-
null
The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
Note ● For complete syntax and usage information for the commands used in this chapter, see these publications:
http://www.cisco.com/en/US/products/ps11846/prod_command_reference_list.html
http://www.cisco.com/en/US/products/hw/switches/ps708/tsd_products_support_series_home.html
Participate in the Technical Documentation Ideas forum
Note For complete information on configuring VLANs, see Chapter26, “Virtual Local Area Networks (VLANs)”
VTP is a Layer 2 messaging protocol that maintains VLAN configuration consistency by managing the addition, deletion, and renaming of VLANs within a VTP domain. A VTP domain (also called a VLAN management domain) is made up of one or more network devices that share the same VTP domain name and that are interconnected with trunks. VTP minimizes misconfigurations and configuration inconsistencies that can result in a number of problems, such as duplicate VLAN names, incorrect VLAN-type specifications, and security violations. Before you create VLANs, you must decide whether to use VTP in your network. With VTP, you can make configuration changes centrally on one or more network devices and have those changes automatically communicated to all the other network devices in the network.
A VTP domain (also called a VLAN management domain) is made up of one or more interconnected network devices that share the same VTP domain name. A network device can be configured to be in one and only one VTP domain. You make global VLAN configuration changes for the domain using either the command-line interface (CLI) or Simple Network Management Protocol (SNMP).
VTP server mode is the default and the switch is in the no-management domain state until it receives an advertisement for a domain over a trunk link or you configure a management domain.
If the switch receives a VTP advertisement over a trunk link, it inherits the management domain name and the VTP configuration revision number. The switch ignores advertisements with a different management domain name or an earlier configuration revision number.
If you configure the switch as VTP transparent, you can create and modify VLANs but the changes affect only the individual switch. The valid VLAN ranges are as follows:
By default, all devices come up as secondary servers. You can enter the vtp primary privileged EXEC mode command to specify a primary server.
When using VTP version 1 and version 2, a VTP server is used to back up the database to the NVRAM and allows you to change the database information.
In VTP version 3, there is a VTP-primary server and a VTP-secondary server. A primary server allows you to alter the database information and the database updates sent out are honored by all the devices in the system. A secondary server can only back up the updated VTP configuration received from the primary server in the NVRAMs. The status of the primary and secondary servers is a runtime status and is not configurable.
VTP maps VLANs dynamically across multiple LAN types with unique names and internal index associations. Mapping eliminates excessive device administration required from network administrators.
You can configure any one of these VTP modes:
Note The VTP server mode automatically changes from VTP server mode to VTP client mode if the switch detects a failure while writing configuration to NVRAM. If this happens, the switch cannot be returned to VTP server mode until the NVRAM is functioning.
Each network device in the VTP domain sends periodic advertisements out each trunking LAN port to a reserved multicast address. VTP advertisements are received by neighboring network devices, which update their VTP and VLAN configurations as necessary.
The following global configuration information is distributed in VTP version 1 and version 2 advertisements:
In VTP version 3, the information distributed in VTP version 1 and version 2 advertisements are supported, as well as the following information:
– On a trunk coming up on a switch with an invalid database.
– On all trunks when the database of a switch becomes invalid as a result of a configuration change or a takeover message.
– On a specific trunk where a superior database has been advertised.
When VTP authentication is not configured, the secret that is used to validate the received VTP updates is visible in plain text in the show commands and the NVRAM file, const_nvram:vlan.dat. In the event that a device in a VTP domain is compromised, the administrator must change the VTP secret across all the devices in the VTP domain.
With VTP version 3, you can configure the authentication password to be hidden using the vtp password command. When you configure the authentication password to be hidden, it does not appear in plain text in the configuration. Instead, the secret associated with the password is saved in hexadecimal format in the running configuration. The password - string argument is an ASCII string from 8 to 64 characters identifying the administrative domain for the device.
VTP version 2 supports the following features not supported in version 1:
VTP version 3 supports all the features in version 1 and version 2. VTP version 3 also supports the following features not supported in version 1 and version 2:
The hidden and secret keywords for VTP password are supported only in VTP version 3. If converting to VTP version 2 from VTP version 3, you must remove the hidden or secret keyword prior to the conversion.
Note VTP version 3 supports Multiple Spanning Tree (802.1s) (MST) database propagation separate from the VLAN database only. In the MST database propagation, there is a VTP primary server and a VTP econdary server. A primary server allows you to alter the database information, and the database updates sent out are honored by all the devices in the system. A secondary server can only back up the updated VTP configuration received from the primary server in the NVRAMs. The status of the primary and secondary servers is a runtime status and is not configurable.
By default, all devices come up as secondary servers. You can enter the vtp primary privileged EXEC mode command to specify a primary server.
The primary-server status is needed only when database changes have to be performed and is obtained when the administrator issues a takeover message in the domain. The primary-server status is lost when you reload, switch over, or the domain parameters change. The secondary servers back up the configuration and continue to propagate the database. You can have a working VTP domain without any primary servers. Primary and secondary servers may exist on an instance in the domain.
In VTP version 3, there is no longer a restriction to propagate only VLAN database information. You can use VTP version 3 to propagate any database information across the VTP domain. A separate instance of the protocol is running for each application that uses VTP.
Two VTP version 3 regions can only communicate over a VTP version 1 or VTP version 2 region in transparent mode.
VTP on a global basis—When you set VTP mode to OFF globally, this applies to all the trunking ports in the system. Unlike the per-port configuration, you can specify the OFF option on a per-VTP instance basis. For example, the system could be configured as VTP-server for the VLAN database and as VTP-off for the MST database. In this case, VLAN databases are propagated by VTP, MST updates are sent out on the trunk ports in the system, and the MST updates received by the system are discarded.
VTP pruning enhances network bandwidth use by reducing unnecessary flooded traffic, such as broadcast, multicast, unknown, and flooded unicast packets. VTP pruning increases available bandwidth by restricting flooded traffic to those trunk links that the traffic must use to access the appropriate network devices. By default, VTP pruning is disabled.
In VTP versions 1 and 2, when you enable or disable pruning, it is propagated to the entire domain and accepted by all the devices in that domain. In VTP version 3, the domain administrator must manually enable or disable VTP pruning explicitly on each device.
For VTP pruning to be effective, all devices in the management domain must support VTP pruning. On devices that do not support VTP pruning, you must manually configure the VLANs allowed on trunks.
Figure 25-1 shows a switched network without VTP pruning enabled. Interface 1 on network Switch 1 and port 2 on Switch 4 are assigned to the Red VLAN. A broadcast is sent from the host connected to Switch 1. Switch 1 floods the broadcast, and every network device in the network receives it, even though Switches 3, 5, and 6 have no ports in the Red VLAN.
You enable pruning globally on the switch (see the “Enabling VTP Pruning” section). You configure pruning on Layer 2 trunking LAN ports (see the “Configuring a Layer 2 Switching Port as a Trunk” section).
Figure 25-1 Flooding Traffic without VTP Pruning
Figure 25-2 shows the same switched network with VTP pruning enabled. The broadcast traffic from Switch 1 is not forwarded to Switches 3, 5, and 6 because traffic for the Red VLAN has been pruned on the links indicated (port 5 on Switch 2 and port 4 on Switch 4).
Figure 25-2 Flooding Traffic with VTP Pruning
Enabling VTP pruning on a VTP server enables pruning for the entire management domain. VTP pruning takes effect several seconds after you enable it. By default, VLANs 2 through 1000 are pruning eligible. VTP pruning does not prune traffic from pruning-ineligible VLANs. VLAN 1 is always pruning ineligible; traffic from VLAN 1 cannot be pruned.
To configure VTP pruning on a trunking LAN port, use the switchport trunk pruning vlan command (see the “Configuring a Layer 2 Switching Port as a Trunk” section). VTP pruning operates when a LAN port is trunking. You can set VLAN pruning eligibility when VTP pruning is enabled or disabled for the VTP domain, when any given VLAN exists or not, and when the LAN port is currently trunking or not.
This section describes the VLAN interaction between devices with different VTP versions:
When a VTP version 3 device on a trunk port receives messages from a VTP version 2 device, the VTP version 3 device sends a scaled-down version of the VLAN database on that particular trunk in a VTP version 2 format. A VTP version 3 device does not send out VTP version 2-formatted packets on a trunk port unless it first receives VTP version 2 packets on that trunk. If the VTP version 3 device does not receive VTP version 2 packets for an interval of time on the trunk port, the VTP version 3 device stops transmitting VTP version 2 packets on that trunk port.
Even when a VTP version 3 device detects a VTP version 2 device on a trunk port, the VTP version 3 device continues to send VTP version 3 packets in addition to VTP version 3 device 2 packets, to allow two kinds of neighbors to coexist on the trunk. VTP version 3 sends VTP version 3 and VTP version 2 updates on VTP version 2-detected trunks.
A VTP version 3 device does not accept configuration from a VTP version 2 (or VTP version 1) device.
Unlike in VTP version 2, when you configure the VTP version to be version 3, version 3 does not configure all the VTP version 3-capable devices in the domain to start behaving as VTP version 3 systems.
When a VTP version 1 device that is capable of VTP version 2 or VTP version 3 receives a VTP version 3 packet, it will be configured as a VTP version 2 device if VTP version 2 conflicts do not exist.
VTP version 1-only capable devices cannot interoperate with VTP version 3 devices.
Note You can enter the VTP global parameters in either global configuration mode or in EXEC mode.
To configure the VTP version 1 and version 2 global parameters, perform this task:
|
|
---|---|
Sets a password, which can be from 8 to 64 characters long, for the VTP domain. |
|
This example shows one way to configure a VTP password in global configuration mode:
This example shows how to configure a VTP password in EXEC mode:
Note The password is not stored in the running-config file.
To configure the VTP version 3 password, perform this task:
This example shows one way to configure a VTP password in global configuration mode:
Note If you configure a VTP password in EXEC mode, the password is not stored in the running-config file.
This example shows one way to configure the password with a hidden key saved in hexadecimal format in the running configuration :
This example shows how you configure the password secret key in hexadecimal format:
To specify a primary server, perform this task:
|
|
---|---|
The vtp primary command does not have a no form. To return to the secondary server status, one of the following conditions must be met:
This example shows how to configure this device as the primary server if the password feature is disabled:
This example shows how to configure this device as the primary server for the VTP VLAN feature if the password feature is disabled:
This example shows how to force this device to be the primary server for the VTP MST feature if the password feature is disabled :
This example shows how to force this device to be the primary server for the VTP MST feature when the domain VTP password is set with the hidden or secret keyword:
To enable VTP pruning in the management domain, perform this task:
|
|
---|---|
This example shows one way to enable VTP pruning in the management domain:
This example shows how to enable VTP pruning in the management domain with any release:
This example shows how to verify the configuration:
For information about configuring prune eligibility, see the “Configuring the List of Prune-Eligible VLANs” section.
VTP version 2 is disabled by default on VTP version 2-capable network devices. When you enable VTP
version 2 on a network device, every VTP version 2-capable network device in the VTP domain enables version 2.
Note In a Token Ring environment, you must enable VTP version 2 for Token Ring VLAN switching to function properly on devices that support Token Ring interfaces.
To enable VTP version 2, perform this task:
|
|
---|---|
This example shows one way to enable VTP version 2:
This example shows how to enable VTP version 2 with any release:
This example shows how to verify the configuration:
VTP version 3 is disabled by default. You can enable version 3 in global configuration mode only. The network administrator has to manually configure VTP version 3 on the switches that need to run VTP version 3.
Note Prior to configuring VTP version 3, you must ensure that the spanning-tree extend system-id command has been enabled.
To enable VTP version 3, perform this task:
|
|
---|---|
This example shows one way to enable VTP version 3:
This example shows how to verify the configuration:
To configure the VTP mode, perform this task:
Note When VTP is disabled, you can enter VLAN configuration commands in configuration mode instead of the VLAN database mode and the VLAN configuration is stored in the startup configuration file.
This example shows how to configure the switch as a VTP server:
This example shows how to configure the switch as a VTP client:
This example shows how to disable VTP on the switch:
This example shows how to disable VTP on the switch and to disable VTP advertisement forwarding:
This example shows how to verify the configuration:
You can configure VTP mode on a per-port basis. The VTP enable value will be applied only when a port becomes switched port in trunk mode. Incoming and outgoing vtp pdus are blocked; not forwarded. In VTP version 3, you can also configure VTP mode on a per-trunk basis. To configure VTP mode, perform this task:
|
|
|
---|---|---|
This example shows how to configure VTP mode on a port:
This example shows how to disable VTP mode on a port:
This example shows how to verify the configuration change:
This example shows how to verify the interface:
To display VTP statistics, including VTP advertisements sent and received and VTP errors, perform this task:
|
|
---|---|
This example shows how to display VTP statistics:
http://www.cisco.com/en/US/products/hw/switches/ps708/tsd_products_support_series_home.html
Participate in the Technical Documentation Ideas forum