1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Ccna vtp

Discussion in 'Routing & Switching' started by cisco lab rat, Dec 18, 2009.

  1. cisco lab rat

    cisco lab rat Megabyte Poster

    As a CCNA candidate you are expected to understand the purpose of the Vlan Trunking Protocol (VTP) it’s configuration and how it works.

    Here’s a basic guide to try to explain the main features

    CCNA Vlan Trunking Protocol (VTP).

    VTP is a Cisco proprietary protocol supported only on Cisco switches. The purpose of VTP is to advertise the presence of vlans from switch to switch across trunk links so that the switched network can maintain a consistent vlan database.

    VTP is a layer 2 protocol that manages the addition, deletion, and renaming of VLANs across the network from a central point.

    VTP advertises VLANs (only VLANs 1 to 1005), these Vlan's are referred to Normal range Vlan's

    VTP works on a periodic timer of 5 mins, therefore change or no change the protocol sends adverts when the 5 min timer expires. The VTP protocols also sends triggered updates when a change is made to the vlan database. The adverts are sent across the trunks as multicasts.

    VTP switches use an incremental value called a configuration revision number to keep track of the most recent information. Each switch participating in a common VTP domain remember the last highest configuration revision number that it heard and synchronises it’s vlan database, whether to add, modify or even remove vlan

    Every switch in VTP starts with starts with configuration revision number 0 (zero).

    Because VTP revision numbers are stored in NVRAM along with other VTP information it will survive a power cycle. You can reset the Revision number back to 0 by setting the mode from server to transparent and then back to server again or changing the VTP domain name to a random name and then back to the original name or you can delete the vlan.dat file and power cycle the switch.


    VTP has three modes of operation in IOS (4 in CatOS), the three modes are Server which happens to be the default, client and transparent.

    In the default mode of server the VTP protocol will allow the administrator to add, modify and delete vlans from the vlan database. This mode will also allow VTP to generate and issue adverts over its trunk links, as well as forward received adverts over other trunks. This mode will also synchronise to received adverts from other VTP speakers.

    The client mode will not permit the administrator to add, modify and delete vlans from the vlan database. This mode will allow VTP to forward adverts which is receives via its trunk links and synchronises to received adverts from other VTP speakers.

    The Transparent mode will permit the administrator to add, modify and delete vlans from the vlan database. This mode will not allow VTP to generate adverts but will forward adverts which is receives via its trunk links. This mode will not synchronise to received adverts from other VTP speakers or in other words this mode allows the switch to manage it’s own vlan database independently of any other switch in the network.

    Switch(config)# vtp mode {server | client | transparent}​

    Summary advertisements—VTP servers issue summary advertisements every 5 mins (300 seconds) and whenever there is a change to the VLAN database. The advert includes:

    • VTP version
    • domain name,
    • configuration revision number
    • MD5 encryption hash code,
    • Number of subset advertisements to follow.​

    Subset advertisements—VTP domain servers send subset advertisements after a VLAN
    configuration change occurs, such as:

    • Creating or deleting a VLAN,
    • Suspending or activating a VLAN,
    • Changing the name of a VLAN,
    • Changing a VLAN’s Maximum Transmission Unit (MTU).
    • VLANs are listed individually in sequential subset advertisements​

    Advertisement requests from clients— A VTP client can request any VLAN information it does not have such as if it sees a VTP summary advertisement with a higher revision number than it has it will request a summary and subset advertisements to bring it up-to-date.

    VTP changes made on a server switch are propagated to other switches over the trunk link if the VTP setup has a domain name configured, in default state VTP domain name is NULL; the domain name is case sensitive in all versions, once set this domain name can be changed but never set back to NULL unless the vlan database is erased and the switch restarted.

    A Server or client switch with no domain name will synchronise to the first domain name they read in a VTP advertisement. Once it has learnt a domain name it can only be changed manually.

    Switch(config)# vtp domain domain-name​

    Once a Server switch has a domain name it can advertise it’s vlan database over the trunk links, to keep track of which switch has the latest VTP information a Configuration revision number is given to every change. A switch advertising a VTP advert with a higher Configuration number will synchronise to the higher number, irrespective of the contents of the VTP advertisement.

    VTP can be protected using passwords which have to be configured locally on each switch. Passwords are never exchanged or learnt, an MD5 hash of the password is sent over with the VTP updates.

    Switch(config)# vtp password password​

    A Server or client switch can never be in more than one VTP domain at any one time. VTP only recognises only Vlan numbers 1-1005, these are referred to as normal range vlans.

    When changes are made to switches set as server mode they will issue VTP adverts across trunks links, these adverts will be heard by client switches which share the same domain name, version and password (If set) who will then synchronies to the received advert and have consistent vlan.dat database. Switches set as Transparent will not synchronise to an received VTP advertisements.

    TOP TIP: One other thing to try to bear in mind is that Dynamic Trunking Protocol will only work if the VTP domain names are the same or NULL on both sides

    The drawbacks to VTP
    VTP can be a dangerous protocol to have on your network since if you place a server switch on your network which has never had a domain name configured but has had lots of Vlan’s setup there is a risk that the new switch will synchronise to a new domain name at that point if the new switch has a high configuration revision number it will advertise over the trunks links this information, all other switches in the network will synchronise to he new vlan’s. The worse case scenario would be that all switches will have no vlan’s or the completely wrong set of vlans.

    For example, Lets imagine a switch on your network that is set to the default of server mode with out a domain name but has been configured with vlans. This setup can leave the switch with no domain name to being over written by another switch that comes on line that has a domain name, the switch with the domain name will advertise the information which is has via it’s trunk links to the upstream/downstream switches. The switch with no domain name will receive the advert and synchronise to the new domain name and over write its own vlan database irrespective of the current configuration revision number.
    Certifications: Yes I pretty much am!!
    WIP: Fizzicks Degree

Share This Page