VLAN Trunk Protocol (VTP)

Introduction
VLAN Trunk Protocol (VTP) reduces administration in a switched network and allows a
network manager to configure a switch so that it will propagate VLAN configurations to
other switches in the network. When you configure a new VLAN on one VTP server, the
VLAN is distributed through all switches in the domain. This reduces the need to
configure the same VLAN everywhere. VTP is a Cisco-proprietary protocol that is
available on most of the Cisco Catalyst series products.
VTP minimizes misconfigurations and configuration inconsistencies that can cause
problems, such as duplicate VLAN names or incorrect VLAN-type specifications. VTP
helps you simplify management of the VLAN database across multiple switches.VTP is a
Cisco-proprietary protocol and is available on most of the Cisco switches.
Why we need VTP?
To answer this question, lets discuss a real and popular network topology.
Suppose you are working in a medium company in a 5-floor office. You assigned each
floor to a switch for easy management and of course they can be assigned to different
VLANs. For example, your bosses can sit in any floor and still access Manage VLAN
(VLAN 7). Your technical colleagues can sit anywhere on the floors to access Technical
VLAN (VLAN 4). This is the best design because each persons permission is not limited
by the physical location.

Now lets discuss about VTP role in this topology! Suppose VTP is not running on these
switches. One day, your boss decides to add a new department to your office, the Support
Department, and you are tasked to add a new SUPPORT VLAN for this department. How
will you do that? Well, without VTP you have to go to each switch to enable this new
VLAN.
But just imagine if your company was bigger with 100-floor office and some VLANs
needed to be added every month! Well, it will surely become a daunting task to add a new
VLAN like this. Luckily, Cisco always thinks big to create a method for you to just sit
at the Main Sw, adding your new VLANs and magically, other switches automatically
learn about this VLAN.
1

VLAN Trunk Protocol (VTP)

Understanding the VTP Domain
A VTP domain (also called a VLAN management domain) is made up of one or more
interconnected network devices that share the same VTP domain name. A network device
can be configured to be in one and only one VTP domain. You make global VLAN
configuration changes for the domain using either the command-line interface (CLI) or
Simple Network Management Protocol (SNMP).

VTP server mode is the default and the switch is in the no-management domain state until
it receives an advertisement for a domain over a trunk link or you configure a
management domain.
If the switch receives a VTP advertisement over a trunk link, it inherits the management
domain name and the VTP configuration revision number. The switch ignores
advertisements with a different management domain name or an earlier configuration
revision number.
If you configure the switch as VTP transparent, you can create and modify VLANs but
the changes affect only the individual switch.
The valid VLAN ranges are as follows:
VTP version 1 and version 2 support VLANs 1 to 1000 only.
In Cisco IOS Release 12.2(33)SXI and later releases, VTP version 3 is supported. In
VTP version 3, the entire VLAN range is supported (VLANs 1 to 4094).
The pruning of VLANs still applies to VLANs 1 to 1000 only.
Extended-range VLANs are supported only in VTP version 3. If converting from VTP
version 3 to VTP version 2, VLANs in the range 1006 to 4094 are removed from VTP
control.
VTP modes:
Server: The default mode. When you make a change to the VLAN configuration on a
VTP server, the change is propagated to all switches in the VTP domain. VTP messages
are transmitted out of all the trunk connections. In Server mode we can create, modify,
Delete VLANs.
2

VLAN Trunk Protocol (VTP)

Client: cannot make changes to the VLAN configuration when in this mode; however, a
VTP client can send any VLANs currently listed in its database to other VTP switches.
VTP client also forwards VTP advertisements (but cannot create VTP advertisements).
Transparent: When you make a change to the VLAN configuration in this mode, the
change affects only the local switch and does not propagate to other switches in the VTP
domain. VTP transparent mode does forward VTP advertisements that it receives within
the domain.

Use VTP in a Network

By default, all switches are configured to be VTP servers. This configuration is suitable
for small-scale networks in which the size of the VLAN information is small and the
information is easily stored in all switches (in NVRAM). In a large network, the network
administrator must make a judgment call at some point, when the NVRAM storage that is
necessary is wasteful because it is duplicated on every switch. At this point, the network
administrator must choose a few well-equipped switches and keep them as VTP servers.
Everything else that participates in VTP can be turned into a client. The number of VTP
servers should be chosen in order to provide the degree of redundancy that is desired in
the network.
Notes:
If a switch is configured as a VTP server without a VTP domain name, you cannot
configure a VLAN on the switch.
How VTP Works
To make switches exchange their VLAN information with each other, they need to be
configured in the same VTP domain. Only switches belonging to the same domain share
their VLAN information. When a change is made to the VLAN database, it is propagated
to all switches via VTP advertisements.

VLAN Trunk Protocol (VTP)

To maintain domain consistency, only one switch should be allowed to create (or delete,
modify) new VLAN. This switch is like the master of the whole VTP domain and it is
operated in Server mode. This is also the default mode.
Other switches are only allowed to receive and forward updates from the server switch.
They are operated in Client mode.

In some cases, the network manager doesnt want a switch to learn VTP information from
other switches. He can set it to transparent mode. In this mode, a switch maintains its
own VLAN database and never learns VTP information from other switches (even the
server). However, it still forwards VTP advertisements from the server to other switches
(but doesnt read that update). A transparent switch can add, delete and modify VLAN
database locally. Now return to the example above, we can configure any switches as the
server but for our convenience, the Main Sw should be assigned this function and we
should place it in a safe place.
As said above, VTP advertisements bring VLAN information to all the switches in a VTP
domain. Each VTP advertisement is sent with a Revision number. This number is used
in order to determine whether the VTP advertisement is more recent than the current
version of that switch. Because each time you make a VLAN change in a switch, the
configuration revision is incremented by one. So the higher the revision number, the
better your VTP advertisement.
For example, the first time the Main Sw
sends a VTP advertisement, its Revision
number is 1. When you add a new VLAN
to the Main Sw, it will send a VTP
advertisement with the Revision number of
2. Client switches first receive the VTP
advertisement with the Revision number of
1, which is bigger than its current Revision
number (0) so it updates its VLAN
database. Next it receives the VTP
advertisement with the Revision number of
2, it continues comparing with its current
Revision number (1) -> it continues update
its VLAN database.
4

VLAN Trunk Protocol (VTP)

One important thing you must know is when a switch receives a better VTP
advertisement; it deletes its whole VTP information and copy the new information from
the better VTP advertisement to its VLAN database. A switch does not try to compare its
own VLAN database with information from the received VTP advertisements to find out
and update the difference!
The show vtp status command analysis
The most important command to view the status of VTP on Cisco switches that each
CCNA learners must grasp is the show vtp status command. Lets have a look at the
output of this command:

VTP Version: displays the VTP version the switch is running. By default, the switch runs
version 1 but can be set to version 2. Within a domain, the two VTP versions are not
interoperable so make sure to configure the same VTP version on every switch in a
domain.
Configuration Revision: current Revision number on this switch.
Maximum VLANs Supported Locally: maximum number of VLANs supported locally.
Number of Existing VLANs: Number of existing VLANs.
VTP Operating Mode: can be server, client, or transparent.
VTP Domain Name: name that identifies the administrative domain for the switch.
By default, a switch operates in VTP Server mode with a NULL (blank) domain name
with no password configured (the password field is not listed in the output)
VTP Pruning Mode: displays whether pruning is enabled or disabled. We will discuss
about VTP Pruning later.
VTP V2 Mode: displays if VTP version 2 mode is enabled. VTP version 2 is disabled by
default.
VTP Traps Generation: displays whether VTP traps are sent to a network management
station.
MD5 Digest: a 16-byte checksum of the VTP configuration.
Configuration Last Modified: date and time of the last configuration modification.
You only need to enable pruning on one VTP server switch in the domain.
Main Sw(config)#vtp version 2
Main Sw(config)#vtp domain LAB
Main Sw(config)#vtp mode server
Main Sw(config)#vtp password keepitsecret
5

VLAN Trunk Protocol (VTP)

On client switches
Client(config)#vtp version 2
Client(config)#vtp domain LAB
Client(config)#vtp password keepitsecret
Client(config)#vtp mode client
To configure trunk between these ports, use the following commands on the two switches
to form the trunk.
Client(config)#interface fa0/1 (or the interface on the link you want to be trunk)
Client(config-if)#switchport mode trunk
Below summaries important notes about VTP:
Whenever a change occurs in the VLAN database, the VTP server increments its
configuration revision number and then advertises the new revision throughout the
VTP domain via VTP advertisements.
VTP operates in one of three modes: server, transparent, or client.
VTP Version2
VTP V2 is not much different than VTP V1. The major difference is that VTP V2
introduces support for Token Ring VLANs. If you use Token Ring VLANs, you must
enable VTP V2. Otherwise, there is no reason to use VTP V2. Changing the VTP version
from 1 to 2 will not cause a switch to reload.
VTP Password
If you configure a password for VTP, you must configure the password on all switches in
the VTP domain. The password must be the same password on all those switches. The
VTP password that you configure is translated by algorithm into a 16-byte word (MD5
value) that is carried in all summary-advertisement VTP packets.
VTP Pruning
To understand what VTP Pruning is, lets see an example:

When PC A sends a broadcast frame on VLAN 10, it travels across all trunk links in the
VTP domain. Switches Server, Sw2, and Sw3 all receive broadcast frames from PC A.
6

VLAN Trunk Protocol (VTP)

But only Sw3 has user on VLAN 10 and it is a waste of bandwidth on Sw2. Moreover,
that broadcast traffic also consumes processor time on Sw2. The link between switches
Server and Sw2 does not carry any VLAN 10 traffic so it can be pruned.

VTP Pruning makes more efficient use of trunk bandwidth by forwarding broadcast and
unknown unicast frames on a VLAN only if the switch on the receiving end of the trunk
has ports in that VLAN. In the above example, Server switch doesnt send broadcast
frame to Sw2 because Sw2 doesnt have ports in VLAN 10.
When a switch has a port associated with a VLAN, the switch sends an advertisement to
its neighbors to inform that it has active ports on that VLAN. For example, Sw3 sends an
advertisement to Server switch to inform that it has active port for VLAN 10. Sw2 has not
advertised about VLAN 10 so Server switch will prune VLAN 10 on the trunk to Sw2.
Understanding VTP Advertisements
Each network device in the VTP domain sends periodic advertisements out each trunking
LAN port to a reserved multicast address. VTP advertisements are received by
neighboring network devices, which update their VTP and VLAN configurations as
necessary.
VTP message types:
Summary advertisements
Subset advertisement.
Advertisement requests.
Summary Advertisements
By default, Catalyst switches issue summary advertisements in five-minute increments.
Summary advertisements inform adjacent Catalysts of the current VTP domain name and
the configuration revision number.
When the switch receives a summary advertisement packet, the switch compares the VTP
domain name to its own VTP domain name. If the name is different, the switch simply
ignores the packet. If the name is the same, the switch then compares the configuration
revision to its own revision. If its own configuration revision is higher or equal, the packet
is ignored. If it is lower, an advertisement request is sent.
Subset Advertisements
When you add, delete, or change a VLAN in a Catalyst, the server Catalyst where the
changes are made increments the configuration revision and issues a summary
7

VLAN Trunk Protocol (VTP)

advertisement. One or several subset advertisements follow the summary advertisement. A
subset advertisement contains a list of VLAN information. If there are several VLANs,
more than one subset advertisement can be required in order to advertise all the VLANs.
Advertisement Requests
A switch needs a VTP advertisement request in these situations:
The switch has been reset. The VTP domain name has been changed. The switch has
received a VTP summary advertisement with a higher configuration revision than its own.
Upon receipt of an advertisement request, a VTP device sends a summary advertisement.
One or more subset advertisements follow the summary advertisement.
Configuring VTP Global Parameters
This example shows one way to configure a VTP password in global configuration mode:
Router# configure terminal
Router# vtp version 2
Router(config)# vtp domain lab_network
Router(config)# vtp mode server
Router(config)# vtp password WATER
Router(config)# vtp pruning
Router# show vtp status