SWITCH Study Notes – VLAN Trunking Protocol (VTP)

So I'm sorry to be spamming notes here right now – but I'm just trying to create a footprint and maybe help someone else out down the line. The other thing is this phase of studies is like reading the manual before you get to play with something – hmmm, wait I never read the manual! Well we certainly cant do that with these exams though!

In other words, I hope to have some nice topics up once I begin review, labbing and quizzing. Hopefully I'll run into some things that I just wont understand and you guys could bail me out!

For now some more notes! From chapter 3 of Chris Bryant's (@ccie12933) BCMSN study guide and some of my own blending.

VLAN Trunking Protocol (VTP)

The Need For VTP

• The proper term for a VTP domain is “Management Domain”
• VTP Operating Modes and VTP Mode are basically the same things
• VLAN Trunking Protocol (VTP) allows each switch in a network to have an overall view of the active VLANs.
• VTP also allows network administrators to restrict the switches upon which VLANs can be created, deleted, or modified.
• Without VTP – VLANs on one switch won’t propagate throughout other switches on the network.
• By default, Cisco switches are not in any VTP domains
• Switches must be in the same domain to send/receive VTP advertisements

Configuring VTP

• Ports to other switches must be in trunk mode in order for VTP to advertise to other switches
• By using VTP modes – limits can be placed on which switches can delete and create VLANs
• As Cisco switch can belong to one and only one VTP domain
• Use the command “show vtp status” to determine the VPT domain status
  • SW2#show vtp status
    VTP Version : 2
    Configuration Revision : 13
    Maximum VLANs supported locally : 1005
    Number of existing VLANs : 8
    VTP Operating Mode : Server
    VTP Domain Name : LBS
    VTP Pruning Mode : Disabled
    VTP V2 Mode : Disable
    VTP Traps Generation : Disabled
    MD5 digest : 0xCC 0×67 0×03 0xEC 0×14 0xC9 0x2E 0×18
    Configuration last modified by 10.1.40.2 at 3-1-93 00:56:29
    Local updater ID is 10.1.40.2 on interface Vl1 (lowest numbered VLAN interface found)

• To configure a VTP domain use the following command:
  • SW2(config)# vtp domain CCNP
    Changing VTP domain name from NULL to CCNP
• Configure VTP clients
  • SW2(config)# vtp mode client
• To see the number of advertisements that have been sent and received:
  • SW2#show vtp counters
• Setting VTP passwords
  • SW2(config)# vtp password CCIE
    • Passwords are not and cannot be encrypted at all
      • Using the command “show vtp password” will display the VTP password in clear text
      • By setting a VTP password, you place the entire VTP domain into Secure Mode. Every switch in the domain must have a matching password.
• To change VTP Versions
  • SW2(config)# vtp version [1,2]

VTP Modes
 

• Server mode: a VTP switch can be used to create, modify, and delete VLANs. This means that a VTP deployment has to have at least one Server, or VLAN creation will not be possible. This is the default setting for Cisco switches.

• Client mode: A switch in this mode cannot be used to create, modify, or delete VLANs. Clients do listen for VTP advertisements and act accordingly when VTP advertisements notify the Client of VLAN changes.

• Transparent mode: the switch isn't participating in VTP. Transparent VTP switches don't synchronize their VTP databases with other VTP speakers; they don't even advertise their own VLAN information! Therefore, any VLANs created on a Transparent VTP switch will not be advertised to other VTP speakers in the domain, making them locally significant only.

• You should carefully choose which switches are placed into what modes. Physically secure switches should be placed into Server mode, while less physically secure switches should be placed into Client mode.
• VTP clients who have ports which are needed to be in a particular VLAN will have to be created on the VTP Server first

VTP Advertisement Process

• VTP Advertisements are multicasts, but they are not sent out every port on the switch.
• VTP advertisements are sent out trunk ports only
• Along with the VTP domain name, VTP advertisements carry a configuration revision number that enables VTP switches to make sure they have the latest VLAN information.
• VTP advertisements are sent when there has been a change in a switch's VLAN database, and this configuration revision number increments by one before it is sent.

Preventing VTP Synchronization Issues

• It’s very important to reset a switches revision number to zero before introducing it to your network. If that new switch has a higher revision number than your other switches – it could end up advertising its VTP database to other Servers/Clients in your network causing incorrect VTP database
• synchronization – you lose your previous VLANs. All VLANs/VTP database on the new switch is now propagated.
• Cisco theory holds that there are two ways to reset a switch's revision
• Setting revision number to zero:
  • Change the VTP domain name to a nonexistent domain, and then change it back to the original name.
  • Change the VTP mode to Transparent, and then change it back to Server.
    • If none of these methods works, you should check the manual for your switches on how to reset the revision number to zero.
• TIP: Revision numbers are kept in NVRAM and the contents of the Non-Volatile RAM are kept on a reload.

VTP Advertisement Types

• Summary Advertisements: are transmitted by VTP servers every 5 minutes, or upon a change in the VLAN database. Information included in the summary advertisement:
  • VTP domain name and version
  • Configuration revision number
  • MD5 hash code
  • Timestamp
  • Number of subset advertisements that will follow this ad

• Subset Advertisements: are transmitted by VTP servers upon a VLAN configuration change. Subset ads give specific information regarding the VLAN that's been changed, including:
  • Whether the VLAN was created, deleted, activated, or suspended
  • The new name of the VLAN
  • The new Maximum Transmission Unit (MTU)
  • VLAN Type (Ethernet, Token Ring, FDDI)

• Client Advertisement Requests: a request for VLAN information from the client. Why would a client request this information? Most likely because the VLAN database has been corrupted or deleted. The VTP Server will respond to this request with a series of Summary and Subset advertisements.

VTP Features

• Setting VTP passwords
  • SW2(config)# vtp password CCIE
    • Passwords are not and cannot be encrypted at all
      • Using the command “show vtp password” will display the VTP password in clear text

VTP Pruning

• VTP Pruning: Trunk ports belong to all VLANs, which leads to an issue involving broadcasts and multicasts. A trunk port will forward broadcasts and multicasts for all VLANs it knows about, regardless of whether the remote switch actually has ports in that VLAN or not!
• Configuring VTP Pruning allows the switches to send broadcasts and multicasts to a remote switch only if the remote switch actually has ports that belong to that VLAN. This will prevent a great deal of unnecessary traffic from crossing the trunk.
• Configure VTP Pruning:
  • SW2(config)# vtp pruning
    Pruning switched on

• VTP Pruning can only be enabled on a switch in VTP Server mode – Enabling pruning on one VTP Server actually enables pruning for the entire domain,

VTP Versions

• There are 2 versions of VTP – the main difference between the two versions affects how a VTP Transparent switch handles an incoming VTP advertisement.
  • VTP Version 1: The Transparent switch will forward that advertisement's information only if the VTP version number and domain name on that switch is the same as that of downstream switches.
  • VTP Version 2: The Transparent switch will forward VTP advertisements via its trunk port(s) even if the domain name does not match.
• Version 2 supports Token Ring VLANs and Token Ring switching, where Version 1 does not.
• When changes are made to VLANs or the VTP configuration at the command-line interface (CLI), Version 2 will perform a consistency check. So what's being checked? VLAN names and numbers. This helps to prevent incorrect / inaccurate names from being propagated throughout the network.
• A switch running VTPv2 and Transparent mode will forward VTP advertisements received from VTP Servers in that same domain.
• VTP versions don't work well together.

The VLAN.DAT File

• The VLAN information is kept in a file called vlan.dat – and that file is kept in Flash. Flash is NOT erased when the “write erase” command is issued and the switch reloaded – only NVRAM is erased.
• To delete the vlan.dat file from flash:
  • SW2#delete vlan.dat
    Delete filename [vlan.dat]? <– Careful here, just hit enter, don’t enter yes or no – the default is the file you set in the initial command
    Delete flash:vlan.dat? [confirm]
    SW2#reload

VTP Secure Mode

• By setting a VTP password, you place the entire VTP domain into Secure Mode. Every switch in the domain must have a matching password.
  • SW1(config)#vtp domain CCNP
    Changing VTP domain name from NULL to CCNP
  • SW1(config)#vtp password CCIE
    Setting device VLAN database password to CCIE
    • Passwords are not and cannot be encrypted at all
    • Using the command “show vtp password” will display the VTP password in clear text

Any corrections or additions are greatly appreciated! You can download a copy of these notes by clicking the "Printer Friendly" below.

Cheers!

@LBSources