-
Catalyst 4500 Series Software Configuration Guide, 7.5
-
Preface
-
Product Overview
-
Using the Command-Line Interface
-
Configuring the Switch IP Address and Default Gateway
-
Configuring Ethernet and Fast Ethernet Switching
-
Configuring Gigabit Ethernet Switching
-
Configuring Fast EtherChannel and Gigabit EtherChannel
-
Configuring Spanning Tree
-
Configuring Spanning Tree PortFast, BPDU Guard, BPDU Filter, UplinkFast, BackboneFast, and Loop Guard
-
Configuring VTP
-
Configuring VLANs
-
Configuring VLAN Trunks on Fast Ethernet and Gigabit Ethernet Ports
-
Configuring Dynamic VLAN Membership with VMPS
-
Configuring GVRP
-
Configuring QoS
-
Configuring Multicast Services
-
Configuring Port Security
-
Configuring Unicast Flood Blocking
-
Configuring the IP Permit List
-
Configuring Protocol Filtering
-
Checking Port Status and Connectivity
-
Configuring CDP
-
Using Switch TopN Reports
-
Configuring UDLD
-
Configuring SNMP
-
Configuring RMON
-
Configuring SPAN and RSPAN
-
Administering the Switch
-
Configuring Switch Access Using AAA
-
Modifying the Switch Boot Configuration
-
Working with System Software Images
-
Using the Flash File System
-
Working with Configuration Files
-
Configuring Switch Acceleration
-
Configuring System Message Logging
-
Configuring DNS
-
Configuring NTP
-
Glossary
-
Index
-
Feedback
Table Of Contents
Configuring VTP Transparent Mode
Disabling VTP Using the Off Mode
Configuring VTP
This chapter describes how to configure the VLAN Trunking Protocol (VTP) on the Catalyst enterprise LAN switches.
Note
For complete syntax and usage information for the commands used in this chapter, refer to the Command Reference—Catalyst 4000 Family, Catalyst 2948G, and Catalyst 2980G Switches.
This chapter consists of these major sections:
Understanding How VTP Works
Before you create virtual LANs (VLANs), you must decide whether to use VTP in your network. With VTP, you can make configuration changes centrally on one or more switches and have those changes automatically communicated to all the other switches in the network.
VTP is a Layer 2 messaging protocol that maintains VLAN configuration consistency by managing the addition, deletion, and renaming of VLANs on a network-wide basis. VTP minimizes misconfigurations and configuration inconsistencies that can result in a number of problems, such as duplicate VLAN names, incorrect VLAN-type specifications, and security violations.
Note
These sections describe how VTP works:
VTP Domain
A VTP domain (also called a VLAN management domain) is made up of one or more interconnected switches that share the same VTP domain name. A switch can be configured to be in only one VTP domain. You make global VLAN configuration changes for the domain using either the command-line interface (CLI) or Simple Network Management Protocol (SNMP).
By default, the switch is in VTP server mode and is in the no-management domain state until the switch receives an advertisement for a domain over a trunk link or you configure a management domain. You cannot create or modify VLANs on a VTP server until the management domain name is specified or learned.
If the switch receives a VTP advertisement over a trunk link, it inherits the management domain name and the VTP configuration revision number. The switch remains in the first management domain learned unless changed by the user.
If you configure the switch as VTP transparent, you can create and modify VLANs but the changes affect only the individual switch.
When you make a change to the VLAN configuration on a VTP server, the change is propagated to all switches in the VTP domain. VTP advertisements are transmitted out on all IEEE 802.1Q trunk connections.
VTP maps VLANs dynamically across multiple LAN types with unique names and internal index associations. Mapping eliminates excessive device administration required from network administrators.
VTP Modes
You can configure a switch to operate in any one of these VTP modes:
•
•
•
•
VTP Advertisements
Each switch in the VTP domain sends periodic advertisements out each trunk port to a reserved multicast address. VTP advertisements are received by neighboring switches, which update their VTP and VLAN configurations as necessary except when in transparent mode.
The following global configuration information is distributed in VTP advertisements:
•
•
•
•
•
VTP Version 2
If you use VTP in your network, you must decide whether to use VTP version 1 or version 2. VTP version 2 supports the following features not supported in version 1:
•
•
•
VTP Pruning
VTP pruning enhances network bandwidth use by reducing unnecessary flooded traffic, such as broadcast, multicast, unknown, and flooded unicast packets. VTP pruning increases available bandwidth by restricting flooded traffic to those trunk links that the traffic must use to access the appropriate network devices. By default, VTP pruning is disabled.
Before you enable VTP pruning, make sure that all devices in the management domain support it.
Figure 9-1 shows a switched network with VTP pruning disabled. Port 1 on Switch 1 and port 2 on Switch 4 are assigned to the Red VLAN. A broadcast is sent from the host connected to Switch 1. Switch 1 floods the broadcast, and every switch in the network receives it, even though Switches 3, 5, and 6 have no ports in the Red VLAN.
Figure 9-1 Flooding Traffic Without VTP Pruning
Figure 9-2 shows the same switched network with VTP pruning enabled. The broadcast traffic from Switch 1 is not forwarded to Switches 3, 5, and 6 because traffic for the Red VLAN has been pruned on the links indicated (Port 5 on Switch 2 and Port 4 on Switch 4).
Figure 9-2 Flooding Traffic with VTP Pruning
Enabling VTP pruning on a VTP server enables pruning for the entire management domain. VTP pruning takes effect several seconds after you enable it. By default, VLANs 2 through 1000 are eligible for pruning. VTP pruning does not prune traffic from VLANs that are ineligible for pruning. VLAN 1 is always ineligible for pruning; traffic from VLAN 1 cannot be pruned.
Note
To make a VLAN ineligible for pruning, enter the clear vtp pruning command. To make a VLAN eligible for pruning again, enter the set vtp pruneeligible command. You can set VLAN pruning eligibility regardless of whether VTP pruning is enabled or disabled for the domain. Pruning eligibility always applies to the local device only, not for the entire VTP domain.
Default VTP Configuration
Table 9-1 shows the default VTP configuration.
Table 9-1 VTP Default Configuration
VTP domain name
Null
VTP mode
Server
VTP version 2 enable state
Version 2 is disabled
VTP password
None
VTP pruning
Disabled
VTP Configuration Guidelines
This section describes the configuration guidelines for implementing VTP in your network:
•
•
Caution
•
•
•
•
•
Configuring VTP
These sections describe how to configure VTP:
•
•
Configuring a VTP Server
When a switch is in VTP server mode, you can change the VLAN configuration and have it propagate throughout the network.
To configure the switch as a VTP server, perform this task in privileged mode:
This example shows how to configure the switch as a VTP server and verify the configuration:
Console> (enable) set vtp domain Lab_NetworkVTP domain Lab_Network modifiedConsole> (enable) set vtp mode serverVTP domain Lab_Network modifiedConsole> (enable) show vtp domainDomain Name Domain Index VTP Version Local Mode Password-------------------------------- ------------ ----------- ----------- ----------Lab_Network 1 2 server -Vlan-count Max-vlan-storage Config Revision Notifications---------- ---------------- --------------- -------------10 1023 40 enabledLast Updater V2 Mode Pruning PruneEligible on Vlans--------------- -------- -------- -------------------------172.20.52.70 disabled disabled 2-1000Console> (enable)Configuring a VTP Client
When a switch is in VTP client mode, you cannot change the VLAN configuration on the switch. The client switch receives VTP updates from a VTP server in the management domain and modifies its configuration accordingly.
To configure the switch as a VTP client, perform this task in privileged mode:
Step 1
Define the VTP domain name.
set vtp domain name
Step 2
Place the switch in VTP client mode.
set vtp mode client
Step 3
Verify the VTP configuration.
show vtp domain
This example shows how to configure the switch as a VTP client and verify the configuration:
Console> (enable) set vtp domain Lab_NetworkVTP domain Lab_Network modifiedConsole> (enable) set vtp mode clientVTP domain Lab_Network modifiedConsole> (enable) show vtp domainDomain Name Domain Index VTP Version Local Mode Password-------------------------------- ------------ ----------- ----------- ----------Lab_Network 1 2 client -Vlan-count Max-vlan-storage Config Revision Notifications---------- ---------------- --------------- -------------10 1023 40 enabledLast Updater V2 Mode Pruning PruneEligible on Vlans--------------- -------- -------- -------------------------172.20.52.70 disabled disabled 2-1000Console> (enable)Configuring VTP Transparent Mode
When you configure the switch as VTP transparent, you disable VTP on the switch. A VTP transparent switch does not send VTP updates and does not act on VTP updates received from other switches. However, a VTP transparent switch running VTP version 2 does forward received VTP advertisements out all of its trunk links.
To disable VTP on the switch, perform this task in privileged mode:
Step 1
Place the switch in VTP transparent mode (disabling VTP on the switch).
set vtp mode transparent
Step 2
Verify the VTP configuration.
show vtp domain
This example shows how to configure the switch as VTP transparent and verify the configuration:
Console> (enable) set vtp mode transparentVTP domain Lab_Net modifiedConsole> (enable) show vtp domainDomain Name Domain Index VTP Version Local Mode Password-------------------------------- ------------ ----------- ----------- ----------Lab_Net 1 2 Transparent -Vlan-count Max-vlan-storage Config Revision Notifications---------- ---------------- --------------- -------------10 1023 0 enabledLast Updater V2 Mode Pruning PruneEligible on Vlans--------------- -------- -------- -------------------------172.20.52.70 disabled disabled 2-1000Console> (enable)Disabling VTP Using the Off Mode
When you disable VTP using the off mode, the switch behaves the same as in VTP transparent mode with the exception that VTP advertisements are not forwarded.
To disable VTP using the off mode, perform this task in privileged mode:
Step 1
Disable VTP using the off mode.
set vtp mode off
Step 2
Verify the VTP configuration.
show vtp domain
This example shows how to disable VTP using the off mode:
Console> (enable) set vtp mode offVTP domain Lab_Net modifiedConsole> (enable) show vtp domainDomain Name Domain Index VTP Version Local Mode Password-------------------------------- ------------ ----------- ----------- ----------Lab_Net 1 2 off -Vlan-count Max-vlan-storage Config Revision Notifications---------- ---------------- --------------- -------------10 1023 0 enabledLast Updater V2 Mode Pruning PruneEligible on Vlans--------------- -------- -------- -------------------------172.20.52.70 disabled disabled 2-1000Console> (enable)Enabling VTP Version 2
VTP version 2 is disabled by default on VTP version 2-capable switches. When you enable VTP version 2 on a switch, every VTP version 2-capable switch in the VTP domain also will enable version 2.
Caution
To enable VTP version 2, perform this task in privileged mode:
Step 1
Enable VTP version 2 on the switch.
set vtp v2 enable
Step 2
Verify that VTP version 2 is enabled.
show vtp domain
This example shows how to enable VTP version 2 and verify the configuration:
Console> (enable) set vtp v2 enableThis command will enable the version 2 function in the entire management domain.All devices in the management domain should be version2-capable before enabling.Do you want to continue (y/n) [n]? yVTP domain Lab_Net modifiedConsole> (enable) show vtp domainDomain Name Domain Index VTP Version Local Mode Password-------------------------------- ------------ ----------- ----------- ----------Lab_Net 1 2 server -Vlan-count Max-vlan-storage Config Revision Notifications---------- ---------------- --------------- -------------10 1023 1 enabledLast Updater V2 Mode Pruning PruneEligible on Vlans--------------- -------- -------- -------------------------172.20.52.70 enabled disabled 2-1000Console> (enable)Disabling VTP Version 2
To disable VTP version 2, perform this task in privileged mode:
Step 1
Disable VTP version 2.
set vtp v2 disable
Step 2
Verify that VTP version 2 is disabled.
show vtp domain
This example shows how to disable VTP version 2:
Console> (enable) set vtp v2 disableThis command will disable the version 2 function in the entire management domain.Warning: trbrf & trcrf vlans will not work properly in this mode.Do you want to continue (y/n) [n]? yVTP domain Lab_Net modifiedConsole> (enable)Configuring VTP Pruning
To configure VTP pruning, perform this task in privileged mode:
This example shows how to enable VTP pruning in the management domain and how to make VLANs 2-99, 250-255, and 501-1000 pruning eligible on the particular device:
Console> (enable) set vtp pruning enableThis command will enable the pruning function in the entire management domain.All devices in the management domain should be pruning-capable before enabling.Do you want to continue (y/n) [n]? yVTP domain Lab_Network modifiedConsole> (enable) clear vtp pruneeligible 100-500Vlans 1,100-500,1001-1005 will not be pruned on this device.VTP domain Lab_Network modified.Console> (enable) set vtp pruning 250-255Vlans 2-99,250-255,501-1000 eligible for pruning on this device.VTP domain Lab_Network modified.Console> (enable) show vtp domainDomain Name Domain Index VTP Version Local Mode Password-------------------------------- ------------ ----------- ----------- ----------Lab_Network 1 2 server -Vlan-count Max-vlan-storage Config Revision Notifications---------- ---------------- --------------- -------------8 1023 16 disabledLast Updater V2 Mode Pruning PruneEligible on Vlans--------------- -------- -------- -------------------------172.20.52.2 disabled enabled 2-99,250-255,501-1000Console> (enable) show trunk* - indicates vtp domain mismatchPort Mode Encapsulation Status Native vlan-------- ----------- ------------- ------------ -----------2/1 on dot1q trunking 1Port Vlans allowed on trunk-------- ---------------------------------------------------------------------2/1 1-1005Port Vlans allowed and active in management domain-------- ---------------------------------------------------------------------2/1 1Port Vlans in spanning tree forwarding state and not pruned-------- ---------------------------------------------------------------------2/1 1Console> (enable)Disabling VTP Pruning
To disable VTP pruning, perform this task in privileged mode:
Step 1
Disable VTP pruning in the management domain.
set vtp pruning disable
Step 2
Verify that VTP pruning is disabled.
show vtp domain
This example shows how to disable VTP pruning in the management domain:
Console> (enable) set vtp pruning disableThis command will disable the pruning function in the entire management domain.Do you want to continue (y/n) [n]? yVTP domain Lab_Network modifiedConsole> (enable)Monitoring VTP
To monitor VTP activity, including VTP advertisements sent and received and VTP errors, perform this task in privileged mode:
This example shows how to display VTP statistics on the switch:
Console> (enable) show vtp statisticsVTP statistics:summary advts received 4690subset advts received 7request advts received 0summary advts transmitted 4397subset advts transmitted 8request advts transmitted 0No of config revision errors 0No of config digest errors 0VTP pruning statistics:Trunk Join Transmitted Join Received Summary advts received fromnon-pruning-capable device-------- --------------- ------------- ---------------------------1/1 0 0 01/2 0 0 0Console> (enable)
