CISCO VTP – What is it?

I was browsing the Cisco forums today and came across this little gem:

I like to think VTP is a VLAN TRANSFER PROTOCOL.

What is does is very simple, tranfer the VLAN setting from a server switch to other switches.

Did I said server switch? OK VTP has 3 modes, Server, Client and Transparent. Cisco switch, by default, is a VTP server mode switch. You can create and delete VLANS all you want and the switch is OK with that. Now, I have 4 VLANS in my home LAB, and I just create them on each 5 switches I have, no vig deal. I work in a medium small office, and we have close to 70 VLANs, it would be rather stupid to create that on all of our 30 some switches! One little mistype will lead to incorrect configuration for potentially hundreds of people not inter-connecting, well OK, we don’t have HUNDREDS of people, but you get the idea.

So VTP is a way to populate the VLAN settings from 1 server mode switch to other switches that will accept those settings (restrictions will apply – but we will get to that). So the way this work is server mode switch can create/delete/update VLAN settings, and one server mode switch will accept VLAN settings from another sever mode, easy. Client mode switch, being in client mode, can only ACCEPT VTP changes, make sense. They, again, as a client, cannot create/delete VLAN settings. Good there, now, Transparent mode switches are sorta stand-alone kinda guy, sort of “I will not join you, but I will not stop you, in fact, I will help you a little.”

If you connect 3 switches one on top of another (using DTP of course!), and the top switch is server mode, the bottom switch is in client mode, the middle swithc of course is in transparent mode. When tht top SW1 create 70 VLANS, the settings will pass tot he middle transparent switch, but being transparent, he is, well transparent. It will take the VLAN settings from SW1 and turn around pass that info to SW3, the client mode switch.

I hope you have a rough idea of VTP now.

Oh yeah, that Restrictions will apply part, 2 server mode switches can restrict who will get the VTP info by creating a domain name. “If you are not part of my VTP domain, this does not concern you.” – even of they are trunked. Now, one of the reason you might want to create a VTP domain name even if you want all switches to share their VLAN DB, is for security. When advertisement is passed around a revision number is updated, so if you create 70 VLANs and updates go around and your switch ends up with a revision of 100 after awhile. Some temp guy, working in another department is not happy with having only 1 port to his cubicle and decides to bring his home ebay bought switch to work and pop that in to the port and hooked up his laptop and 2 PCS to taht switch that has a revision of 300 and only 3 VLANs. The switch is on Dynamic Desirable onl you switch and on his home switch, boom, they trunk and that 3 VLANs revision 300 moves across the trunk and hit your switch. You switch goes, “oh my revision is 100, you are 300, so you must be newer, I will take your settings and delete all my other 67 VLANS!!!”.

Then people start screaming losing everything, and you have no idea why al of a sudden all your VLANS settings disappeared. and that temp guy goes home and takes his switch with him. You are now SOL. Scary eh?

So, our office put all the switches to transparent mode, and manually paste in the settings when a new switch comes in – even before connecting that to the network.


Tags: ,

About Robert Craig