VLAN Trunking Protocol VTP Tutorial

This topic describes the features that VLAN Trunking Protocol (VTP) offers to support VLANs. To help you understand the basic concept, this is a summary of what VTP is:

“VTP allows a network manager to configure a switch so that it will propagate VLAN configurations to other switches in the network”

VTP minimizes misconfigurations and configuration inconsistencies that can cause problems, such as duplicate VLAN names or incorrect VLAN-type specifications. VTP helps you simplify management of the VLAN database across multiple switches.

VTP is a Cisco-proprietary protocol and is available on most of the Cisco switches.

Why we need VTP?

To answer this question, let’s discuss a real and popular network topology.

Suppose you are working in a medium company in a 5-floor office. You assigned each floor to a switch for easy management and of course they can be assigned to different VLANs. For example, your bosses can sit in any floor and still access Manage VLAN (VLAN 7). Your technical colleagues can sit anywhere on the floors to access Technical VLAN (VLAN 4). This is the best design because each person’s permission is not limited by the physical location.

Now let’s discuss about VTP role in this topology! Suppose VTP is not running on these switches. One day, your boss decides to add a new department to your office, the Support Department, and you are tasked to add a new SUPPORT VLAN for this department. How will you do that? Well, without VTP you have to go to each switch to enable this new VLAN. Fortunately your office only has 5 floors so you can finish this task in some hours :)

But just imagine if your company was bigger with 100-floor office and some VLANs needed to be added every month! Well, it will surely become a daunting task to add a new VLAN like this. Luckily, Cisco always “thinks big” to create a method for you to just sit at the “Main Sw”, adding your new VLANs and magically, other switches automatically learn about this VLAN, sweet, right? It is not a dream, it is what VTP does for you!

How VTP Works

To make switches exchange their VLAN information with each other, they need to be configured in the same VTP domain. Only switches belonging to the same domain share their VLAN information. When a change is made to the VLAN database, it is propagated to all switches via VTP advertisements.

To maintain domain consistency, only one switch should be allowed to create (or delete, modify) new VLAN. This switch is like the “master” of the whole VTP domain and it is operated in Server mode. This is also the default mode.

Other switches are only allowed to receive and forward updates from the “server” switch. They are operated in Client mode.

In some cases, the network manager doesn’t want a switch to learn VTP information from other switches. He can set it to Transparent mode. In this mode, a switch maintains its own VLAN database and never learn VTP information from other switches (even the server). However, it still forwards VTP advertisements from the server to other switches (but doesn’t read that update). A transparent switch can add, delete and modify VLAN database locally.

Now return to the example above, we can configure any switches as the “server” but for our convenience, the “Main Sw” should be assigned this function and we should place it in a safe place.

As said above, VTP advertisements bring VLAN information to all the switches in a VTP domain. Each VTP advertisement is sent with a Revision number. This number is used in order to determine whether the VTP advertisement is more recent than the current version of that switch. Because each time you make a VLAN change in a switch, the configuration revision is incremented by one. So the higher the revision number, the better your VTP advertisement.

For example, the first time the Main Sw sends a VTP advertisement, its Revision number is 1. When you add a new VLAN to the Main Sw, it will send a VTP advertisement with the Revision number of 2. Client switches first receive the VTP advertisement with the Revision number of 1, which is bigger than its current Revision number (0) so it updates its VLAN database. Next it receives the VTP advertisement with the Revision number of 2, it continues comparing with its current Revision number (1) -> it continues update its VLAN database.

One important thing you must know is when a switch receives a better VTP advertisement, it deletes its whole VTP information and copy the new information from the better VTP advertisement to its VLAN database. A switch does not try to compare its own VLAN database with information from the received VTP advertisements to find out and update the difference!

Note: VTP advertisements are sent as multicast frames and all neighbors in that domain receive the frames.

The “show vtp status” command analysis

The most important command to view the status of VTP on Cisco switches that each CCNA learners must grasp is the “show vtp status” command. Let’s have a look at the output of this command:

+ VTP Version: displays the VTP version the switch is running. By default, the switch runs version 1 but can be set to version 2. Within a domain, the two VTP versions are not interoperable so make sure to configure the same VTP version on every switch in a domain.
+ Configuration Revision: current Revision number on this switch.
+ Maximum VLANs Supported Locally: maximum number of VLANs supported locally.
+ Number of Existing VLANs: Number of existing VLANs.
+ VTP Operating Mode: can be server, client, or transparent.
+ VTP Domain Name: name that identifies the administrative domain for the switch.

By default, a switch operates in VTP Server mode with a NULL (blank) domain name with no password configured (the password field is not listed in the output)

+ VTP Pruning Mode: displays whether pruning is enabled or disabled. We will discuss about VTP Pruning later.
+ VTP V2 Mode: displays if VTP version 2 mode is enabled. VTP version 2 is disabled by default.
+ VTP Traps Generation: displays whether VTP traps are sent to a network management station.
+ MD5 Digest: a 16-byte checksum of the VTP configuration.
+ Configuration Last Modified: date and time of the last configuration modification. Displays the IP address of the switch that caused the configuration change to the database.

VTP Pruning

To understand what VTP Pruning is, let’s see an example:

When PC A sends a broadcast frame on VLAN 10, it travels across all trunk links in the VTP domain. Switches Server, Sw2, and Sw3 all receive broadcast frames from PC A. But only Sw3 has user on VLAN 10 and it is a waste of bandwidth on Sw2. Moreover, that broadcast traffic also consumes processor time on Sw2. The link between switches Server and Sw2 does not carry any VLAN 10 traffic so it can be “pruned”.

VTP Pruning makes more efficient use of trunk bandwidth by forwarding broadcast and unknown unicast frames on a VLAN only if the switch on the receiving end of the trunk has ports in that VLAN. In the above example, Server switch doesn’t send broadcast frame to Sw2 because Sw2 doesn’t have ports in VLAN 10.

When a switch has a port associated with a VLAN, the switch sends an advertisement to its neighbors to inform that it has active ports on that VLAN. For example, Sw3 sends an advertisement to Server switch to inform that it has active port for VLAN 10. Sw2 has not advertised about VLAN 10 so Server switch will prune VLAN 10 on the trunk to Sw2.

You only need to enable pruning on one VTP server switch in the domain.

VTP Configuration

Main Sw(config)#vtp version 2
Main Sw(config)#vtp domain 9tut
Main Sw(config)#vtp mode server
Main Sw(config)#vtp password keepitsecret

On client switches

Client(config)#vtp version 2
Client(config)#vtp domain 9tut
Client(config)#vtp password keepitsecret
Client(config)#vtp mode client

Notice: Before configuring VTP make sure the links between your switches are trunk links. Your trunk link can automatically be formed if both of your switches are not 2960 or 3560 because ports on the 2960 and 3560 switches are set to dynamic auto by default. If both sides are set to dynamic auto, the link will remain in access mode. To configure trunk between these ports, use these commands:

Client(config)#interface fa0/1 (or the interface on the link you want to be trunk)
Client(config-if)#switchport mode trunk

These commands only need to be used on one of two switches to form the trunk.

Below summaries important notes about VTP:

+ Whenever a change occurs in the VLAN database, the VTP server increments its configuration revision number and then advertises the new revision throughout the VTP domain via VTP advertisements.
+ VTP operates in one of three modes: server, transparent, or client.

VTP modes:

* Server: The default mode. When you make a change to the VLAN configuration on a VTP server, the change is propagated to all switches in the VTP domain. VTP messages are transmitted out of all the trunk connections. In Server mode we can create, modify, delete VLANs.

* Client: cannot make changes to the VLAN configuration when in this mode; however, a VTP client can send any VLANs currently listed in its database to other VTP switches. VTP client also forwards VTP advertisements (but cannot create VTP advertisements).

* Transparent: When you make a change to the VLAN configuration in this mode, the change affects only the local switch and does not propagate to other switches in the VTP domain. VTP transparent mode does forward VTP advertisements that it receives within the domain.

VTP Pruning makes more efficient use of trunk bandwidth by forwarding broadcast and unknown unicast frames on a VLAN only if the switch on the receiving end of the trunk has ports in that VLAN.

For more information about VTP, I highly recommend you to visit the official tutorial about VTP published by Cisco. It is very comprehensive: http://www.cisco.com/warp/public/473/vtp_flash/