VTP

VLAN Trunking Protocol (VTP)

To carry traffic of a VLAN, it must be first configured on the switch. Suppose, if user wants to send a frame from source to destination and the shortest path between them contains 1000 switches. To process a frame of any VLAN, VLANs should be configured first so, have to configure the same VLANs on all the 1000 switches manually. It will not be possible for the administrator to do that. Here comes VTP to the rescue.

VLAN Trunking Protocol (VTP)

VTP is CISCO proprietary protocol used to maintain consistency throughout the network or user can say that synchronizing the VLAN information in same VTP domain. VTP allows you to add, delete and rename VLANs which is then propagated to other switches in the VTP domain. VTP advertisements can be sent over 802.1Q, and ISL trunks.

Requirements –

There are some requirements for VTP to communicate VLAN information between switches. These are:
1)The VTP version must be same on the switches user wants to configure
2)VTP domain name must be same on the switches
3)One of the switches must be a server
4)Authentication should match if applied

VTP modes – There are 3 modes:

Server-The switches are set to this mode by default. This mode allows you to create, add and delete VLANs. The changes you want to made should be done in this mode. Any changes that is done on this mode(on a particular switch) will be advertised to all the switches that are in same VTP domain. In this mode, the configuration are saved in NVRAM.

Configuration – User will first make the switch VTP server

Switch# config terminal
Switch(config)#vtp mode server

Now, User has to make a VTP domain assign a password for authentication.

Switch(config)#vtp domain ieducation
Switch(config)#vtp password freecourse

User can verify the configuration by:

Switch#show vtp status

Client– In this mode, the switches receives the updates and can also forward the updates to other switches(which are in same VTP domain). The updates received here is not saved in NVRAM so all the configuration will be deleted if the switch is reset or reloaded i.e the switches will only learn and pass the VTP summary advertisements to the other switches.

Configuration – As the switches are set to server mode by default, therefore user can change it to client mode by:

Switch(config)#vtp mode client

Transparent– This mode only forwards the VTP summary advertisements through trunk link. The transparent mode switches can make their own local database which keep secret from other switches. The whole purpose of transparent mode is to forward the VTP summary advertisements but not to take part in the VLAN assignments

Configuration–User can change the mode to transparent by

Switch(config)#vtp mode transparent

Configuration Revision Number –

The configuration revision number is a 32-bit number that indicates the level of revision for a VTP packet. This configuration number is tracked by every switch in order to find that the received information is more recent than the current version.

Everytime one modification is done on the VLANs by the server switch, the configuration revision number increases by one. The client mode devices receives it and check if the configuration revision number that they received are latest or not by comparing it’s own configuration number by the number received. If the configuration number is greater than their own number then the devices update their configuration and pass it to other clients of the same VTP domain. If the configuration number is same then the devices just pass it to other clients of the same VTP domain.

VTP VERSIONS

There are three VTP Version-

1) VTP Version 1
2) VTP Version 2
3) VTP Version 3

VTP 1 VS VTP -2 (Vtp 2 has the following upgrade support on its head)

1. Support for Token Ring Vlans.
2. Version 2 supports consistancy checks. This means that when new information about the VTP domain is entered through the command line or some other method like SNMP, VTP version 2 will perform the consistancy check. VTP version 2 will not check a VTP frame if is it received from another VTP peer or if the information is obtained from NVRAM. The VTP peer will perfom a MD5 hash check on a VTP frame received from a VTP peer and if it's correct, it will accept the message.
3. In VTP version 2, if a switch is in transparent mode, it will forward the message without checking version information. A transparent switch using VTP version 1 will check the domain and version before if forwards the frame.

VTP V3:-

VTP version 3 supports these features that are not supported in version 1 or version 2:

•Enhanced authentication—You can configure the authentication as hidden or secret. When hidden, the secret key from the password string is saved in the VLAN database file, but it does not appear in plain text in the configuration. Instead, the key associated with the password is saved in hexadecimal format in the running configuration. You must reenter the password if you enter a takeover command in the domain. When you enter the secret keyword, you can directly configure the password secret key.
•Support for extended range VLAN (VLANs 1006 to 4094) database propagation. VTP versions 1 and 2 propagate only VLANs 1 to 1005. If extended VLANs are configured, you cannot convert from VTP version 3 to version 1 or 2.
Note VTP pruning still applies only to VLANs 1 to 1005, and VLANs 1002 to 1005 are still reserved and cannot be modified.
•Private VLAN support.
•Support for any database in a domain. In addition to propagating VTP information, version 3 can propagate Multiple Spanning Tree (MST) protocol database information. A separate instance of the VTP protocol runs for each application that uses VTP.
•VTP primary server and VTP secondary servers. A VTP primary server updates the database information and sends updates that are honored by all devices in the system. A VTP secondary server can only back up the updated VTP configurations received from the primary server to its NVRAM.
By default, all devices come up as secondary servers. You can enter the vtp primary privileged EXEC command to specify a primary server. Primary server status is only needed for database updates when the administrator issues a takeover message in the domain. You can have a working VTP domain without any primary servers. Primary server status is lost if the device reloads or domain parameters change, even when a password is configured on the switch.
•The option to turn VTP on or off on a per-trunk (per-port) basis. You can enable or disable VTP per port by entering the [no] vtp interface configuration command. When you disable VTP on trunking ports, all VTP instances for that port are disabled. You cannot set VTP to off for the MST database and on for the VLAN database on the same port.
When you globally set VTP mode to off, it applies to all the trunking ports in the system. However, you can specify on or off on a per-VTP instance basis. For example, you can configure the switch as a VTP server for the VLAN database but with VTP off for the MST database.
VTP Pruning

VLAN Trunking Protocol (VTP) pruning is a feature in Cisco switches, which stops VLAN update information traffic from being sent down trunk links if the updates are not needed. If the VLAN traffic is needed later, VLAN Trunking Protocol (VTP) will dynamically add the VLAN back to the trunk link.

In normal operation a switch needs to flood broadcast frames, multicast frames, or unicast frames where the destination MAC address is unknown to all its ports. If the neighboring switch doesn’t have any active ports in the source VLAN, this broadcast is unnecessary and excessive unwanted traffic may create problems on the network.

VLAN Trunking Protocol (VTP) pruning helps in increasing the available bandwidth by reducing unnecessary flooded traffic. Broadcast frames, multicast frames, or unicast frames where the destination MAC address is unknown are forwarded over a trunk link only if the switch on the receiving end of the trunk link has ports in the source VLAN.

VTP pruning increases the network bandwidth by reducing unnecessary flooded traffic, such as broadcast, multicast, unknown, and flooded unicast packets on trunk links. Without VTP pruning, a switch floods broadcast, multicast, and unknown unicast traffic across all trunk links within a VTP domain even though receiving switches might discard them. By default, VTP pruning is disabled. VTP pruning does not prune traffic from VLANs that are pruning-ineligible.

VTP pruning blocks unneeded flooded traffic to VLANs on trunk ports that are included in the pruning-eligible list. Only VLANs included in the pruning-eligible list can be pruned. By default, VLANs 2 through 1001 are pruning eligible switch trunk ports. VTP pruning does not prune traffic from VLANs that are pruning-ineligible. VLAN 1 and VLANs 1002 to 1005 are always pruning-ineligible; traffic from these VLANs cannot be pruned. Extended-range VLANs (VLAN IDs higher than 1005) are also pruning-ineligible. VTP pruning is supported with VTP version 1 and version 2.

Key Points on VTP Pruning

VLAN 1(default or Native), VLANs 1002 to 1005 is always pruning-ineligible, meaning traffic from VLAN 1, VLANs 1002 to 1005 cannot be pruned in any situation. Extended-range VLANs (VLAN IDs higher than 1005) are also pruning-ineligible.
Pruning eligibility is based only on the VLANs that need the given broadcast information across the trunks. It is not related with the number of ports assigned to that VLAN. VTP Pruning does not change, add, or delete the VLANs in a VTP domain, it simply reduces the broadcast and multicast traffic. VTP version 2 and VTP version 1 are not interoperable on network devices in the same VTP domain. Every network device in the VTP domain must use the same VTP version. Do not enable VTP version 2 unless every network device in the VTP domain supports version 2.

VTP Pruning Step By Step Configuration

STEP 1. Enabling VTP pruning on a VTP server enables pruning for the entire management domain. Making VLANs pruning-eligible or pruning-ineligible affects pruning eligibility for those VLANs on that device only (not on all switches in the VTP domain). Find the below VTP Pruning configuration on Cisco Switch. For Enable VTP Pruning:

Cisco-Switch(config)# vtp pruning enable

For Disable VTP Pruning:

Cisco-Switch(config)# vtp pruning disable

VTP pruning is not designed to function in VTP transparent mode. If one or more switches in the network are in VTP transparent mode, you should do one of these:

• Turn off VTP pruning in the entire network.
• Turn off VTP pruning by making all VLANs on the trunk of the switch upstream to the VTP transparent switch pruning ineligible

STEP 2. For VTP Pruning eligible list configuration, we should add or remove VLANs on trunk interfaces by using switchport trunk pruning vlan interface configuration command. VTP pruning operates when an interface is trunking.

Cisco-Switch#config terminal
Cisco-Switch(config)# interface interface-id
Cisco-Switch(config)# switchport trunk pruning vlan {add | except | none | remove} vlan-list [,vlan[,vlan[,,,]]
Cisco-Switch(config)# end
Cisco-Switch# write

Verify VTP Pruning status

By default VTP pruning disabled after after vtp configuration, you can view the configuration with the following command:

Cisco-Switch#show vtp
VTP Version : 2
Configuration Revision : 2
Maximum VLANs supported locally : 1005
Number of existing VLANs : 2
VTP Operating Mode : Server
VTP Password : ccna
VTP Domain Name : cisco
VTP Pruning Mode : Disabled
VTP V2 Mode : Disabled
VTP Traps Generation : Enabled
MD5 digest : 0xB9 0xC7 0x8D 0xB3 0xD4 0xBA 0×94 0×03

Configuration last modified by 192.168.1.86 at 20-25-01 01:22:24

After VTP Pruning enabled, you can view the configuration with the following command:

Cisco-Switch#show vtp
VTP Version : 2
Configuration Revision : 2
Maximum VLANs supported locally : 1005
Number of existing VLANs : 2
VTP Operating Mode : Server
VTP Password : ccna
VTP Domain Name : cisco
VTP Pruning Mode : Enabled
VTP V2 Mode : Disabled
VTP Traps Generation : Enabled
MD5 digest : 0xB9 0xC7 0x8D 0xB3 0xD4 0xBA 0×94 0×03
Configuration last modified by 192.168.1.86 at 20-25-01 01:22:24

VTP LAB

STEP BY STEP LAB CONFIGURATION-

STEP 1> Create trunk link in the interconnected switch links

AT Switch0-

Switch0#conf t
Switch0(config)#interface fastEthernet 0/1
Switch0(config-if)#switchport mode trunk

AT Switch1-

Switch1#conf t
Switch1(config)#interface fastEthernet 0/1
Switch1(config-if)#switchport mode trunk
Switch1(config)#exit
Switch1(config)#interface fastEthernet 0/2
Switch1(config-if)#switchport mode trunk

AT Switch2-

Switch2#conf t
Switch2(config)#interface fastEthernet 0/1
Switch2(config-if)#switchport mode trunk
Switch2(config)#exit
Switch2(config)#interface fastEthernet 0/2
Switch2(config-if)#switchport mode trunk

AT Switch3-

Switch3#conf t
Switch3(config)#interface fastEthernet 0/1
Switch3(config-if)#switchport mode trunk

STEP 2> VTP Configuration to Make Switch0 as SERVER / Switch1 as Client /Switch2 as Transparent /Switch3 as Client

AT Switch0-

Switch0(config)#vtp domain ieducation
Switch0(config)#vtp password freeccna
Switch0(config)#vtp mode server

AT Switch1-

Switch1(config)#vtp domain ieducation
Switch1(config)#vtp password freeccna
Switch1(config)#vtp mode client

AT Switch2-

Switch2(config)#vtp domain ieducation
Switch2(config)#vtp password freeccna
Switch2(config)#vtp mode transparent

AT Switch3-

Switch3(config)#vtp domain ieducation
Switch3(config)#vtp password freeccna
Switch3(config)#vtp mode client

STEP3 ) Creating a vlans in all switches-

AT Switch0(Server)-

Switch0(config)#vlan 100
Switch0(config)#vlan 200
Note-You will able to create vlan but as it is server mode , so it will be updated in client mode switches i.e. Switch1 and Switch3

AT Switch1(Client)-

Switch1(config)#vlan 100
Note- You will get a error message because it is a client"VTP VLAN configuration not allowed when device is in CLIENT mode", so you will be not able to create a vlan in client mode

AT Switch2(Transparent)-

Switch2(config)#vlan 100
Switch2(config)#vlan 200
Note-You will able to create vlan but as it is transparent mode , so it will remain to this switch only and it will not passed to any other switch.

AT Switch3(client)-

Switch3(config)#vlan 100
Note- You will get a error message because it is a client"VTP VLAN configuration not allowed when device is in CLIENT mode", so you will be not able to create a vlan in client mode

STEP4 ) Verification of VTP Configuration and vlan in all switches-

Switch#show vtp status

Switch#show vlan

AT Switch0(Server)-

AT Switch1(Client)-

AT Switch2(Transparent)-

AT Switch3(client)-

Common Troubleshooting Issues

1) If a configuration revision number is high and you removed the switch for a Network and after some time you add that switch in network in switch it is having less configuration revision number , then it will override a networks switch configuration as by default all switches are in server mode, so it is recommanded that you make a switch client or transparent mode before adding a old switch to a new network

2) If you do vtp configuration in server , then it stores the configuration in flash with vlan.dat file also, which is not removed if you reload the switch to initial configuration, so it is recommended to delete vlan.dat file from the flash before using the old switch in new network, where as in transperent mode it store the it running config in RAM and after writing,it copies the running config to startup config( which is stored in NVRAM), so when you reload the switch to inital configuration in case of Transparent mode the vlan information is deleted , where as in sever mode the configuration is saved in vlan.dat file also in flash which by default not deleted. So if you donot delete flash :vlan.dat in then vlan information will be show even after you reset you switch.