link between two switches must be

operating as a VLAN trunk (ISL or 802.1Q).
• The two switches case sensitive VTP domain
name must match.
• If configured, both switches must have same
case sensitive VTP password.
VTP domain name and VTP password

• VTP domains:
It provides the facility to create multiple
groups of VTP switches in a layer 2 network,
each group is autonomous from other one.
Switches of one domain ignores the VTP
messages of switches of another domain.
• VTP password:
It prevents the attackers to change the VLAN
configuration, never transmitted in clear text.
 VTP versions

Cisco supports three VTP versions,

• VTP version 1
• VTP version 2
• VTP version 3
 VTP message types

• Summary advertisements
• Subset advertisement
• Advertisement requests
• VTP join messages
 Summary Advertisements
 By default, every switch issues a summary
advertisements in every five minutes.
 Summary advertisements inform adjacent switches
about the VTP domain name and current configuration
revision number.
 When the switch receives a summary advertisement
packet, the switch compares the VTP domain name to its
own VTP domain name. If the name is different, the
switch simply ignores the packet. If the name is the
same, the switch then compares the configuration
revision number to its own. If its own configuration
revision is higher or equal, the packet is ignored. If it is
lower, an advertisement request is sent.
 Subset Advertisements
 When there is add, delete, or change a VLAN in a
switch, the server switch where the changes are
made increments the configuration revision
number and issues a summary advertisement.
 A subset advertisement follows that summary
advertisement, contains a list of VLAN
information. If there are several VLANs, more
than one subset advertisement can be required
in order to advertise all the VLANs.
 Advertisement Requests

A switch generates a VTP advertisement request

in these situations:
• The switch has been reset.
• The VTP domain name has been changed.
• The switch has received a VTP summary
advertisement with a higher configuration
revision than its own.
After receive an advertisement request, a VTP
device sends a summary advertisement. One or
more subset advertisements follow the summary
advertisement.
 VTP pruning
• By default Cisco switches allows frames in all
configured VLANs to be passed over a trunk.
Switches floods broadcast and unknown unicast in
each active VLAN on these trunks.
• To manage the flow of broadcast is to manually
configure the allowed VLAN lists on the various
VLAN trunks.
• VTP dynamically determine which switches do not
have access ports in each VLAN and prune or
remove those VLANs from the appropriate trunks to
limit flooding.
• Potential problems in VTP
Wrong VLAN database with high configuration
revision number can overwrite the original VLAN
database. It is true for both VTP servers and
clients. Reason that VTP v1/v2 is rarely used in
large L2 network.
 Avoiding using VTP

• Cisco added an option to disable VTP

altogether. By this switch does not forward
VTP messages any more and also ignore
incoming VTP messages.
N.B. Transparent mode only ignores VTP
messages but it forwards all VTP messages it
has received.
Problems when adding Switches to a Network

When you wants to add a new switch to an

existing VTP domain, the configuration
revision number of the new switch must be 0
which can obtain by,
• Configure the new switch in VTP transparent
mode and then back to VTP server or client
mode.
• Erase the new switch’s vlan.dat file in flash
and reload the switch.
 VTP configuration:
(config)#vtp version 1/2/3
(config)#vtp mode server/client/transparent
(config)#vtp domain inetworkexpert
(config)#vtp password jadavpur

* By default every switch has VTP mode server,

VTP domain NULL and VTP password none.
 VTP verifications

#show vtp status

This command shows all the detail information like,

• VTP version running in switch
• VTP domain name
• VTP operating mode
• VTP pruning mode
• Configuration last modified
• Configuration revision number
• MD-5 digest
#show vtp password
It shows the configured vtp password in clear
text. If the password mismatch, the MD-5 digest
will mismatch.
(config)#vtp pruning
Enable pruning in the VTP administrative domain.
By default, pruning is disabled. You need to
enable pruning on only one switch in VTP server
mode. There must be more than one VTP server
mode switches in a single VTP domain.
#show vtp counters
This command display all VTP statistics.

(config)#vtp mode off

This command disable VTP in a switch.
• If a new switch is attached in the border of two VTP domains,
the new switch keeps the domain name of the first switch that
sends it a summary advertisement. The only way to attach this
switch to another VTP domain is to manually set a different
VTP domain name.
• If the domain has a single VTP server and it crashes, the best
and easiest way to restore the operation is to change any of
the VTP clients in that domain to a VTP server. The
configuration revision is still the same in the rest of the clients,
even if the server crashes. Therefore, VTP works properly in
the domain.
• Dynamic Trunking Protocol (DTP) sends the VTP domain name
in a DTP packet. Therefore, if two ends of a link that belong to
different VTP domains, the trunk does not come up if you use
DTP. In this special case, must configure the trunk mode as on
or nonegotiate, on both sides, in order to allow the trunk to
come up without DTP negotiation agreement.
 VTP version 1 vs VTP version 2
VTP version 2 supports these features that are not
supported in version 1,
• Version-Dependent Transparent In VTP version 1, a VTP
transparent network device inspects VTP messages for the
domain name and version and forwards a message only if
the version and domain name match. Because only one
domain is supported, VTP version 2 forwards VTP messages
in transparent mode without checking the version.

• Consistency In VTP version 2, VLAN consistency checks

(such as VLAN names and values) are performed only when
you enter new information through the CLI or SNMP.
Consistency checks are not performed when new
information is obtained from a VTP message, or when
information is read from NVRAM. If the digest on a received
VTP message is correct, its information is accepted without
consistency checks.
• Token Ring support—VTP version 2 supports
Token Ring Bridge Relay Function (TrBRF) and
Token Ring Concentrator Relay Function (TrCRF)
VLANs.

• Unrecognized Type-Length-Value (TLV)

support—A VTP server or client propagates
configuration changes to its other trunks, even
for TLVs it is not able to understand. The
unrecognized TLV is saved in NVRAM when the
switch is operating in VTP server mode.