************************************ Cisco - VLAN Trunking Protocol (VTP) ************************************ .. _ccnp_switch_vtp: VLAN Trunking Protocol (VTP) Overview ===================================== - Cisco Proprietary - Manages VLANs across the campus network - Uses Layer 2 trunk frames - Switches running as servers store the VLAN info in a "vlan.dat" file on the local switches flash memory. - VLAN information maintained after poweroff - By default switches will not have any domain name set, known as the "Null" domain - Any switch that hears a summary advertisement sent non-securely will configure itself with the contained information. VTP Versions ============ - Valid versions are 1,2 and 3 - Versions are not fully interoperable, recommended to use same on all switches - Version is the default version - Switches will attempt to change to version 2 from version 1 if they see a V2 advertisement. Known as "VTPv2 Capable" - Switches running VTPv3 will send scaled down advertisemenets if it hears a VTPv1 switch. Extended VLANs not included VTPv2 Features -------------- - Version dependant transparant mode - Consistency checks - Token ring support - Unrecognised TLV support VTPv3 Features -------------- - Extended VLAN range - Enhanced Authentication - Database Propagation - Primary and Secondary Servers - Per-Port VTP VTP Domains =========== - An Area with common VLAN requirements - Switches only belong to one VLAN domain at a time - Advertisement contents * Domain Name * Revision Number * Known VLANs * Specific VLAN Parameters - Advertisements are used to notify other switches of VLAN changes VTP Modes ========= - Server * Full control over VLAN info * All VTP information advertised to other switches * Default mode for Cisco switches - Client * Cannot make changes to VLANs * Lisens for VTP advertisements * Relays advertisements out of all trunk links - Transparent * Does not participate in VTP * Version 1 will not relay advertisements * Version 2/3 will relay advertisements * Local VLANs not propagated - Off * Switch does not participate in VTP * Will not relay advertisements VTP Advertisements ================== - Can be either Summary, Subset or Request advertisements - VTP versions are not fully backward compatible - By default version 1 advertisements are used - Advertisements sent as multicast frames - Advertisements relayed by all switches except those not running VTP ("Off" mode) - Advertisements sent non-secure by default, a password can be configured - Revision number used to track most recent information, starting at 0 (zero) - Advertisemenets "usually" originate from a switch running in "server" mode - "Client" switches will also originate advertisements on first boot Advertisement Types ------------------- - Summary * Servers send advertisemenet ever 300 seconds and on a VLAN change * Contains info about the VTP domain and revision number * For each VLAN change, a subset advertisemenet will follow - Subset * Sent after each VLAN change, list specific changes made to the VLAN database - Request * Sent from clients who are missing VLAN information VTP Synchronisation =================== - Switches will overwrite local VLAN ddata if a VTP advertisement contains a newer revision number - Ensure new switchhes have a lower revision number by resetting to 0 by the following methods * Change VTP mode on the switch to transparent then back again * Change VTP domain to "non-existant" one and back to the original one - An old switch replacing "live" information on a production network is referrred to as a "VTP Synchronisation Problem" - When first booted even "Client" switches can replace live VLAN information as they send out summary advertisements. This can cause even "server" switches to replace their information - As "end-to-end" VLANs are now considered a legacy design model, Cisco recommends all switches be set to either "off" or "transparent" VTP Pruning =========== - Assists with limiting size of broadcast domain when a VLAN is not used - Avoids having to manually remove VLANs from a trunk - Extension to VTP version 1 using additional VTP message type - Switches will still run a spanning-tree instance even if the VLAN is pruned - Disabled by default - Enabling on the server also enables on all switches in the domain - By default VLANs 2-1001 are eligible for pruning, list can be modified - VLAN 1 and 1002-1005 can never be pruned - No affect on transparent mode switches VTP Configuration ================= **Set VTP Version** :: vtp version {1 | 2 | 3} **Set VTP Management Domain** *Up to 32 characteers, no spaces* :: vtp domain **Set VTP mode** :: vtp mode { server | client | transparent | off } **Set VTP Password** *Password is never sent, only a hash is calculated* *Hidden password is not shown inn the configuration, only a hash* :: vtp password [ hidden | secret ] **Verify VTP Status** :: show vtp Status **Define this switch as the VTP Primary Server (Version 3 only)** :: vtp primary [force] **Enable VTP Pruning** :: vtp pruning **Define VLANS eligible for pruning** :: interface switchport trunk pruning vlan {{[add | except | remove]} } | none } VTP Troubleshooting =================== :: show vtp status show vlan brief show interface switchport show interface pruning Alternatives to VTP =================== GARP VLAN Registration (GVRP) ----------------------------- - Standards based VLAN management protocol for IEEE 802.1Q trunks - Defined in IEEE 802.1D and 802.1Q (Class 11) - Not supported by Cisco Catalyst Switches