Introduction to VTP (VLAN Trunking Protocol)

Let’s say you have a network with 20 switches and 50 VLANs. Usually, you would have to configure each switch separately and create those VLANs on every switch. That’s a time-consuming task, so there is something to help us called VTP (VLAN Trunking Protocol). VTP will let you create VLANs on one switch, and all the other switches will synchronize themselves.




VTP Domain

We have one VTP server. This is the switch where you create/modify or delete VLANs. The other switches are VTP clients. The VTP configuration has a revision number that increases every time you make a change. Every time you make a change on the VTP server, this will be synchronized to the VTP clients. Oh, and by the way, you can have multiple VTP servers since it also functions as a VTP client, so you can make changes on multiple switches in your network. To make VTP work, you need to set up a VTP domain name, which you can just make up as long as you configure it to be the same on all your switches.

This is the short version of what I just described:

  1. VTP adds / modifies / deletes VLANs.
  2. For every change, the revision number will increase.
  3. The latest advertisement will be sent to all VTP clients.
  4. VTP clients will synchronize themselves with the latest information.

Besides the VTP server and VTP client, there’s also a VTP transparent, which is a bit different. Let me show you an example:

VTP Modes

Our VTP Transparent will forward advertisements but will not synchronize itself. You can create VLANs locally, which is impossible on the VTP client. Let’s say you create VLAN 20 on our VTP server. This is what will happen:

  1. You create VLAN 20 on the VTP server.
  2. The revision number will increase.
  3. The VTP server will forward the latest advertisement to the VTP transparent switch.
  4. The VTP transparent will not synchronize itself but will forward the advertisement to the VTP client.
  5. The VTP client will synchronize itself with the latest information.

Here’s an overview of the 3 VTP modes:

  VTP Server VTP Client VTP Transparent
Create/Modify/Delete VLANs Yes No Only local
Synchronizes itself Yes Yes No
Forwards advertisements Yes Yes Yes

Should you use VTP? It might sound useful, but VTP has a considerable security risk…the problem with VTP is that a VTP server is also a VTP Client, and any VTP client will synchronize itself with the highest revision number. The following situation can happen with VTP:

You have a network with a single VTP server and a couple of VTP client switches, and everything is working fine, but one day you want to test some stuff and decide to take one of the VTP clients out of the network and put it in a lab environment.

  1. You take the VTP client switch out of the network.
  2. You configure it, so it’s no longer a VTP Client but a VTP server.
  3. You play around with VTP, create some VLANs, and modify some.
  4. Every time you make a change, the revision number increases.
  5. You are done playing…you delete all VLANs.
  6. You configure the switch from VTP Server to VTP Client.
  7. You connect your switch to your production network.

What do you think the result will be? The revision number of VTP on the switch we played with is higher than the revision number on the switches of our production network. The VTP client will advertise its information to the other switches. They synchronize to the latest information, and POOF all your VLANs are gone! A VTP client can overwrite a VTP server if the revision number is higher because a VTP server is also a VTP client.

Yes, I know this sounds silly, but this is the way it works…very dangerous since you’ll lose all your VLAN information. Your interfaces won’t go back to VLAN 1 by default but will float around in no man’s land…

One more thing about VTP, let me give you another picture:

VTP Pruning

You see, we have computers in VLAN 10, 20 and 30. The links between the switches are trunks using the 802.1Q protocol and carrying all VLAN traffic. One of our computers in VLAN 10 sends a broadcast frame. Where do you think this broadcast frame will go?

Broadcast frames must be flooded by our switches, and since our trunks carry all VLANs, this broadcast will go everywhere. However, if you look at the switch in the middle, do you see any computer in VLAN 10? Nope, there’s only VLAN 20 there, which means this broadcast is wasted bandwidth. By enabling VTP pruning, we’ll ensure there is no unnecessary VLAN traffic on trunks when there’s nobody in a particular VLAN. Depending on your switch model, VTP pruning is either turned on or off by default.

Let’s take a look at the configuration of VTP. I will be using three switches for this task. I erased the VLAN database and the startup configuration on all switches.

three vtp switches

SW1#show vtp status
VTP Version                     : running VTP1 (VTP2 capable)
Configuration Revision          : 0
Maximum VLANs supported locally : 1005
Number of existing VLANs        : 5
VTP Operating Mode              : Server
VTP Domain Name                 :
VTP Pruning Mode                : Disabled
VTP V2 Mode                     : Disabled
VTP Traps Generation            : Disabled
MD5 digest                      : 0x57 0xCD 0x40 0x65 0x63 0x59 0x47 0xBD
Configuration last modified by 0.0.0.0 at 0-0-00 00:00:00
Local updater ID is 0.0.0.0 (no valid interface found)
SW2#show vtp status
VTP Version                     : running VTP1 (VTP2 capable)
Configuration Revision          : 0
Maximum VLANs supported locally : 1005
Number of existing VLANs        : 5
VTP Operating Mode              : Server
VTP Domain Name                 :
VTP Pruning Mode                : Disabled
VTP V2 Mode                     : Disabled
VTP Traps Generation            : Disabled
MD5 digest                      : 0x57 0xCD 0x40 0x65 0x63 0x59 0x47 0xBD
Configuration last modified by 0.0.0.0 at 0-0-00 00:00:00
Local updater ID is 0.0.0.0 (no valid interface found)
SW3#show vtp status
VTP Version                     : 2
Configuration Revision          : 0
Maximum VLANs supported locally : 1005
Number of existing VLANs        : 5
VTP Operating Mode              : Server
VTP Domain Name                 :
VTP Pruning Mode                : Disabled
VTP V2 Mode                     : Disabled
VTP Traps Generation            : Disabled
MD5 digest                      : 0x57 0xCD 0x40 0x65 0x63 0x59 0x47 0xBD
Configuration last modified by 0.0.0.0 at 0-0-00 00:00:00
Local updater ID is 0.0.0.0 (no valid interface found)

We're Sorry, Full Content Access is for Members Only...

If you like to keep on reading, Become a Member Now! Here is why:

  • Learn any CCNA, CCNP and CCIE R&S Topic. Explained As Simple As Possible.
  • Try for Just $1. The Best Dollar You’ve Ever Spent on Your Cisco Career!
  • Full Access to our 799 Lessons. More Lessons Added Every Week!
  • Content created by Rene Molenaar (CCIE #41726)

574 Sign Ups in the last 30 days

satisfaction-guaranteed
100% Satisfaction Guaranteed!
You may cancel your monthly membership at any time.
No Questions Asked!

Tags: ,


Forum Replies

  1. Hi, thanks. This is good and useful lesson.

  2. This topic clearifies different mode beautifully without any boredom

  3. why we don’t use vtp in each network ?
    can we use in big network?

  4. You can use it but it has a security risk, a VTP client is able to overwrite the VTP server when its revision number is higher. It’s possible to wipe the VLAN Database on all your switches this way…

  5. That is how one can do it once you have full understanding of the content.
    Great job man.
    Please help me with CCNA in this month.

    Can you provide commands for the experiments please?

192 more replies! Ask a question or join the discussion by visiting our Community Forum