VLAN Trunking Protocol VTP Tutorial
This topic describes the features that VLAN Trunking Protocol (VTP) offers to support VLANs. To help you understand the basic concept, this is a summary of what VTP is:
“VTP allows a network manager to configure a switch so that it will propagate VLAN configurations to other switches in the network”
VTP minimizes misconfigurations and configuration inconsistencies that can cause problems, such as duplicate VLAN names or incorrect VLAN-type specifications. VTP helps you simplify management of the VLAN database across multiple switches.
VTP is a Cisco-proprietary protocol and is available on most of the Cisco switches.
Why we need VTP?
To answer this question, let’s discuss a real and popular network topology.
Suppose you are working in a medium company in a 5-floor office. You assigned each floor to a switch for easy management and of course they can be assigned to different VLANs. For example, your bosses can sit in any floor and still access Manage VLAN (VLAN 7). Your technical colleagues can sit anywhere on the floors to access Technical VLAN (VLAN 4). This is the best design because each person’s permission is not limited by the physical location.
Now let’s discuss about VTP role in this topology! Suppose VTP is not running on these switches. One day, your boss decides to add a new department to your office, the Support Department, and you are tasked to add a new SUPPORT VLAN for this department. How will you do that? Well, without VTP you have to go to each switch to enable this new VLAN. Fortunately your office only has 5 floors so you can finish this task in some hours :)
But just imagine if your company was bigger with 100-floor office and some VLANs needed to be added every month! Well, it will surely become a daunting task to add a new VLAN like this. Luckily, Cisco always “thinks big” to create a method for you to just sit at the “Main Sw”, adding your new VLANs and magically, other switches automatically learn about this VLAN, sweet, right? It is not a dream, it is what VTP does for you!
How VTP Works
To make switches exchange their VLAN information with each other, they need to be configured in the same VTP domain. Only switches belonging to the same domain share their VLAN information. When a change is made to the VLAN database, it is propagated to all switches via VTP advertisements.
To maintain domain consistency, only one switch should be allowed to create (or delete, modify) new VLAN. This switch is like the “master” of the whole VTP domain and it is operated in Server mode. This is also the default mode.
Other switches are only allowed to receive and forward updates from the “server” switch. They are operated in Client mode.
In some cases, the network manager doesn’t want a switch to learn VTP information from other switches. He can set it to Transparent mode. In this mode, a switch maintains its own VLAN database and never learn VTP information from other switches (even the server). However, it still forwards VTP advertisements from the server to other switches (but doesn’t read that update). A transparent switch can add, delete and modify VLAN database locally.
Now return to the example above, we can configure any switches as the “server” but for our convenience, the “Main Sw” should be assigned this function and we should place it in a safe place.
As said above, VTP advertisements bring VLAN information to all the switches in a VTP domain. Each VTP advertisement is sent with a Revision number. This number is used in order to determine whether the VTP advertisement is more recent than the current version of that switch. Because each time you make a VLAN change in a switch, the configuration revision is incremented by one. So the higher the revision number, the better your VTP advertisement.
For example, the first time the Main Sw sends a VTP advertisement, its Revision number is 1. When you add a new VLAN to the Main Sw, it will send a VTP advertisement with the Revision number of 2. Client switches first receive the VTP advertisement with the Revision number of 1, which is bigger than its current Revision number (0) so it updates its VLAN database. Next it receives the VTP advertisement with the Revision number of 2, it continues comparing with its current Revision number (1) -> it continues update its VLAN database.
One important thing you must know is when a switch receives a better VTP advertisement, it deletes its whole VTP information and copy the new information from the better VTP advertisement to its VLAN database. A switch does not try to compare its own VLAN database with information from the received VTP advertisements to find out and update the difference!
Note: VTP advertisements are sent as multicast frames and all neighbors in that domain receive the frames.
The “show vtp status” command analysis
The most important command to view the status of VTP on Cisco switches that each CCNA learners must grasp is the “show vtp status” command. Let’s have a look at the output of this command:
+ VTP Version: displays the VTP version the switch is running. By default, the switch runs version 1 but can be set to version 2. Within a domain, the two VTP versions are not interoperable so make sure to configure the same VTP version on every switch in a domain.
+ Configuration Revision: current Revision number on this switch.
+ Maximum VLANs Supported Locally: maximum number of VLANs supported locally.
+ Number of Existing VLANs: Number of existing VLANs.
+ VTP Operating Mode: can be server, client, or transparent.
+ VTP Domain Name: name that identifies the administrative domain for the switch.
By default, a switch operates in VTP Server mode with a NULL (blank) domain name with no password configured (the password field is not listed in the output)
+ VTP Pruning Mode: displays whether pruning is enabled or disabled. We will discuss about VTP Pruning later.
+ VTP V2 Mode: displays if VTP version 2 mode is enabled. VTP version 2 is disabled by default.
+ VTP Traps Generation: displays whether VTP traps are sent to a network management station.
+ MD5 Digest: a 16-byte checksum of the VTP configuration.
+ Configuration Last Modified: date and time of the last configuration modification. Displays the IP address of the switch that caused the configuration change to the database.
VTP Pruning
To understand what VTP Pruning is, let’s see an example:
When PC A sends a broadcast frame on VLAN 10, it travels across all trunk links in the VTP domain. Switches Server, Sw2, and Sw3 all receive broadcast frames from PC A. But only Sw3 has user on VLAN 10 and it is a waste of bandwidth on Sw2. Moreover, that broadcast traffic also consumes processor time on Sw2. The link between switches Server and Sw2 does not carry any VLAN 10 traffic so it can be “pruned”.
VTP Pruning makes more efficient use of trunk bandwidth by forwarding broadcast and unknown unicast frames on a VLAN only if the switch on the receiving end of the trunk has ports in that VLAN. In the above example, Server switch doesn’t send broadcast frame to Sw2 because Sw2 doesn’t have ports in VLAN 10.
When a switch has a port associated with a VLAN, the switch sends an advertisement to its neighbors to inform that it has active ports on that VLAN. For example, Sw3 sends an advertisement to Server switch to inform that it has active port for VLAN 10. Sw2 has not advertised about VLAN 10 so Server switch will prune VLAN 10 on the trunk to Sw2.
You only need to enable pruning on one VTP server switch in the domain.
VTP Configuration
Main Sw(config)#vtp version 2
Main Sw(config)#vtp domain 9tut
Main Sw(config)#vtp mode server
Main Sw(config)#vtp password keepitsecret
On client switches
Client(config)#vtp version 2
Client(config)#vtp domain 9tut
Client(config)#vtp password keepitsecret
Client(config)#vtp mode client
Notice: Before configuring VTP make sure the links between your switches are trunk links. Your trunk link can automatically be formed if both of your switches are not 2960 or 3560 because ports on the 2960 and 3560 switches are set to dynamic auto by default. If both sides are set to dynamic auto, the link will remain in access mode. To configure trunk between these ports, use these commands:
Client(config)#interface fa0/1 (or the interface on the link you want to be trunk)
Client(config-if)#switchport mode trunk
These commands only need to be used on one of two switches to form the trunk.
Below summaries important notes about VTP:
+ Whenever a change occurs in the VLAN database, the VTP server increments its configuration revision number and then advertises the new revision throughout the VTP domain via VTP advertisements.
+ VTP operates in one of three modes: server, transparent, or client.
VTP modes:
* Server: The default mode. When you make a change to the VLAN configuration on a VTP server, the change is propagated to all switches in the VTP domain. VTP messages are transmitted out of all the trunk connections. In Server mode we can create, modify, delete VLANs.
* Client: cannot make changes to the VLAN configuration when in this mode; however, a VTP client can send any VLANs currently listed in its database to other VTP switches. VTP client also forwards VTP advertisements (but cannot create VTP advertisements).
* Transparent: When you make a change to the VLAN configuration in this mode, the change affects only the local switch and does not propagate to other switches in the VTP domain. VTP transparent mode does forward VTP advertisements that it receives within the domain.
VTP Pruning makes more efficient use of trunk bandwidth by forwarding broadcast and unknown unicast frames on a VLAN only if the switch on the receiving end of the trunk has ports in that VLAN.
For more information about VTP, I highly recommend you to visit the official tutorial about VTP published by Cisco. It is very comprehensive: http://www.cisco.com/warp/public/473/vtp_flash/
Its very use ful
please add more example….
very helpful..
easy to understand
I love this example. 9tut, I thank you so much.
I’ll wait for more amazing tutorials :D
Thx.
could some email sims for recent done certifacation
wilsonmaina2008@yahoo.com
@9tut
thanks a million for this site
this is great .thanks
Many thanks :-)
This is a woderful tutorial..kudos to u 9tut!!!!
Cool staff thanx a lot.
when explaining vtp pruning i had a small doubt..pc a and pc c though they belong to same vlan do we require a router for communication to take place as they are connected in different switches..
@VISHWA: They don’t need a router (even when they are connected to different switches). A router is only needed when communicating between two different VLANs.
9tut – great resource! What will happen if we add router with higher rev.number but not in server mode? Thanks
Sorry. Of course switch, instead of router :)
@Kolyan007: If a VTP client has a rev.number higher than the rev. number of a VTP Server, the VTP client can “overwrite” the VTP Server’s information.
good concept of pruning described here!!!thanks to 9tut!!!
thank you vry much!!!
Thanks for the tutorial,is very explanatory.
please send me the current sim for this month.i want to take the exam this weekend
keny4real5@yahoo.co.uk
Thanks a lot, it Has really helped me, I wish you could add more example
thanks 9tut ppls…. its realy a great effort and helps alot….. thanks again
is there any latest SIM tht you may help to fwd to me… planning to take my exam soon…. my add is maha_manmathan82@yahoo.com
Pls respond to this Query as it is very urgent..
Just like in the above example, suppose if the VTP operating mode is Set as Server for more than One switch, does VLAN Renaming will effect the links connected to that switch…?
@sundar
the switch with the highest vlan database revision number will originate the updates for the entire VTP domain
pls i need a latest dumps or SIM cos i will be siting for my exam next 2weeks
this is helpful. Thanks to 9tut
helpful stuff …thans a lot
eazy 2 understand…keep updated..
make me clear about VTP.
TQ so much, 9 tut.
Very easy to understand…. thanks 9tut.
@9tut, when client switch want to add a VLAN, how it communicate with VTP server ?
@Anonymous: In client mode you cannot add or remove VLAN. It must be done on VTP server mode and the VTP server switch will send update to all of its client/server switches.
Hi..,
I have a small doubt in the functionality of a vtp. What if there are two servers present in a vtp. I understand that the clients would follow the server with the highest revision number. However, will the other server also update its database with the details of the othe server?
@Shabna: Yes, provided that they are in the same domain & have the same password.
@9tut: Thank you very much.
It’s wonderful, and i hope you will keep the good work for ever ! thanks for all of you :)
here when we type the command show vtp status , in the result the domain name is blank.so how it authenticate with saver?
@9tut: Thanks a lot for this tutorial. You guys are doing a great job. I really appreciate it.
I have a doubt too; like you said in one of the comments above.
“If a VTP client has a rev.number higher than the rev. number of a VTP Server, the VTP client can “overwrite” the VTP Server’s information.”
IMHO, it is a security issue. Like if any employee gets a switch from home (or ebay) with higher rev. number and he plugs it in giving same domain and password, the client switch will overwrite the rev. number of Server switch. Can we stop it if that’s the case?
I don’t know whether I am making sense here but it just came to my mind after reading the above comments.
@Sure: for sure you don’t understand at all !!! ;-)
it’s very use full me to understood VTP. Thankx A Lot !!!!!!!!!!
Can someone send latest dumps please cronoboricua@hotmail.com
very helpful, especially easy to understand!!!
Need latest CCNA Exams if available.
email it to
mosbah2020@yahoo.com
The “+ VTP Version: displays the VTP version the switch is running.” is a bit misleading IMHO.
The “VTP version” value represents actually the highest version the switch is capable of running.
But whether it’s running v2 or not is determined from the “VTP V2 Mode:” value which will be enabled or disabled.
Perhaps you may want to mention that the MD5 digest carries the password (in case a VTP password is set).
BTW, great review of VTP.
Keep it up! :)
Can someone please please send me the latest dump ? desperately need it…my exam is on Friday….Thanks a lot….
sumairashakir@gmail.com
great explanation , very clear to understand. Its easy to see 9tut that you have taught this to people before you created this website.To be perfectly honest I haven’t picked up a Cisco book since Left College.When I read your instruction on Vlans and VTP , the “know how” poured back into my mind and was very successful in my comprehensions on the subject matter. Excellent, excellent, tutorial on the subject matter.
I will be defiantly be telling my friends about your site, just for examples on Cisco alone. Thanks allot for this Tut , it is very much appreciated.
But, to make ports add to respective vlan , you still need to go every floor and log in every switch required ?Is what I think right ?
I must ask, what is the point? Yeah so VTP can create VLANs on client switches, so what! You still have to assign the interface to the VLAN, and when you assign an interface to a VLAN it will create the VLAN if it does not exist. So, how is VTP helpful?. Enlighten me, I’m sure I’m missing something.
Hi all
How we can configure Vtp pruning
Plz someone help
It’s super complicated you have to look everywhere to find it on the switch.
conf t
vtp pruning
did you even bother to look?
could some email sims for recent done certifacation
alaman97@yahoo.com