What is VTP?
VTP allows a network manager to configure a switch so that it will propagate VLAN configurations to other switches in the network. The switch can be configured in the role of a VTP server or a VTP client. VTP only learns about normal-range VLANs (VLAN IDs 1 to 1005). Extended-range VLANs (IDs greater than 1005) are not supported by VTP.
Click Play in the figure to view an animation of an overview of how VTP works.
VTP Overview
VTP allows a network manager to makes changes on a switch that is configured as a VTP server. Basically, the VTP server distributes and synchronizes VLAN information to VTP-enabled switches throughout the switched network, which minimizes the problems caused by incorrect configurations and configuration inconsistencies. VTP stores VLAN configurations in the VLAN database called vlan.dat.
In the figure, a trunk link is added between switch S1, a VTP server, and S2, a VTP client. After a trunk is established between the two switches, VTP advertisements are exchanged between the switches. Both the server and client leverage advertisements from one another to ensure each has an accurate record of VLAN information. VTP advertisements will not be exchanged if the trunk between the switches is inactive. The details on how VTP works is explained in the rest of this chapter.
Benefits of VTP
You have learned that VTP maintains VLAN configuration consistency by managing the addition, deletion, and renaming of VLANs across multiple Cisco switches in a network. VTP offers a number of benefits for network managers, as shown in the figure.
VTP Components
There are number of key components that you need to be familiar with when learning about VTP. Here is a brief description of the components, which will be further explained as you go through the chapter.
* VTP Domain-Consists of one or more interconnected switches. All switches in a domain share VLAN configuration details using VTP advertisements. A router or Layer 3 switch defines the boundary of each domain.
* VTP Advertisements-VTP uses a hierarchy of advertisements to distribute and synchronize VLAN configurations across the network.
* VTP Modes- A switch can be configured in one of three modes: server, client, or transparent.
* VTP Server-VTP servers advertise the VTP domain VLAN information to other VTP-enabled switches in the same VTP domain. VTP servers store the VLAN information for the entire domain in NVRAM. The server is where VLANs can be created, deleted, or renamed for the domain.
* VTP Client-VTP clients function the same way as VTP servers, but you cannot create, change, or delete VLANs on a VTP client. A VTP client only stores the VLAN information for the entire domain while the switch is on. A switch reset deletes the VLAN information. You must configure VTP client mode on a switch.
* VTP Transparent-Transparent switches forward VTP advertisements to VTP clients and VTP servers. Transparent switches do not participate in VTP. VLANs that are created, renamed, or deleted on transparent switches are local to that switch only.
* VTP Pruning-VTP pruning increases network available bandwidth by restricting flooded traffic to those trunk links that the traffic must use to reach the destination devices. Without VTP pruning, a switch floods broadcast, multicast, and unknown unicast traffic across all trunk links within a VTP domain even though receiving switches might discard them.
4.2 VTP Operation
4.2.1 Default VTP Configuration
In CCNA Exploration: Network Fundamentals, you learned that a Cisco switch comes from the factory with default settings. The default VTP settings are shown in the figure. The benefit of VTP is that it automatically distributes and synchronizes domain and VLAN configurations across the network. However, this benefit comes with a cost, you can only add switches that are in their default VTP configuration. If you add a VTP-enabled switch that is configured with settings that supersede existing network VTP configurations, changes that are difficult to fix are automatically propagated throughout the network. So make sure that you only add switches that are in their default VTP configuration. You will learn how to add switches to a VTP network later in this chapter.
VTP Versions
VTP has three versions, 1, 2, and 3. Only one VTP version is allowed in a VTP domain. The default is VTP version 1. A Cisco 2960 switch supports VTP version 2, but it is disabled. A discussion of VTP versions is beyond the scope of this course.
The following briefly describes the show VTP status parameters:
* VTP Version-Displays the VTP version the switch is capable of running. By default, the switch implements version 1, but can be set to version 2.
* Configuration Revision-Current configuration revision number on this switch. You will learn more about revisions numbers in this chapter.
* Maximum VLANs Supported Locally-Maximum number of VLANs supported locally.
* Number of Existing VLANs-Number of existing VLANs.
* VTP Operating Mode-Can be server, client, or transparent.
* VTP Domain Name-Name that identifies the administrative domain for the switch.
* VTP Pruning Mode-Displays whether pruning is enabled or disabled.
* VTP V2 Mode-Displays if VTP version 2 mode is enabled. VTP version 2 is disabled by default.
* VTP Traps Generation-Displays whether VTP traps are sent to a network management station.
* MD5 Digest-A 16-byte checksum of the VTP configuration.
* Configuration Last Modified-Date and time of the last configuration modification. Displays the IP address of the switch that caused the configuration change to the database.
4.2.2 VTP Domains
VTP Domains
VTP allows you to separate your network into smaller management domains to help reduce VLAN management. An additional benefit of configuring VTP domains is that it limits the extent to which configuration changes are propagated in the network if an error occurs. The figure shows a network with two VTP domains, cisco2 and cisco3. In this chapter, the three switches, S1, S2, and S3, will be configured for VTP.
A VTP domain consists of one switch or several interconnected switches sharing the same VTP domain name. Later in this chapter, you will learn how VTP-enabled switches acquire a common domain name. A switch can be a member of only one VTP domain at a time. Until the VTP domain name is specified you cannot create or modify VLANs on a VTP server, and VLAN information is not propagated over the network.
VTP Domain Name Propagation
For a VTP server or client switch to participate in a VTP-enabled network, it must be a part of the same domain. When switches are in different VTP domains, they do not exchange VTP messages. A VTP server propagates the VTP domain name to all switches for you. Domain name propagation uses three VTP components: servers, clients, and advertisements.
The network in the figure shows three switches, S1, S2, and S3, in their default VTP configuration. They are configured as VTP servers. VTP domain names have not been configured on any of the switches.
The network manager configures the VTP domain name as cisco1 on the VTP server switch S1. The VTP server sends out a VTP advertisement with the new domain name embedded inside. The S2 and S3 VTP server switches update their VTP configuration to the new domain name.
Note: Cisco recommends that access to the domain name configuration functions be protected by a password. The details of password configuration will be presented later in the course.
4.2.3 VTP Advertising
VTP Frame Structure
VTP advertisements (or messages) distribute VTP domain name and VLAN configuration changes to VTP-enabled switches. In this topic, you will learn about the VTP frame structure and how the three types of advertisements enable VTP to distribute and synchronize VLAN configurations throughout the network.
VTP Frame Encapsulation
A VTP frame consists of a header field and a message field. The VTP information is inserted into the data field of an Ethernet frame. The Ethernet frame is then encapsulated as a 802.1Q trunk frame (or ISL frame). Each switch in the domain sends periodic advertisements out each trunk port to a reserved multicast address. These advertisements are received by neighboring switches, which update their VTP and VLAN configurations as necessary.
VTP Frame Details
Keep in mind that a VTP frame encapsulated as an 802.1Q frame is not static. The contents of the VTP message determines which fields are present. The receiving VTP-enabled switch looks for specific fields and values in the 802.1Q frame to know what to process. The following key fields are present when a VTP frame is encapsulated as an 802.1Q frame:
Destination MAC address- This address is set to 01-00-0C-CC-CC-CC, which is the reserved multicast address for all VTP messages.
LLC field- Logical link control (LLC) field contains a destination service access point (DSAP) and a source service access point (SSAP) set to the value of AA.
SNAP field- Subnetwork Access Protocol (SNAP) field has an OUI set to AAAA and type set to 2003.
VTP header field- The contents vary depending on the VTP message type-summary, subset, or request, but it always contains these VTP fields:
* Domain name- Identifies the administrative domain for the switch.
* Domain name length- Length of the domain name.
* Version- Set to either VTP 1, VTP 2, or VTP 3. The Cisco 2960 switch only supports VTP 1 and VTP 2.
* Configuration revision number- The current configuration revision number on this switch.
VTP message field- Varies depending on the message type.
VTP frames contain the following fixed-length global domain information:
* VTP domain name
* Identity of the switch sending the message, and the time it was sent
* MD5 digest VLAN configuration, including maximum transmission unit (MTU) size for each VLAN
* Frame format: ISL or 802.1Q
VTP frames contain the following information for each configured VLAN:
* VLAN IDs (IEEE 802.1Q)
* VLAN name
* VLAN type
* VLAN state
* Additional VLAN configuration information specific to the VLAN type
Note: A VTP frame is encapsulated in an 802.1Q Ethernet frame. The entire 802.1Q Ethernet frame is the VTP advertisement often called a VTP message. Often the terms frame, advertisement, and message are used interchangeably.
VTP Revision Number
The configuration revision number is a 32-bit number that indicates the level of revision for a VTP frame. The default configuration number for a switch is zero. Each time a VLAN is added or removed, the configuration revision number is incremented. Each VTP device tracks the VTP configuration revision number that is assigned to it.
Note: A VTP domain name change does not increment the revision number. Instead, it resets the revision number to zero.
The revision number plays an important and complex role in enabling VTP to distribute and synchronize VTP domain and VLAN configuration information. To comprehend what the revision number does, you first need to learn about the three types of VTP advertisements and the three VTP modes.
VTP Advertisements
Summary Advertisements
The summary advertisement contains the VTP domain name, the current revision number, and other VTP configuration details.
Summary advertisements are sent:
* Every 5 minutes by a VTP server or client to inform neighboring VTP-enabled switches of the current VTP configuration revision number for its VTP domain
* Immediately after a configuration has been made
Subset Advertisements
A subset advertisement contains VLAN information. Changes that trigger the subset advertisement include:
* Creating or deleting a VLAN
* Suspending or activating a VLAN
* Changing the name of a VLAN
* Changing the MTU of a VLAN
It may take multiple subset advertisements to fully update the VLAN information.
Request Advertisements
When a request advertisement is sent to a VTP server in the same VTP domain, the VTP server responds by sending a summary advertisement and then a subset advertisement.
Request advertisements are sent if:
* The VTP domain name has been changed
* The switch receives a summary advertisement with a higher configuration revision number than its own
* A subset advertisement message is missed for some reason
* The switch has been reset
4.2.4 VTP Modes
VTP Modes Overview
A Cisco switch, configured with Cisco IOS software, can be configured in either server, client, or transparent mode. These modes differ in how they are used to manage and advertise VTP domains and VLANs.
Server Mode
In server mode, you can create, modify, and delete VLANs for the entire VTP domain. VTP server mode is the default mode for a Cisco switch. VTP servers advertise their VLAN configurations to other switches in the same VTP domain and synchronize their VLAN configurations with other switches based on advertisements received over trunk links. VTP servers keep track of updates through a configuration revision number. Other switches in the same VTP domain compare their configuration revision number with the revision number received from a VTP server to see if they need to synchronize their VLAN database.
Client Mode
If a switch is in client mode, you cannot create, change, or delete VLANs. In addition, the VLAN configuration information that a VTP client switch receives from a VTP server switch is stored in a VLAN database, not in NVRAM. Consequently, VTP clients require less memory than VTP servers. When a VTP client is shut down and restarted, it sends a request advertisement to a VTP server for updated VLAN configuration information.
Switches configured as VTP clients are more typically found in larger networks, because in a network consisting of many hundreds of switches, it is harder to coordinate network upgrades. Often there are many network administrators working at different times of the day. Having only a few switches that are physically able to maintain VLAN configurations makes it easier to control VLAN upgrades and to track which network administrators performed them.
For large networks, having client switches is also more cost-effective. By default, all switches are configured to be VTP servers. This configuration is suitable for small scale networks in which the size of the VLAN information is small and the information is easily stored in NVRAM on the switches. In a large network of many hundreds of switches, the network administrator must decide if the cost of purchasing switches with enough NVRAM to store the duplicate VLAN information is too much. A cost-conscious network administrator could choose to configure a few well-equipped switches as VTP servers, and then use switches with less memory as VTP clients. Although a discussion of network redundancy is beyond the scope of this course, know that the number of VTP servers should be chosen to provide the degree of redundancy that is desired in the network.
Transparent Mode
Switches configured in transparent mode forward VTP advertisements that they receive on trunk ports to other switches in the network. VTP transparent mode switches do not advertise their VLAN configuration and do not synchronize their VLAN configuration with any other switch. Configure a switch in VTP transparent mode when you have VLAN configurations that have local significance and should not be shared with the rest of the network.
In transparent mode, VLAN configurations are saved in NVRAM (but not advertised to other switches), so the configuration is available after a switch reload. This means that when a VTP transparent mode switch reboots, it does not revert to a default VTP server mode, but remains in VTP transparent mode.
4.2.5 VTP Pruning
VTP pruning prevents unnecessary flooding of broadcast information from one VLAN across all trunks in a VTP domain. VTP pruning permits switches to negotiate which VLANs are assigned to ports at the other end of a trunk and, hence, prune the VLANs that are not assigned to ports on the remote switch. Pruning is disabled by default. VTP pruning is enabled using the vtp pruning global configuration command. You need to enable pruning on only one VTP server switch in the domain.
VTP Pruning in Action
Recall that a VLAN creates an isolated broadcast domain. A switch floods broadcast, multicast, and unknown unicast traffic across all trunk links within a VTP domain.
VTP Pruning Enabled
The figure shows a network topology that has switches S1, S2, and S3 configured with VTP pruning. When VTP pruning is enabled on a network, it reconfigures the trunk links based on which ports are configured with which VLANs.
4.3 Configure VTP
4.3.1 Configuring VTP
VTP Configuration Guidelines
Now that you are familiar with the functionality of VTP, you are ready to learn how to configure a Cisco Catalyst switch to use VTP. The topology shows the reference topology for this chapter. VTP will be configured on this topology.
VTP Server Switches
Follow these steps and associated guidelines to ensure that you configure VTP successfully:
* Confirm that all of the switches you are going to configure have been set to their default settings.
* Always reset the configuration revision number before installing a previously configured switch into a VTP domain. Not resetting the configuration revision number allows for potential disruption in the VLAN configuration across the rest of the switches in the VTP domain.
* Configure at least two VTP server switches in your network. Because only server switches can create, delete, and modify VLANs, you should make sure that you have one backup VTP server in case the primary VTP server becomes disabled. If all the switches in the network are configured in VTP client mode, you cannot create new VLANs on the network.
* Configure a VTP domain on the VTP server. Configuring the VTP domain on the first switch enables VTP to start advertising VLAN information. Other switches connected through trunk links receive the VTP domain information automatically through VTP advertisements.
* If there is an existing VTP domain, make sure that you match the name exactly. VTP domain names are case-sensitive.
* If you are configuring a VTP password, ensure that the same password is set on all switches in the domain that need to be able to exchange VTP information. Switches without a password or with the wrong password reject VTP advertisements.
* Ensure that all switches are configured to use the same VTP protocol version. VTP version 1 is not compatible with VTP version 2. By default, Cisco Catalyst 2960 switches run version 1 but are capable of running version 2. When the VTP version is set to version 2, all version 2 capable switches in the domain autoconfigure to use version 2 through the VTP announcement process. Any version 1-only switches cannot participate in the VTP domain after that point.
* Create the VLAN after you have enabled VTP on the VTP server. VLANs created before you enable VTP are removed. Always ensure that trunk ports are configured to interconnect switches in a VTP domain. VTP information is only exchanged on trunk ports.
VTP Client Switches
* As on the VTP server switch, confirm that the default settings are present.
* Configure VTP client mode. Recall that the switch is not in VTP client mode by default. You have to configure this mode.
* Configure trunks. VTP works over trunk links.
* Connect to a VTP server. When you connect to a VTP server or another VTP-enabled switch, it takes a few moments for the various advertisements to make their way back and forth to the VTP server.
* Verify VTP status. Before you begin configuring the access ports, confirm that the revision mode and number of VLANs have been updated.
* Configure access ports. When a switch is in VTP client mode, you cannot add new VLANs. You can only assign access ports to existing VLANs.
4.3.2 Troubleshooting VTP Configurations
Troubleshooting VTP Connections
You have learned how VTP can be used to simplify managing a VLAN database across multiple switches. In this topic, you will learn about common VTP configuration problems. This information, combined with your VTP configuration skills, will help you when troubleshooting VTP configuration problems.
Incompatible VTP Versions
VTP versions 1 and 2 are incompatible with each other. Modern Cisco Catalyst switches, such as the 2960, are configured to use VTP version 1 by default. However, older switches may only support VTP version 1. Switches that only support version 1 cannot participate in the VTP domain along with version 2 switches. If your network contains switches that support only version 1, you need to manually configure the version 2 switches to operate in version 1 mode.
VTP Password Issues
When using a VTP password to control participation in the VTP domain, ensure that the password is set correctly on all switches in the VTP domain. Forgetting to set a VTP password is a very common problem. If a password is used, it must be configured on each switch in the domain. By default, a Cisco switch does not use a VTP password. The switch does not automatically set the password parameter, unlike other parameters that are set automatically when a VTP advertisement is received.
Incorrect VTP Domain Name
The VTP domain name is a key parameter that is set on a switch. An improperly configured VTP domain affects VLAN synchronization between switches. As you learned earlier, if a switch receives the wrong VTP advertisement, the switch discards the message. If the discarded message contains legitimate configuration information, the switch does not synchronize its VLAN database as expected.
To avoid incorrectly configuring a VTP domain name, only set the VTP domain name on one VTP server switch. All other switches in the same VTP domain will accept and automatically configure their VTP domain name when they receive the first VTP summary advertisement.
Switches Set to VTP Client Mode
It is possible to change the operating mode of all switches to VTP client. By doing so, you lose all ability to create, delete, and manage VLANs within your network environment. Because the VTP client switches do not store the VLAN information in NVRAM, they need to refresh the VLAN information after a reload.
To avoid losing all VLAN configurations in a VTP domain by accidentally reconfiguring the only VTP server in the domain as a VTP client, you can configure a second switch in the same domain as a VTP server. It is not uncommon for small networks that use VTP to have all the switches in VTP server mode. If the network is being managed by a couple of network administrators, it is unlikely that conflicting VLAN configurations will arise.
Incorrect Revision Number
Even after you have configured the switches in your VTP domain correctly, there are other factors that can adversely affect the functionality of VTP.
The solution to the problem is to reset each switch back to an earlier configuration and then reconfigure the correct VLANs, 10 and 20, on switch S1. To prevent this problem in the first place, reset the configuration revision number on previously configured switches being added to a VTP-enabled network. The figure shows the commands needed to reset switch S4 back to the default revision number.
4.3.3 Managing VLANs on a VTP Server
Managing VLANs on a VTP Server
You have learned about VTP and how it can be used to simplify managing VLANs in a VTP-enabled network. Consider the topology in the figure. When a new VLAN, for example, VLAN 10, is added to the network, the network manager adds the VLAN to the VTP server, switch S1 in the figure. As you know, VTP takes care of propagating the VLAN configuration details to the rest of the network. It does not have any effect on which ports are configured in VLAN 10 on switches S1, S2, and S3.
After you have configured the new VLAN on switch S1 and configured the ports on switches S1, S2, and S3 to support the new VLAN, confirm that VTP updated the VLAN database on switches S2 and S3.
4.5 Chapter Summary
4.5.1 Summary
VTP is a Cisco-proprietary protocol used to exchange VLAN information across trunk links, reducing VLAN administration and configuration errors. VTP allows you to create a VLAN once within a VTP domain and have that VLAN propagated to all other switches in the VTP domain.
There are three VTP operating modes: server, client, and transparent. VTP client mode switches are more prevalent in large networks, where there definition reduces the administration of VLAN information. In small networks, network managers can more easily keep track of network changes, so switches are often left in the default VTP server mode.
VTP pruning limits the unnecessary propagation of VLAN traffic across a LAN. VTP determines which trunk ports forward which VLAN traffic. VTP pruning improves overall network performance by restricting the unnecessary flooding of traffic across trunk links. Pruning only permits VLAN traffic for VLANs that are assigned to some switch port of a switch on the other end of a trunk link. By reducing the total amount of flooded traffic on the network, bandwidth is freed up for other network traffic.
