Home > Articles > Cisco Certification > CCNP > Implementing Cisco IP Switched Networks (SWITCH) Foundation Learning Guide: Campus Network Architecture

Implementing Cisco IP Switched Networks (SWITCH) Foundation Learning Guide: Campus Network Architecture

Chapter Description

This chapter from Implementing Cisco IP Switched Networks (SWITCH) Foundation Learning Guide: (CCNP SWITCH 300-115) covers implementing VLANs and trunks in campus switched architecture, understanding the concept of VTP and its limitation and configurations, and implementing and configuring EtherChannel.

VLAN Trunking Protocol

VTP is a protocol that is used to distribute and synchronize information about VLAN databases configured throughout a switched network. VTP minimizes misconfigurations and configuration inconsistencies that might result in various problems, such as duplicate VLAN names, incorrect VLAN-type specifications, and security violations.

This section discusses in detail how to plan, implement, and verify VTP in campus networks. The following subsections cover these topics:

  • VTP overview
  • VTP modes
  • VTP versions
  • VTP pruning
  • VTP authentication
  • VTP advertisements
  • VTP configuration and verifications
  • VTP configuration overwriting
  • VTP best practices

VTP Overview

VTP is a Layer 2 protocol that maintains VLAN configuration consistency by managing the additions, deletions, and name changes of VLANs across networks, as shown in Figure 3-15. Switches transmit VTP messages only on 802.1Q or ISL trunks. Cisco switches transmit VTP summary advertisements over the management VLAN (VLAN 1 by default) using a Layer 2 multicast frame every 5 minutes. VTP packets are sent to the destination MAC address 01-00-0C-CC-CC-CC with a logical link control (LLC) code of Subnetwork Access Protocol (SNAP) (AAAA) and a type of 2003 (in the SNAP header).

Figure 3-15

Figure 3-15 VTP Overview

In Figure 3-15, configurations made to a single VTP server propagate across trunk links to all connected switches in the network in the following manner:

  • Step 1. An administrator adds a new VLAN definition.
  • Step 2. VTP propagates the VLAN information to all switches in the VTP domain.
  • Step 3. Each switch synchronizes its configuration to incorporate the new VLAN data.

VTP domain is one switch or several interconnected switches sharing the same VTP environment but switch can be only in one VTP domain at any time. By default, a Cisco Catalyst switch is in the no-management-domain state or <null> until it receives an advertisement for a domain over a trunk link or until you configure a management domain. Configurations that are made on a single VTP server are propagated across trunk links to all of the connected switches in the network. Configurations will be exchanged if VTP domain and VTP passwords match.

VTP is a Cisco proprietary protocol.

VTP Modes

VTP operates in one of three modes: server, transparent, or client. On some switches, VTP can also be completely disabled. Figure 3-16 shows the brief description of each of the VTP modes.

Figure 3-16

Figure 3-16 VTP Modes and Its Characteristics

The characteristics of the three VTP modes are as follows:

  • Server: The default VTP mode is server mode, but VLANs are not propagated over the network until a management domain name is specified or learned. When you make a change to the VLAN configuration on a VTP server, the change is propagated to all switches in the VTP domain. VTP messages are transmitted out of all the trunk connections.
  • Transparent: When you make a change to the VLAN configuration in VTP transparent mode, the change affects only the local switch. The change does not propagate to other switches in the VTP domain. VTP transparent mode does forward VTP advertisements that it receives within the domain.
  • Client: A VTP client behaves like a VTP server and transmits and receives VTP updates on its trunks, but you cannot create, change, or delete VLANs on a VTP client. VLANs are configured on another switch in the domain that is in server mode.

In the server, transparent, and client modes, VTP advertisements are received and transmitted as soon as the switch enters the management domain state. In the VTP off mode, switches behave the same as in VTP transparent mode with the exception that VTP advertisements are not forwarded. Off mode is not available in all releases.

By default, Cisco IOS VTP servers and clients save VLANs to the vlan.dat file in flash memory, causing them to retain the VLAN table and revision number.

Switches that are in VTP transparent mode display the VLAN and VTP configurations in the show running-config command output because this information is stored in the configuration text file. If you perform erase startup-config on a VTP transparent switch you will delete its VLANs.

VTP Versions

Cisco Catalyst switches support three different versions of VTP: 1, 2, and 3. It is important to decide which version to use because they are not interoperable. In addition, Cisco recommends running only one VTP version for network stability. This chapter emphasizes VTP Versions 1 and 2 because VTP Version 3 is not the most frequently used version of the VTP.

The default VTP version that is enabled on a Cisco switch is Version 1. If you do need to change the version of VTP in the domain, the only thing that you need to do is to enable it on the VTP server; the change will propagate throughout the network.

VTP Version 2 offers the following features that Version 1 does not:

  • Version-dependent transparent mode: In VTP Version 1, a VTP transparent network device inspects VTP messages for the domain name and version, and forwards a message only if the version and domain name match. Because only one domain is supported in the Supervisor Engine software, VTP Version 2 forwards VTP messages in transparent mode, without checking the version.
  • Consistency check: In VTP Version 2, VLAN consistency checks, such as VLAN names and values, are performed. However, this is only done when you enter information through the command-line interface (CLI) or Simple Network Management Protocol (SNMP). Consistency checks are not performed when new information is obtained from a VTP message or when information is read from NVRAM. If the digest on a received VTP message is correct, its information is accepted without consistency checks.
  • Token ring support: VTP Version 2 supports Token Ring LAN switching and VLANs.
  • Unrecognized type-length-value support: VTP Version 2 switches propagate received configuration change messages out other trunk links, even if they are not able to understand the message. Instead of dropping the unrecognized VTP message, Version 2 still propagates the information and keeps a copy in NVRAM.

VTP Version 3 brings the following properties:

  • Extended VLAN support: VTP also can be used to propagate VLANs with numbers 1017–4094 (1006–1017 and 4095–2096 are reserved).
  • Domain name is not automatically learned: With VTPv2, a factory default switch that receives a VTP message will adapt the new VTP domain name. Because this is a very dangerous behavior, VTPv3 forces manual configuration.
  • Better security: VTP domain password is secure during transmission and in the switch’s database.
  • Better database propagation. Only the primary server is allowed to update other devices and only one server per VTP domain is allowed to have this role.
  • Multiple Spanning Tree (MST) support: VTPv3 adds support for propagation of MST instances.

VTP Pruning

VTP pruning uses VLAN advertisements to determine when a trunk connection is flooding traffic needlessly. By default, a trunk connection carries traffic for all VLANs in the VTP management domain. Commonly, some switches in an enterprise network do not have local ports configured in each VLAN. In Figure 3-17, Switches 1 and 4 support ports statically configured in the red VLAN.

Figure 3-17

Figure 3-17 VTP Pruning

VTP pruning increases available bandwidth by restricting flooded traffic to those trunk links that the traffic must use to access the appropriate network devices. Figure 3-17 shows a switched network with VTP pruning enabled. The broadcast traffic from Hosts or workstation in red VLAN is not forwarded to Switches 3, 5, and 6, because traffic for the red VLAN has been pruned on the links indicated on Switches 2 and 4.

Regardless of whether you use VTP pruning support, Catalyst switches run an instance of STP for each VLAN. An instance of STP exists for each VLAN even if no ports are active in the VLAN or if VTP pruning removes the VLANs from an interface. As a result, VTP pruning prevents flooded traffic from propagating to switches that do not have members in specific VLANs. However, VTP pruning does not eliminate the switches’ knowledge of pruned VLANs.

VTP Authentication

VTP domains can be secured by using the VTP password feature. It is important to make sure that all the switches in the VTP domain have the same password and domain name; otherwise, a switch will not become a member of the VTP domain. Cisco switches use the message digest 5 (MD5) algorithm to encode passwords in 16-byte words. These passwords propagate inside VTP summary advertisements. In VTP, passwords are case sensitive and can be 8 to 64 characters in length. The use of VTP authentication is a recommended practice.

VTP Advertisements

VTP advertisements are flooded throughout the management domain. VTP advertisements are sent every 5 minutes or whenever there is a change in VLAN configurations. Advertisements are transmitted (untagged) over the native VLAN (VLAN 1 by default) using a multicast frame. A configuration revision number is included in each VTP advertisement. A higher configuration revision number indicates that the VLAN information being advertised is more current than the stored information.

One of the most critical components of VTP is the configuration revision number. Each time a VTP server modifies its VLAN information, the VTP server increments the configuration revision number by one. The server then sends out a VTP advertisement with the new configuration revision number. If the configuration revision number being advertised is higher than the number stored on the other switches in the VTP domain, the switches overwrite their VLAN configurations with the new information that is being advertised. As shown in Figure 3-18, when the VLAN was added into the database on the VTP server switch, it increased the revision to 4 and advertised the rest of the domain switches that are in client or server VTP mode. However, the switch in transparent mode does not change its revision number or its database.

Figure 3-18

Figure 3-18 VTP Advertisement

The configuration revision number in VTP transparent mode is always zero. Because a VTP-transparent switch does not participate in VTP, that switch does not advertise its VLAN configuration or synchronize its VLAN database upon receipt of a VTP advertisement.

A device that receives VTP advertisements must check various parameters before incorporating the received VLAN information. First, the management domain name and password in the advertisement must match those values that are configured on the local switch. Next, if the configuration revision number indicates that the message was created after the configuration currently in use, the switch incorporates the advertised VLAN information.

VTP Messages Types

VTP uses various message types for its communication. The subsections that follow describe the message types for VTP.

Summary Advertisements

By default, Catalyst switches issue summary advertisements in 5-minute increments. Summary advertisements inform adjacent Catalysts of the current VTP domain name and the configuration revision number.

When the switch receives a summary advertisement packet, the switch compares the VTP domain name to its own VTP domain name. If the name differs, the switch simply ignores the packet. If the name is the same, the switch then compares the configuration revision to its own revision. If its own configuration revision is higher or equal, the packet is ignored. If it is lower, an advertisement request is sent.

Subset Advertisements

When you add, delete, or change a VLAN in a Catalyst server, the Catalyst server where the changes are made increments the configuration revision and issues a summary advertisement. One or several subset advertisements follow the summary advertisement. A subset advertisement contains a list of VLAN information. If there are several VLANs, more than one subset advertisement can be required to advertise all the VLANs.

Advertisement Requests

A switch needs a VTP advertisement request in these situations:

  • The switch has been reset.
  • The VTP domain name has been changed.
  • The switch has received a VTP summary advertisement with a higher configuration revision than its own.
  • Upon receipt of an advertisement request, a VTP device sends a summary advertisement. One or more subset advertisements follow the summary advertisement.

Configuring and Verifying VTP

When creating VLANs, one must decide whether to use VTP in your network. With VTP, changes made on one or more switches propagate automatically to all other switches in the same VTP domain.

The VTP domain name can be specified or learned. By default, the domain name is <null>. You can specify the password for the VTP management domain. However, if the same password for each switch is not used in the domain, VTP will not function properly. MD5 hashing is used for VTP passwords.

To configure VTP, use the topology layout shown in Figure 3-19. In this scenario, Switch 1 will be configured as client, Switch 2 as server, and Switch 3 for transparent mode.

Figure 3-19

Figure 3-19 VTP Configuration Topology

Complete the following steps to configure the VTP on the switches shown in the topology in Figure 3-19:

  • Step 1. Configure VTP on all the switches, Switch 1 and Switch 3 as client mode where as Switch2 as server mode

    Switch1(config)# vtp password Cisco
    Switch1(config)#vtp mode client
    Switch1(config)#vtp domain CCNP
    Switch1(config)#vtp version 1
    ------
    Switch3(config)# vtp password Cisco
    Switch3(config)#vtp mode client
    Switch3(config)#vtp domain CCNP
    Switch3(config)#vtp version 1
    -----
    Switch2(config)# vtp password Cisco
    Switch2(config)#vtp mode server
    Switch2(config)#vtp domain CCNP
    Switch2(config)#vtp version 1
  • Step 2. Issue the show vtp status command on Switch 1 to view the default configuration.

    Switch 1 is configured as a VTP client.

    Switch 1 is in VTP domain CCNP:

    Switch1# show vtp status
    VTP Version capable             : 1 to 3
    VTP version running             : 1
    VTP Domain Name                 :CCNP
    VTP Pruning Mode                : Disabled
    VTP Traps Generation            : Disabled
    Device ID                       : aabb.cc00.5600
    Configuration last modified by 0.0.0.0 at 0-0-00 00:00:00
    
    Feature VLAN:
    --------------
    VTP Operating Mode                : Client
    Maximum VLANs supported locally   : 1005
    Number of existing VLANs          : 5
    Configuration Revision            : 0
    MD5 digest                        : 0x57 0xCD 0x40 0x65 0x63 0x59 0x47
    0xBD
                                        0x56 0x9D 0x4A 0x3E 0xA5 0x69 0x35
    0xBC

    As you notice, there are only five default VLANs present on the switch. VLAN 1 and 1002–1005. The VTP revision is 0. Revision 0 means that no changes were made to the VLAN database on this switch so far. Every time that you make a change to the VLAN database (add, remove, modification), the revision will increase by one.

  • Step 3. Issue the show vtp status command on Switch 2.

    Switch 2 is configured as VTP server.

    Like on Switch 1, only default VLANs are present, VTP revision is 0, and the VTP domain is set to CCNP:

    Switch2# show vtp status
    VTP Version capable             : 1 to 3
    VTP version running             : 1
    VTP Domain Name                 :CCNP
    VTP Pruning Mode                : Disabled
    VTP Traps Generation            : Disabled
    Device ID                       : aabb.cc00.6300
    Configuration last modified by 0.0.0.0 at 0-0-00 00:00:00
    Local updater ID is 0.0.0.0 (no valid interface found)
    
    Feature VLAN:
    --------------
    VTP Operating Mode                : Server
    Maximum VLANs supported locally   : 1005
    Number of existing VLANs          : 5
    Configuration Revision            : 0
    MD5 digest                        : 0x57 0xCD 0x40 0x65 0x63 0x59 0x47
    0xBD
                                        0x56 0x9D 0x4A 0x3E 0xA5 0x69 0x35
    0xBC
  • Step 4. Issue the show vtp status command on Switch 3.

    Switch 3 is configured for VTP transparent mode.

    Like on Switch 1 and Switch 2, only default VLANs are present, VTP revision is 0, and the VTP domain is set to CCNP:

    Switch3# show vtp status
    VTP Version capable             : 1 to 3
    VTP version running             : 1
    VTP Domain Name                 :CCNP
    VTP Pruning Mode                : Disabled
    VTP Traps Generation            : Disabled
    Device ID                       : aabb.cc00.6400
    Configuration last modified by 0.0.0.0 at 0-0-00 00:00:00
    
    Feature VLAN:
    --------------
    VTP Operating Mode                : Transparent
    Maximum VLANs supported locally   : 1005
    Number of existing VLANs          : 5
    Configuration Revision            : 0
    MD5 digest                        : 0x57 0xCD 0x40 0x65 0x63 0x59 0x47
    0xBD
                                        0x56 0x9D 0x4A 0x3E 0xA5 0x69 0x35
    0xBC
  • Step 5. Create VLAN 10 on Switch 2.

    Switch 2 is in VTP server mode. You should be allowed to add VLAN 10 to the Switch 2 database:

    Switch2# configure terminal
    Switch2(config)# vlan 10
  • Step 6. Verify VLAN database and VTP status on Switch 2.

    Use the commands show vlan and show vtp status.

    Switch 2 now has VLAN 10 in the database:

    Switch2# show vlan
    
    VLAN Name                             Status    Ports
    ---- -------------------------------- --------- -------------------------------
    1    default                          active    Et0/0, Et0/3, Et1/0, Et1/1
                                                    Et1/2, Et1/3, Et2/0, Et2/1
                                                    Et2/2, Et2/3, Et3/0, Et3/1
                                                    Et3/2, Et3/3, Et4/0, Et4/1
                                                    Et4/2, Et4/3, Et5/0, Et5/1
                                                    Et5/2, Et5/3
    10   VLAN0010                         active
    1002 fddi-default                     act/unsup
    1003 token-ring-default               act/unsup
    1004 fddinet-default                  act/unsup
    1005 trnet-default                    act/unsup
    
    VLAN Type  SAID       MTU   Parent RingNo BridgeNo Stp  BrdgMode Trans1 Trans2
    ---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
    1    enet  100001     1500  -      -      -        -    -        0      0
    10   enet  100010     1500  -      -      -        -    -        0      0
    1002 fddi  101002     1500  -      -      -        -    -        0      0
    1003 tr    101003     1500  -      -      -        -    -        0      0
    1004 fdnet 101004     1500  -      -      -        ieee -        0      0
    1005 trnet 101005     1500  -      -      -        ibm  -        0      0
    
    Primary Secondary Type              Ports
    ------- --------- ----------------- ------------------------------------------

    The revision number increased by one on Switch 2:

    Switch2# show vtp status
    VTP Version capable             : 1 to 3
    VTP version running             : 1
    VTP Domain Name                 :
    VTP Pruning Mode                : Disabled
    VTP Traps Generation            : Disabled
    Device ID                       : aabb.cc00.6300
    Configuration last modified by 0.0.0.0 at 9-23-13 08:33:48
    Local updater ID is 0.0.0.0 (no valid interface found)
    
    Feature VLAN:
    --------------
    VTP Operating Mode                : Server
    Maximum VLANs supported locally   : 1005
    Number of existing VLANs          : 6
    Configuration Revision            : 1
    MD5 digest                        : 0xB1 0xBE 0x72 0x49 0x96 0x6D 0x99
    0xA4
                                        0xB4 0xDC 0x94 0x56 0xD4 0xC2 0x6A
    0xBB

    But the real question now is did changes in Switch 2’s database propagate to Switch 1 and Switch 3?

  • Step 7. Verify changes in VLAN database and VTP status on Switch 1.

    Use the commands show vlan and show vtp status.

    Because Switch 1 is a VTP client, VLAN 10 got replicated from Switch 2:

    Switch1# show vlan
    
    VLAN Name                             Status    Ports
    ---- -------------------------------- --------- -------------------------------
    1    default                          active    Et0/0, Et0/2, Et0/3, Et1/0
                                                    Et1/1, Et1/2, Et1/3, Et2/0
                                                    Et2/1, Et2/2, Et2/3, Et3/0
                                                    Et3/1, Et3/2, Et3/3, Et4/0
                                                    Et4/1, Et4/2, Et4/3, Et5/0
                                                    Et5/1, Et5/2, Et5/3
    10   VLAN0010                         active
    1002 fddi-default                     act/unsup
    1003 token-ring-default               act/unsup
    1004 fddinet-default                  act/unsup
    1005 trnet-default                    act/unsup
    
    VLAN Type  SAID       MTU   Parent RingNo BridgeNo Stp  BrdgMode Trans1 Trans2
    ---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
    1    enet  100001     1500  -      -      -        -    -        0      0
    10   enet  100010     1500  -      -      -        -    -        0      0
    20   enet  100020     1500  -      -      -        -    -        0      0
    1002 fddi  101002     1500  -      -      -        -    -        0      0
    1003 tr    101003     1500  -      -      -        -    srb      0      0
    
    VLAN Type  SAID       MTU   Parent RingNo BridgeNo Stp  BrdgMode Trans1 Trans2
    ---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
    1004 fdnet 101004     1500  -      -      -        ieee -        0      0
    1005 trnet 101005     1500  -      -      -        ibm  -        0      0
    
    Primary Secondary Type              Ports
    ------- --------- ----------------- ------------------------------------------

    The revision number on Switch 1 is now the same as on Switch 2. This indicates that they have an identical VLAN database:

    Switch1# show vtp status
    VTP Version capable             : 1 to 3
    VTP version running             : 1
    VTP Domain Name                 : CCNP
    VTP Pruning Mode                : Disabled
    VTP Traps Generation            : Disabled
    Device ID                       : aabb.cc00.5600
    Configuration last modified by 0.0.0.0 at 9-23-13 08:59:42
    
    Feature VLAN:
    --------------
    VTP Operating Mode                : Client
    Maximum VLANs supported locally   : 1005
    Number of existing VLANs          : 6
    Configuration Revision            : 1
    MD5 digest                        : 0xDF 0x2B 0x3B 0x5D 0x0E 0x8E 0x10
    0x17
                                        0x6D 0xDD 0xE2 0x45 0x7F 0x91 0x95
    0x9E
  • Step 8. Verify changes in VLAN database and VTP status on Switch 3.

    Use the commands show vlan and show vtp status.

    Switch 3 is in VTP transparent mode. A switch in transparent mode never synchronizes its database to that of the VTP server. In essence, enabling VTP transparent mode disables VTP.

    Notice that there is no VLAN 10 on Switch 3:

    Switch3# show vlan
    
    VLAN Name                             Status    Ports
    ---- -------------------------------- --------- -------------------------------
    1    default                          active    Et0/0, Et0/2, Et0/3, Et1/0
                                                    Et1/1, Et1/2, Et1/3, Et2/0
                                                    Et2/1, Et2/2, Et2/3, Et3/0
                                                    Et3/1, Et3/2, Et3/3, Et4/0
                                                    Et4/1, Et4/2, Et4/3, Et5/0
                                                    Et5/1, Et5/2, Et5/3
    1002 fddi-default                     act/unsup
    1003 token-ring-default               act/unsup
    1004 fddinet-default                  act/unsup
    1005 trnet-default                    act/unsup
    
    VLAN Type  SAID       MTU   Parent RingNo BridgeNo Stp  BrdgMode Trans1 Trans2
    ---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
    1    enet  100001     1500  -      -      -        -    -        0      0
    1002 fddi  101002     1500  -      -      -        -    -        0      0
    1003 tr    101003     1500  -      -      -        -    -        0      0
    1004 fdnet 101004     1500  -      -      -        ieee -        0      0
    1005 trnet 101005     1500  -      -      -        ibm  -        0      0
    
    Primary Secondary Type              Ports
    ------- --------- ----------------- ------------------------------------------

    The revision number on a VTP transparent switch will always be at zero:

    Switch3# show vtp status
    VTP Version capable             : 1 to 3
    VTP version running             : 1
    VTP Domain Name                 : CCNP
    VTP Pruning Mode                : Disabled
    VTP Traps Generation            : Disabled
    Device ID                       : aabb.cc00.6400
    Configuration last modified by 0.0.0.0 at 0-0-00 00:00:00
    
    Feature VLAN:
    --------------
    VTP Operating Mode                : Transparent
    Maximum VLANs supported locally   : 1005
    Number of existing VLANs          : 5
    Configuration Revision            : 0
    MD5 digest                        : 0xC8 0x7E 0xBB 0x23 0xCB 0x0D 0xFA
    0xCE
                                        0xDB 0xC1 0x0F 0x96 0xF6 0xCA 0x8B
    0xAA
  • Step 9. Create VLAN 20 on Switch 3:

    Switch3(config)# vlan 20
  • Step 10. Investigate VLAN databases on all three switches. Is VLAN 20 present on all three?

    Use the show vlan command:

Switch1# show vlan

VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
1    default                          active    Et0/0, Et0/2, Et0/3, Et1/0
                                                Et1/1, Et1/2, Et1/3, Et2/0
                                                Et2/1, Et2/2, Et2/3, Et3/0
                                                Et3/1, Et3/2, Et3/3, Et4/0
                                                Et4/1, Et4/2, Et4/3, Et5/0
                                                Et5/1, Et5/2, Et5/3
10   VLAN0010                         active
1002 fddi-default                     act/unsup
<... output omitted ...>

Switch2# show vlan

VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
1    default                          active    Et0/0, Et0/3, Et1/0, Et1/1
                                                Et1/2, Et1/3, Et2/0, Et2/1
                                                Et2/2, Et2/3, Et3/0, Et3/1
                                                Et3/2, Et3/3, Et4/0, Et4/1
                                                Et4/2, Et4/3, Et5/0, Et5/1
                                                Et5/2, Et5/3
10   VLAN0010                         active
1002 fddi-default                     act/unsup
1003 token-ring-default               act/unsup
1004 fddinet-default                  act/unsup
1005 trnet-default                    act/unsup
<... output omitted ...>

Switch3# show vlan

VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
1    default                          active    Et0/0, Et0/1, Et0/3, Et1/0
                                                Et1/1, Et1/2, Et1/3, Et2/0
                                                Et2/1, Et2/2, Et2/3, Et3/0
                                                Et3/1, Et3/2, Et3/3, Et4/0
                                                Et4/1, Et4/2, Et4/3, Et5/0
                                                Et5/1, Et5/2, Et5/3
20   VLAN0020                         active
1002 fddi-default                     act/unsup
1003 token-ring-default               act/unsup
1004 fddinet-default                  act/unsup
1005 trnet-default                    act/unsup
<... output omitted ...>

While a switch is in VTP transparent mode, it can create and delete VLANs that are local only to itself. These VLAN changes are not propagated to any other switch.

In this example, VLAN 20 is only present in the VLAN database of Switch 3 (the VTP transparent switch, on which you created the VLAN).

Overwriting VTP Configuration (Very Common Issue with VTP)

One of the common issues with VTP is that if you are not careful you can easily wipe out the configuration of the VLAN database across the entire network. Therefore, when a switch is added to a network, it is important that it does not inject spurious information into the domain. Let’s review the scenarios illustrated in Figure 3-20, where the SW1 is a VTP server, and SW2 and SW3 are in the VTP client mode. They are all synced to the same configuration revision number ‘12’ and have VLANs 10, 20, 30, and 40. In addition, each switch has hosts connected to multiple VLANs, like SW1 has hosts in VLAN 10 and 20, as depicted in Figure 3-20.

Figure 3-20

Figure 3-20 Overwriting VTP Configuration

Example 3-10 shows the VTP and VLAN configuration of the switch SW1. Note that SW2 and SW3 would have the similar revision number and VLANs because they are completely synced.

Example 3-10 VLAN and VTP Outputs from Switch SW1

SW1# show vtp status
VTP Version capable             : 1 to 3
VTP version running             : 1
VTP Domain Name                 : CCNP
VTP Pruning Mode                : Disabled
VTP Traps Generation            : Disabled
Device ID                       : aabb.cc00.5a00
Configuration last modified by 0.0.0.0 at 9-24-13 07:33:33
Local updater ID is 0.0.0.0 (no valid interface found)

Feature VLAN:
--------------
VTP Operating Mode                : Server
Maximum VLANs supported locally   : 1005
Number of existing VLANs          : 9
Configuration Revision            : 12
MD5 digest                        : 0x11 0x31 0x4F 0x6A 0x96 0x0D 0xB6 0xB9
                                    0xAE 0xF4 0xD4 0x85 0x4D 0x58 0xC8 0x4D
SW1# show vlan

VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
1    default                          active    Et0/0, Et1/0, Et2/0, Et2/1
                                                Et2/2, Et2/3, Et3/0, Et3/1
                                                Et3/2, Et3/3, Et4/0, Et4/1
                                                Et4/2, Et4/3, Et5/0, Et5/1
                                                Et5/2, Et5/3
10   VLAN0010                         active
20   VLAN0020                         active    Et1/2
30   VLAN0030                         active    Et1/3
40   VLAN0040                         active

Now assume that SW2 failed and was replaced by another new switch in the closet, as shown in Figure 3-21.

Figure 3-21

Figure 3-21 Overwriting VTP Configuration: Switch Failure

However, the network administrator forgot to erase the configuration and VLAN database.

The replacement switch has the same VTP domain name configured as the other two switches. The VTP revision number on the replacement switch is 29, higher than the revision on the other two switches.

Example 3-11 shows the output of VLANs and VTP on the new replacement switch to show the revision number and its VLAN database.

Example 3-11 VTP and VLAN Output from the New Replacement Switch

Replacement# show vtp status
VTP Version capable             : 1 to 3
VTP version running             : 1
VTP Domain Name                 : CCNP
VTP Pruning Mode                : Disabled
VTP Traps Generation            : Disabled
Device ID                       : aabb.cc00.5a00
Configuration last modified by 0.0.0.0 at 9-24-13 08:15:44
Local updater ID is 0.0.0.0 (no valid interface found)

Feature VLAN:
--------------
VTP Operating Mode                : Server
Maximum VLANs supported locally   : 1005
Number of existing VLANs          : 10
Configuration Revision            : 29
MD5 digest                        : 0x29 0xF2 0x1F 0xA5 0x41 0x44 0x04 0xAC
                                    0x08 0x3B 0x9A 0x2C 0x73 0x8A 0xA2 0xBD
! The replacement switch does not have VLANs 20, 30, and 40 in its database.
Replacement# show vlan

VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
1    default                          active    Et0/0, Et0/1, Et0/2, Et1/0
                                                Et2/0, Et2/1, Et2/2, Et2/3
                                                Et3/0, Et3/1, Et3/2, Et3/3
                                                Et4/0, Et4/1, Et4/2, Et4/3
                                                Et5/0, Et5/1, Et5/2, Et5/3
10   VLAN0010                         active    Et1/1
11   VLAN0011                         active
22   VLAN0022                         active
33   VLAN0033                         active
44   VLAN0044                         active
<... output omitted ...>

Because SW2 has a higher revision number, SW1 and SW3 will sync to the latest revision.

The consequence is that VLANs 20, 30, and 40 no longer exist on SW1 and SW2. This leaves the clients that are connected to ports belonging to nonexisting VLANs without connectivity, as shown in Figure 3-22.

Figure 3-22

Figure 3-22 VTP Overwriting Advertisement

Example 3-12 shows the output of show vtp status and show vlan of the SW1 and SW3 to show how the VLAN database is updated with new switch database.

Example 3-12 Show VTP Status and Show VLAN Outputs from SW1 and SW3

SW1# show vtp status
VTP Version capable             : 1 to 3
VTP version running             : 1
VTP Domain Name                 : CCNP
VTP Pruning Mode                : Disabled
VTP Traps Generation            : Disabled
Device ID                       : aabb.cc00.5900
Configuration last modified by 0.0.0.0 at 9-24-13 08:15:44
Local updater ID is 0.0.0.0 (no valid interface found)

Feature VLAN:
--------------
VTP Operating Mode                : Server
Maximum VLANs supported locally   : 1005
Number of existing VLANs          : 10
Configuration Revision            : 29
MD5 digest                        : 0x29 0xF2 0x1F 0xA5 0x41 0x44 0x04 0xAC
                                    0x08 0x3B 0x9A 0x2C 0x73 0x8A 0xA2 0xBD
SW1# show vlan

VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
1    default                          active    Et0/0, Et1/0, Et2/0, Et2/1
                                                Et2/2, Et2/3, Et3/0, Et3/1
                                                Et3/2, Et3/3, Et4/0, Et4/1
                                                Et4/2, Et4/3, Et5/0, Et5/1
                                                Et5/2, Et5/3
10   VLAN0010                         active
11   VLAN0011                         active
22   VLAN0022                         active
33   VLAN0033                         active
44   VLAN0044                         active
<... output omitted ...>
SW3# show vtp status
VTP Version capable             : 1 to 3
VTP version running             : 1
VTP Domain Name                 : CCNP
VTP Pruning Mode                : Disabled
VTP Traps Generation            : Disabled
Device ID                       : aabb.cc00.5600
Configuration last modified by 0.0.0.0 at 9-24-13 08:15:44

Feature VLAN:
--------------
VTP Operating Mode                : Client
Maximum VLANs supported locally   : 1005
Number of existing VLANs          : 10
Configuration Revision            : 29
MD5 digest                        : 0x29 0xF2 0x1F 0xA5 0x41 0x44 0x04 0xAC
                                    0x08 0x3B 0x9A 0x2C 0x73 0x8A 0xA2 0xBD
SW3# show vlan

VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
1    default                          active    Et0/0, Et0/2, Et1/0, Et2/0
                                                Et2/1, Et2/2, Et2/3, Et3/0
                                                Et3/1, Et3/2, Et3/3, Et4/0
                                                Et4/1, Et4/2, Et4/3, Et5/0
                                                Et5/1, Et5/2, Et5/3
10   VLAN0010                         active    Et1/1
11   VLAN0011                         active
22   VLAN0022                         active
33   VLAN0033                         active
44   VLAN0044                         active
<... output omitted ...>

Also, when the new switch is added with a VTP client with a higher revision number, it can cause the same havoc as a switch with the VTP server, as discussed earlier. The VTP client, as a general rule, just listens to VTP advertisements from VTP servers, and it does not do its own advertisements. However, when the switch with the VTP client is added to a network, it will send a summary advertisement from its own stored database. If the VTP client gets an inferior advertisement from the VTP server, it will assume it has better, more current information. The VTP client will now send out advertisements with a higher revision number. The VTP server and all directly connected VTP clients will accept these as more current. This will not only delete the old VLANs but also can add new VLANs into the network and create network instability.

Remember the revision configuration and how to reset it each time a new switch is inserted so that it does not bring down the entire network. Following are some of the key points:

  • Avoid, as much as possible, VLANs that span the entire network.
  • The VTP revision number is stored in NVRAM and is not reset if you erase the switch configuration and reload it. To reset the VTP revision number to zero, use the following two options:

    • Change the switch’s VTP domain to a nonexistent VTP domain, and then change the domain back to the original name.
    • Change the switch’s VTP mode to transparent and then back to the previous VTP mode.

Best Practices for VTP Implementation

VTP is often used in a new network to facilitate the implementation of VLANs. However, as the network grows larger, this benefit can turn into a liability. If a VLAN is deleted by accident on one server, it is deleted throughout the network. If a switch that already has a VLAN database defined is inserted into the network, it can hijack the VLAN database by deleting added VLANs. Because of this, it is the recommended practice to configure all switches to transparent VTP mode and manually add VLANs as needed, especially in a larger campus network. VTP configuration is usually good for small environments.

3. Implementing EtherChannel in a Switched Network | Next Section Previous Section