That’s interesting behaviour… The transparent switch should relay the VTP updates to the client switch without any problems. I labbed it up and tried it out and I find that the client switch was able to obtain the updates. However, what I suspect happened is the following:
VTP, when it is configured on switches, does not send out information periodically. It will only send updates when the state changes. (when a VLAN is added or subtracted, or when you change a configuration parameter of VTP). For example, if you configure VTP first and then physically connect two switches together over a trunk, VTP will not send an update from the server to the client. The update will only be sent if there is a change. So, in order for the client to get VTP information, a change must take place. You must add a VLAN. I suspect that this is what you did:
you first configured the three switches with VTP, one as a server, one as transparent, and one as a client.
you then connected the switches together and found that no VTP updates were being sent from server to client (this is normal behaviour).
you then changed the mode of the transparent switch which initiated VTP communication between all three switches. This caused the server to send out VTP updates, and both clients got updated.
you then made the middle switch transparent, and VTP functioned normally.
If you had connected the switches first and then configured VTP, then it would have functioned from the beginning. Does that make sense?
Depending on the IOS version you are using, VTP pruning is either enabled or disabled by default.
For VTP versions 1 and 2, enabling pruning on the domain server will enable it for the whole domain. For VTP version 3, you must enable pruning on each individual switch.
The command to enable VTP pruning is simply vtp pruning in the global configuration mode. You can find out more about it here:
I have a question. In the example the 3 switches are in server mode by default. So why is it that when the VLAN 10 is created, the other switches synchronize and get that VLAN 10 (and also the domain)?
VTP servers will still synchronise with other servers if their VTP parameters are correct. This simply means that you are able to create new VLANs and make changes from any VTP server. You could make all switches servers and simply configure VLANs from anywhere. But this can be dangerous.
Imagine your network is set up so that all switches are servers. You bring in a new switch, configure it like all the others, and then connect it to the network. You expect it to receive all of the VLANs already configured on all the other switches. However, because the new switch (which has no VLANs configured) has a lower revision number, all of its VLAN configuration will be sent to all the other switches. This means that all of your VLAN configurations on all the switches will be deleted and replaced with that of the new switch. In other words, it would be a disaster.
So best practice dictates that you should have one or two VTP servers, and configure all other switches, including the new ones that you add to the network, as clients. Clients cannot create or delete VLANs, but can be changed by VTP servers sending their updates.
What do you mean by “…the VTP parameters are correct”?
I have another question. When I connect 3 triangle-shaped switches I check the VTP status and they are all in “server” mode, but when I create a VLAN in a switch, the others don’t synchronize… why does that happen? Do you need a command to enable VTP or are you in “server” mode by default?
In order for VTP switches to synchronize, they must have the same VTP domain and the same password, if configured. If these are not the same, then syncrhonization cannot take place.
Note however, that if a newly installed switch has a domain of NULL (that is, it has never been configured with a VTP domain before), it will automatically adopt the domain name of the first VTP frame that it detects.
If all of your switches have a different domains, or passwords, they will not syncrhonize until they are the same. It doesn’t matter if they are servers or clients. The server/client designation simply tells you if you can create new VLANs on that particular switch. If all of your switches have a NULL domain, none of them will syncrhonize. You must configure the domain of one of them. If the others are NULL, they will then adopt the domain and then begin to syncrhonize.
The safest way to do it is to go into each switch, configure the domain and password, and then physically connect them together.
However, I do have one concern when using Packet Tracer. When I place a switch and check its VTP status it tells me the following:
…
VTP Operating Mode : Server
…
Does it mean that by default it is Server or is it a bad simulation?
By default, all switches are VTP servers, so this is normal behaviour. If they start off as clients, you would never be able to configure a VLAN unless you change it to server, so that’s why server is the default.
Hi there,
i use GNS3 to practice configuration but it seems something is wrong because no VTP Advertisment is send out. I created VLAN 10 printers and the VTP Domain on SW01 but nothing happend…
There is no VTP Event on the other 2 switches. The Ports are all connected, administrativly on and Line Protocol is also up.
This behaviour may be due to several things. First, it may depend on your GNS3 configuration. It may have to do with the use of either the Etherswitch module on a router, or the use of an IOSvL2 image. It is preferable to use the IOSvL2 image. You can find out information about it at this GNS3 link.
Secondly, it may just be that there are no events that will yet trigger a VTP advertisement. Take a look at this post to see if this is the case:
Take a look at these, and if you have further questions, let us know!
Hi Lagapides,
its now working but i find out that i have to type the vlan XXX Command twice and then the advertisment is send out to the other Switches.
Im using CiscoNX OSv 7.3.0-1
And i come to a new strange thing :D.
when i configure private VLANs than i got this error:
SW01(config-if)# switchport private-vlan host-association 500 501
ERROR: Could not verify port channel configuration
This is indeed a strange error. The first thing to check is if you have any port channel/etherchannel configurations on the device. I assume you don’t but check anyway.
I would have to conclude that this is one of those strange behaviours of GNS3. Doing a search myself, I have found that one other person has encountered this very same issue, with private VLAN configurations on the NX-OSv on the Cisco Learning Network. Although no solution has been posted, the error is reproducible.
I suggest you take a look at some of the GNS3 posts that deal with PVLAN support and see what others have done to get it to work. Keep in mind that from what I gather, PVLAN is still not very stable in the GNS3 environment.
The only sure way at this point to get it to work is either to use real hardware, or to use VIRL which officially supports it.
(1)vtp is dangerous for the network if being careless so what about dynamic vtp ,?
(2) there are three switches
SWA is server and sw2 is transparent andcsw3 is client m we know that transfer won’t forward any vlan to client even if it’s locally entered on the transparent .Will it forward vlans to client mode switch ? which it receives from server ?
First of all, VTP can be dangerous if we’re not careful. There are cases where all of your VLAN configurations on all your switches may be wiped out, but this is only if you are exceptionally careless. As for dynamic VTP, I think you mean Dynamic Trunking Protocol (DTP)? DTP is a different protocol, which is used to negotiate a trunk link between two switches. You can find out more about DTP at the following lesson:
Remember the following principles concerning how servers, clients, and transparent VTP switches function:
A transparent switch will forward all VTP messages (including VTP revision number) but will never respond to them nor will it ever change something in its own VLAN configuration.
Changes made to the VLANs of a transparent switch will not generate any VTP messages, nor will they affect the VLANs configured in any other switches on the network.
Client switches cannot be manually configured with changes to any VLAN configurations
Server switches can be configured with changes to their VLAN configurations. Such changes generate VTP messages, and any other servers or clients that receive these messages will cause changes in their configurations.
Hi transparent will forward all vtp messages including vtp revesion numbers . But what about if SWA server add vlan 11 . Transparent will not add it . What will happen on the client? Transparent will forward it to client?
Yes, exactly. If SWA adds VLAN 11, it will send out a VTP message which includes the VLAN as well as a revision number. If this is received by the transparent switch, it will simply forward it without making any changes to its own VLAN configuration. The client however, which will receive the VTP message via the transparent switch, will take it and apply it to its own VLAN configuration.
Yes, the way to find out which are pruned is to use the two commands you mentioned and “figure it out” as you say. Although I can understand how you would want to see a list of pruned VLANs, typically it is the non-pruned VLANs that you would most often be interested in, so that is the information that is normally displayed.
