Introduction to VTP (VLAN Trunking Protocol)

Hi Rene,
The switch sees that the VTP packet has a higher revision number (1) than what it currently has (0) and as a result it will synchronize itself.
I am doing the same set up on packet tracer. SW2 and SW3 are not synchronizing itself after changing the domain name on SW1 however after changing the domain name when i am adding or deleting vlan then only SW2 and SW3 are getting synchronised.
Can you please explain is this because of packet tracer or not?

Hello Bilal

This is normal behaviour especially when you are adding a new switch and configuring the domain name to match that of the network.

When you change the domain name, the switch doesn’t automatically start syncing. It may take some time for it to eventually sync with the other VTP devices on the network. However, by adding or deleting a VLAN on the server, you are forcing the devices to communicate and to subsequently sync with each other. When a new VTP enabled switch is added to a domain, it is usually best practice to add and then delete a new VLAN on the server in order to force synchronization just so you don’t have to wait.

I hope this has been helpful!

Laz

1 Like

i have a problem
i changed SW2 to Transparent mode than SW2 revision number changed 0 than no advertised to SW3

do you have an idea?

Hello Bahri

When you change SW2 to transparent mode, the revision number does indeed change to 0. But the transparent switch will receive VTP information and relay it to other switches, so SW3 should still get the updates from SW1. The topology is such that SW1 will send its updates directly to SW3 so SW2 should not play any role in this.

I hope this has been helpful.

Laz

thank you very much your answer

1 Like

Hi.
I am following along with this video by Brian M. from INE on YouTube. It is about 30 mins long. The subject matter is vtpv3. I am doing this to help prep for CCNP switch exam.

In my set up I have 4 switches:

SW1 SW2
3750 3750

SW3 SW4
3550 3550

The 3750s have ios 12.2 (44) on them.

The 3550s have ios 12.2(46) on them.

Using a “?”, I found that each of these offers only up to vtpv2? How how do I need to go with my ios to get vtpv3?

Yvette

Hello Yvette

You will need to update your IOS versions to support VTPv3. The first step is to determine which IOS version is suitable for these devices and which one supports VTPv3.

First go to the software download site of Cisco at the following link:
https://software.cisco.com/download/home/277987617
Choose your exact model for the 3750 and 3550, select IOS software if you are given the choice, and then look at the column on the left to see the latest IOS that is suggested for use with your device. (the one with a star beside it).

Make a note of that release (you may have several versions in the file list, the ipbase is sufficient for what you need, but you can jot down any of them.)

Now according to the Cisco feature navigator found at the following link:
http://cfn.cloudapps.cisco.com/ITDIT/CFN/jsp/index.jsp
these are the IOS versions that support VTPv3 at the bottom left of this image:


Go back and see if your switch supports any of these. If it doesn’t, there is unfortunately no way to get VTPv3 to run on your devices. If it does, then the next step is to obtain that particular IOS file.

How do you obtain such files? Do a bit of research on the web, and at the GNS3 web site and forum as well and you may be able to find out how.

I hope this has been helpful!

Laz

1 Like

Mr. Laz,
I looked at what you sent me. Thank you.
My question is what kind of switch do I have?
This is part of what I see from my show version:

Model number                    : WS-C3750-24PS-S
System serial number            : CAT1005N2T7
Top Assembly Part Number        : 800-25860-03
Top Assembly Revision Number    : C0
Version ID                      : V04
CLEI Code Number                : CNMV1K0CRC
Hardware Board Revision Number  : 0x01

The closest things I see on Cisco site are:
3750G -24PS Switch
3750V2 - 24PS Switch

Does the V2 and the V4 relate?

I also looked at the other part where you showed the level 15 ios. I saw this on the cisco site:
15.0(2)SE6
I am not sure if it is the same as this one you showed me
15.2(6)E
I will check my netacad book 2, chapter 9 to see if it is the same.

Yvette

Hi Yvette,

The model is what you see next to “Model number”, it’s the WS-C3750-24PS-S in your case.

The version ID shows which hardware revision you have of your WS-C3750-24PS-S. It doesn’t matter which version this is, there are no differences in software or capabilities when it comes to the version ID.

For the software, you need to look at the “regular” Cisco Catalyst 3750 switch:

https://software.cisco.com/download/home/278169764/type/280805680/release/12.2.55-SE12

The 3750V2 can be confusing. They launched a newer version of the 3750 and called it the V2:

There are some differences with the “old” 3750 but it seems they both run the exact same IOS images.

Rene

Hi René,
Help!
I have a new core switch installed into the network with vtp domain abc and all other access switches(clients) have vtp domain xyz. What is the safest way to make the new core the vtp server with a password? Thanks.

Hello Don,

By using a new domain name on the new core switch, you should be OK. If you use the show vtp status command on a switch in the XYZ domain then you’ll see a high revision number. Once you change the VTP domain from XYZ to ABC, the revision number resets.

Just in case, you could use a different password on the new core switch. Then reset the VTP domain on your clients, check the VTP revision number, then add the same password you use on the new core switch so they successfully join the ABC domain.

René

Hi,

I plan to change one switch to be the VTP Server mode. All the switches are in transparent. I have 5 switches A,B,C,D,E. Currently A is set to Server mode and B,C,D,E are clients. I want to set E to be the Server mode and A to be the client. How do I do this to avoid any downtime? All are active in use.

Thanks,
Vincent

Hello Vincent

It is always good to be EXTREMELY careful when configuring VTP on a network because you can indeed lose all your VLANs if an incorrect procedure is followed. For your scenario however, it is quite simple. It is possible to have two VTP servers on the network. First of all, just make sure that all clients have indeed been updated with the most current VTP information. Make switch E the server, check that all info remains synced, and then make A into a client. If no VLANs changes are made during this switchover, you will have no problem making sure all VLAN info is up to date on all devices.

I hope this has been helpful!

Laz

Hi Rene ,if we protect vtp domain witch password ,then the switch with higher revision number can"t delete vlan or change , is it true or not ?

Emil,

Assuming that switch with higher revision number has no password configured on it; then it won’t be able to update your domain.

1 Like

Hello Emil

Once again, sales2161 has got it! If you use a password for your VTP domain, and you install a new switch with a higher revision number with all the rest, even if it is configured to be on your domain correctly, it will never be able to change any VTP configs on other devices unless that password is correct. This way you can protect your topology from changes made by “rogue” switches plugged in to your topology.

I hope this has been helpful!

Laz

    SW2#show vlan
    VLAN Name                             Status    Ports
    ---- -------------------------------- --------- -------------------------------
    10   Printers                         active   
    20   Servers                          active   
    30   Management                       active
    40   Engineering                      active
    50   Research                         active
    60   Cameras                          active

How did that vlan 50 Research sneak into that show command? That’s a typo & should be deleted.

Hi Rene - What if we had an outage due to Revision number of a newly added switch is greater than existing VTP server in production server. What will be our steps to resolve this issue then ?

Hi Usman,

It depends on the changes of the latest VTP update. If VLANs were deleted, you’ll have to recreate the VLANs on your switches. If extra VLANs were created, delete those.

The quickest way to fix this is you have multiple switches is to add/delete the VLANs on your VTP server so that all switches sync. Once that’s completed, think twice about using VTP version 2 :slight_smile:

[VTPv3](http://VTP primary server) is a bit more secure thanks to the primary server feature.

Rene

Thank you . Great lesson.

I would also like to have a vote for a dedicated VTP pruning topic. It would be great to cover the following in it.

  • Default VTP pruning behaviour
  • How pruning is decided
  • Its interaction with transparent mode
  • Making vlans pruning ineligible

I recently had an issue where i wasn’t familiar with the workings and had a switch downstream from the VTP server in transparent mode. This downstream switch also had other downstream switches.
With the switch in tranpsarent mode, the server decided to prune all traffic off the link.

Later reading Cisco recommendations. They don’t recommend pruning if there are switches in transparent mode within the network. Apparently VTP join messages are transmitted constantly and when the server doesn’t receive them it will just fail to pruning all vlans off the link. Still a bit puzzled as i assumed 1 : the transparent switch would still be forwarding VTP messages from downstream switches 2: it would have somehow indicated the vlans in use itself :confused: