Introduction to VTP (VLAN Trunking Protocol)

Hello again Azm.

Yes, it is possible to change the VTP domain. There are no special requirements to do so. You can change the domain any time with the vtp domain domain-name command where domain-name is the name of the VTP domain you want to use.

Concerning the vtp mode off, Cisco explains it like so:

VTP off - A switch in VTP off mode functions in the same manner as a VTP transparent switch, except that it does not forward VTP advertisements on trunks.

Excerpt from http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst2960/software/release/12-2_55_se/configuration/guide/scg_2960/swvtp.html#42137

I hope this has been helpful!

Laz

Hello Laz,
Thanks for taking the time and reply to me. I am sorry for the confusion. When we power on a switch right out of the box, it has no vtp domain name(null). My question was how can we revert the domain name back to null or to the default settings of vtp as a switch comes with the default settings right out of the box. I was trying to delete the vlan.dat file on a 3750 to do it, but because of some reason it was not working. Then I tried it on a 2950. I did not work either. Finally I rebooted the device and all the vtp configuration went back to default (all the vtp configuration was wiped off). I have read everywhere that deleting vlan.dat file will remove the vtp setting to default. That is why I was doing it, but it did not work until I reloaded the device. It did not work on 3750 though even when I reloaded the device. I think that is because of some software issue. However, thank you so much as usual for your time and help.

After I did some vtp configuration:

After I deleted vlan.dat file and reloaded the device.

Azm

Hello Azm

In order to revert the VTP configuration to its original “out of the box” state, you are correct when you say you should delete the vlan.dat file. The reloading of the device is necessary because active VLAN data is stored in RAM. This means if you delete the vlan.dat file, nothing will change until you reload and the VLAN info in RAM is purged. It kind of works the same way as the running-config file in RAM and the startup-config file in the NVRAM.

A more detailed description of vlan.dat file management on catalyst switches including the 3750 can be found here.

I hope this has been helpful!

Laz

Thanks a lot Laz as usual !

1 Like

I have a question. A VTP Client can update a VTP server if it has a higher revision number? I thought that was just the server’s job to update. I

Also, you state this: It will only change the domain-name if it doesn’t have a domain-name.

So if a vtp client already has a domain-name, and we change the domain-name on a vtp server, it won’t propagate down to the client? How do we get around this? Change it back to Null first?

Just curious about these questions. Thanks.

Hello Michael

The answer to your question (unfortunately) is yes. If you have a client IN THE SAME DOMAIN with the SAME PASSWORD that has a higher revision number, the servers will all revert to the highest revision number. Just like Rene said, because a VTP server is also a client, it will be updated by any device with a higher revision number.

Having said that, if one is careful (with the appropriate domain names and passwords) VTP can be very useful. Just be careful.

Concerning the domain names, if a client does not have a domain name set, then it will automatically adopt the domain name of the extant VTP server (if one exists). If the client has already been configured with a domain name and it is different than that of the server, you can manually change the domain name so it matches. Once that’s done (and passwords match as well, if any) then propagation will take place.

I hope this has been helpful!

Laz

1 Like

Thanks much Rene.

The following is good to know. Thinking back on a failure in my environment the likely cause was because of this.

“A VTP client can overwrite a VTP server if the revision number is higher because a VTP server is also a VTP client”

But below indicate this is now fixed in VTP version 3.

“VTP primary server: only the primary server is able to create / modify / delete VLANs. This is a great change as you can no longer “accidently” wipe all VLANs like you could with VTP version 1 or 2.”

Rohan

1 Like

Hi Rene,

As I understand VTP, pruning is only eligible on VLANs 2-1001. This makes sense since we know that vlan 1 is the default access vlan and is often used for control traffic. We also know VTP v1 and v2 don’t support/propagate extended range vlans and store vlan information of 1-1005 in the vlan database file (vlan.dat). However, in VTP v3, extended range VLANs ARE supported/propagated and all VLAN information (1-4094) are stored in the the vlan database file (unless I’m wrong and only 1-1005 are stored in the vlan.dat file). Why is it then, that extended VLANs (1006-4094) aren’t eligible for pruning even if we were to be running VTP v3 on all switches? I haven’t been able to find the answer anywhere and Cisco also doesnt explain why either in the link that I referenced below which is their official documentation on VTP pruning eligibility.

Reference: https://www.cisco.com/c/en/us/support/docs/lan-switching/vtp/10558-21.html

Hi Leroy,

That is a good question…extended range VLANs are saved in the VLAN database when you use VTPv3. I don’t see any technical reason why we are unable to prune VLAN 1006-4094 when using VTPv3 so it seems it’s a design reason. I also tried to look up why they did this but I can’t find anything at all…I guess this will remain a mystery for now.

So what is the conclusion? VTP is good or bad? VTP Pruning is the solution to the second problem (VLAN flooding), is there any solution to the first problem?

In addition, while VTP is enabled each switch in the same domain name learns the VLAN information. But in the show VLAN command, no ports were assigned to the VLAN created. Then how will a receiving switch decide on which port the corresponding VLAN is present (I am not talking about trunk ports).

Hello rosna

It’s not so much a matter of whether VTP is good or bad. The question is, is it right for you? VTP is EXTREMELY useful especially when you have tens or even hundreds of VLANs. Really, if you have that many, you can’t live without VTP. You just have to know its dangers and take the appropriate precautions when implementing it. I know many deployments that use VTP successfully without any issues.

This is a very good question and it clarifies a misconception that exists with VTP. The only thing that VTP does is share the VLAN information. It does not configure VLANs on specific ports. This must be done on each switch individually. So when a receiving switch gets a frame, it will place it on whatever VLAN you have manually configured on that port.

I hope this has been helpful!

Laz

1 Like

Hi Rene,
The switch sees that the VTP packet has a higher revision number (1) than what it currently has (0) and as a result it will synchronize itself.
I am doing the same set up on packet tracer. SW2 and SW3 are not synchronizing itself after changing the domain name on SW1 however after changing the domain name when i am adding or deleting vlan then only SW2 and SW3 are getting synchronised.
Can you please explain is this because of packet tracer or not?

Hello Bilal

This is normal behaviour especially when you are adding a new switch and configuring the domain name to match that of the network.

When you change the domain name, the switch doesn’t automatically start syncing. It may take some time for it to eventually sync with the other VTP devices on the network. However, by adding or deleting a VLAN on the server, you are forcing the devices to communicate and to subsequently sync with each other. When a new VTP enabled switch is added to a domain, it is usually best practice to add and then delete a new VLAN on the server in order to force synchronization just so you don’t have to wait.

I hope this has been helpful!

Laz

1 Like

i have a problem
i changed SW2 to Transparent mode than SW2 revision number changed 0 than no advertised to SW3…
do you have an idea?

Hello Bahri

When you change SW2 to transparent mode, the revision number does indeed change to 0. But the transparent switch will receive VTP information and relay it to other switches, so SW3 should still get the updates from SW1. The topology is such that SW1 will send its updates directly to SW3 so SW2 should not play any role in this.

I hope this has been helpful.

Laz

thank you very much your answer

1 Like

Hi.
I am following along with this video by Brian M. from INE on YouTube. It is about 30 mins long. The subject matter is vtpv3. I am doing this to help prep for CCNP switch exam.

In my set up I have 4 switches:

SW1 SW2
3750 3750

SW3 SW4
3550 3550

The 3750s have ios 12.2 (44) on them.

The 3550s have ios 12.2(46) on them.

Using a “?”, I found that each of these offers only up to vtpv2? How how do I need to go with my ios to get vtpv3?

Yvette

Hello Yvette

You will need to update your IOS versions to support VTPv3. The first step is to determine which IOS version is suitable for these devices and which one supports VTPv3.

First go to the software download site of Cisco at the following link:
https://software.cisco.com/download/home/277987617
Choose your exact model for the 3750 and 3550, select IOS software if you are given the choice, and then look at the column on the left to see the latest IOS that is suggested for use with your device. (the one with a star beside it).

Make a note of that release (you may have several versions in the file list, the ipbase is sufficient for what you need, but you can jot down any of them.)

Now according to the Cisco feature navigator found at the following link:
http://cfn.cloudapps.cisco.com/ITDIT/CFN/jsp/index.jsp
these are the IOS versions that support VTPv3 at the bottom left of this image:


Go back and see if your switch supports any of these. If it doesn’t, there is unfortunately no way to get VTPv3 to run on your devices. If it does, then the next step is to obtain that particular IOS file.

How do you obtain such files? Do a bit of research on the web, and at the GNS3 web site and forum as well and you may be able to find out how.

I hope this has been helpful!

Laz

Mr. Laz,
I looked at what you sent me. Thank you.
My question is what kind of switch do I have?
This is part of what I see from my show version:

Model number                    : WS-C3750-24PS-S
System serial number            : CAT1005N2T7
Top Assembly Part Number        : 800-25860-03
Top Assembly Revision Number    : C0
Version ID                      : V04
CLEI Code Number                : CNMV1K0CRC
Hardware Board Revision Number  : 0x01

The closest things I see on Cisco site are:
3750G -24PS Switch
3750V2 - 24PS Switch

Does the V2 and the V4 relate?

I also looked at the other part where you showed the level 15 ios. I saw this on the cisco site:
15.0(2)SE6
I am not sure if it is the same as this one you showed me
15.2(6)E
I will check my netacad book 2, chapter 9 to see if it is the same.

Yvette

Hi Yvette,

The model is what you see next to “Model number”, it’s the WS-C3750-24PS-S in your case.

The version ID shows which hardware revision you have of your WS-C3750-24PS-S. It doesn’t matter which version this is, there are no differences in software or capabilities when it comes to the version ID.

For the software, you need to look at the “regular” Cisco Catalyst 3750 switch:

https://software.cisco.com/download/home/278169764/type/280805680/release/12.2.55-SE12

The 3750V2 can be confusing. They launched a newer version of the 3750 and called it the V2:

There are some differences with the “old” 3750 but it seems they both run the exact same IOS images.

Rene