Table Of Contents
Configuring VTP
Understanding How VTP Works
VTP Domain
VTP Modes
VTP Advertisements
VTP Version 2
VTP Pruning
Default VTP Configuration
VTP Configuration Guidelines
Configuring VTP
Configuring a VTP Server
Configuring a VTP Client
Configuring VTP Transparent Mode
Disabling VTP Using the Off Mode
Enabling VTP Version 2
Disabling VTP Version 2
Configuring VTP Pruning
Disabling VTP Pruning
Monitoring VTP
Configuring VTP
This chapter describes how to configure the VLAN Trunking Protocol (VTP) on the Catalyst enterprise LAN switches.
Note For complete syntax and usage information for the commands used in this chapter, refer to the Command Reference—Catalyst 4000 Family, Catalyst 2948G, and Catalyst 2980G Switches.
This chapter consists of these major sections:
•Understanding How VTP Works
•Default VTP Configuration
•VTP Configuration Guidelines
•Configuring VTP
•Monitoring VTP
Understanding How VTP Works
Before you create virtual LANs (VLANs), you must decide whether to use VTP in your network. With VTP, you can make configuration changes centrally on one or more switches and have those changes automatically communicated to all the other switches in the network.
VTP is a Layer 2 messaging protocol that maintains VLAN configuration consistency by managing the addition, deletion, and renaming of VLANs on a network-wide basis. VTP minimizes misconfigurations and configuration inconsistencies that can result in a number of problems, such as duplicate VLAN names, incorrect VLAN-type specifications, and security violations.
Note For information on configuring VLANs, see "Configuring VLANs."
These sections describe how VTP works:
•VTP Domain
•VTP Modes
•VTP Advertisements
•VTP Version 2
•VTP Pruning
VTP Domain
A VTP domain (also called a VLAN management domain) is made up of one or more interconnected switches that share the same VTP domain name. A switch can be configured to be in only one VTP domain. You make global VLAN configuration changes for the domain using either the command-line interface (CLI) or Simple Network Management Protocol (SNMP).
By default, the switch is in VTP server mode and is in the no-management domain state until the switch receives an advertisement for a domain over a trunk link or you configure a management domain. You cannot create or modify VLANs on a VTP server until the management domain name is specified or learned.
If the switch receives a VTP advertisement over a trunk link, it inherits the management domain name and the VTP configuration revision number. The switch remains in the first management domain learned unless changed by the user.
If you configure the switch as VTP transparent, you can create and modify VLANs but the changes affect only the individual switch.
When you make a change to the VLAN configuration on a VTP server, the change is propagated to all switches in the VTP domain. VTP advertisements are transmitted out on all IEEE 802.1Q trunk connections.
VTP maps VLANs dynamically across multiple LAN types with unique names and internal index associations. Mapping eliminates excessive device administration required from network administrators.
VTP Modes
You can configure a switch to operate in any one of these VTP modes:
•Server—In VTP server mode, you can create, modify, and delete VLANs and specify other configuration parameters (such as VTP version and VTP pruning) for the entire VTP domain. VTP servers advertise their VLAN configuration to other switches in the same VTP domain and synchronize their VLAN configuration with other switches based on advertisements received over trunk links. VTP server is the default mode.
•Client—VTP clients behave the same way as VTP servers, but you cannot create, change, or delete VLANs on a VTP client.
•Transparent—VTP transparent switches do not participate in VTP. A VTP transparent switch does not advertise its VLAN configuration and does not synchronize its VLAN configuration based on received advertisements. However, in VTP version 2, transparent switches do forward received VTP advertisements out their trunk ports.
•Off—In the three modes described above, VTP advertisements are received and transmitted as soon as the switch enters the management domain state. In VTP "off" mode, switches behave the same as in VTP transparent mode, except that VTP advertisements are not forwarded.
VTP Advertisements
Each switch in the VTP domain sends periodic advertisements out each trunk port to a reserved multicast address. VTP advertisements are received by neighboring switches, which update their VTP and VLAN configurations as necessary except when in transparent mode.
The following global configuration information is distributed in VTP advertisements:
•VLAN IDs (802.1Q)
•VTP domain name
•VTP configuration revision number
•VLAN configuration, including maximum transmission unit (MTU) size for each VLAN
•Frame format
VTP Version 2
If you use VTP in your network, you must decide whether to use VTP version 1 or version 2. VTP version 2 supports the following features not supported in version 1:
•Unrecognized Type-Length-Value (TLV) Support—A VTP server or client propagates configuration changes to its other trunks, even for TLVs it is not able to parse. The unrecognized TLV is saved in nonvolatile RAM (NVRAM).
•Version-Dependent Transparent Mode—In VTP version 1, a VTP transparent switch inspects VTP messages for the domain name and version and forwards a message only if the version and domain name match. Since only one domain is supported in the supervisor engine software, VTP version 2 forwards VTP messages in transparent mode, without checking the version.
•Consistency Checks—In VTP version 2, VLAN consistency checks (such as VLAN names and values) are performed only when you enter new information through the CLI or SNMP. Consistency checks are not performed when new information is obtained from a VTP message, or when information is read from NVRAM. If the digest on a received VTP message is correct, its information is accepted without consistency checks.
VTP Pruning
VTP pruning enhances network bandwidth use by reducing unnecessary flooded traffic, such as broadcast, multicast, unknown, and flooded unicast packets. VTP pruning increases available bandwidth by restricting flooded traffic to those trunk links that the traffic must use to access the appropriate network devices. By default, VTP pruning is disabled.
Before you enable VTP pruning, make sure that all devices in the management domain support it.
Figure 9-1 shows a switched network with VTP pruning disabled. Port 1 on Switch 1 and port 2 on Switch 4 are assigned to the Red VLAN. A broadcast is sent from the host connected to Switch 1. Switch 1 floods the broadcast, and every switch in the network receives it, even though Switches 3, 5, and 6 have no ports in the Red VLAN.
Figure 9-1 Flooding Traffic Without VTP Pruning
Figure 9-2 shows the same switched network with VTP pruning enabled. The broadcast traffic from Switch 1 is not forwarded to Switches 3, 5, and 6 because traffic for the Red VLAN has been pruned on the links indicated (Port 5 on Switch 2 and Port 4 on Switch 4).
Figure 9-2 Flooding Traffic with VTP Pruning
Enabling VTP pruning on a VTP server enables pruning for the entire management domain. VTP pruning takes effect several seconds after you enable it. By default, VLANs 2 through 1000 are eligible for pruning. VTP pruning does not prune traffic from VLANs that are ineligible for pruning. VLAN 1 is always ineligible for pruning; traffic from VLAN 1 cannot be pruned.
Note You cannot enable VTP pruning on extended-range VLANs.
To make a VLAN ineligible for pruning, enter the clear vtp pruning command. To make a VLAN eligible for pruning again, enter the set vtp pruneeligible command. You can set VLAN pruning eligibility regardless of whether VTP pruning is enabled or disabled for the domain. Pruning eligibility always applies to the local device only, not for the entire VTP domain.
Default VTP Configuration
Table 9-1 shows the default VTP configuration.
Table 9-1 VTP Default Configuration
Feature
|
Default
|
VTP domain name
|
Null
|
VTP mode
|
Server
|
VTP version 2 enable state
|
Version 2 is disabled
|
VTP password
|
None
|
VTP pruning
|
Disabled
|
VTP Configuration Guidelines
This section describes the configuration guidelines for implementing VTP in your network:
•All switches in a VTP domain must run the same VTP version.
•You must configure a password on each switch in the management domain when in VTP secure mode.
Caution If you configure VTP in secure mode, the management domain will not function properly if you do not assign a management domain password to each switch in the domain.
•A VTP version 2-capable switch can operate in the same VTP domain as a switch running VTP version 1, provided that VTP version 2 is disabled on the VTP version 2-capable switch (VTP version 2 is disabled by default).
•Do not enable VTP version 2 on a switch unless all of the switches in the same VTP domain are version 2-capable. When you enable VTP version 2 on a switch, all of the version 2-capable switches in the domain enable VTP version 2.
•Enabling or disabling VTP pruning on a VTP server enables or disables VTP pruning for the entire management domain.
•Making VLANs eligible or ineligible for pruning on a switch affects pruning eligibility for those VLANs on that device only (not on all switches in the VTP domain).
•Extended-range VLANs are not propagated in the VTP domain. For complete information on VLANs, see "Configuring VLANs."
Configuring VTP
These sections describe how to configure VTP:
•Configuring a VTP Server
•Configuring a VTP Client
•Configuring VTP Transparent Mode
•Disabling VTP Using the Off Mode
•Enabling VTP Version 2
•Disabling VTP Version 2
•Configuring VTP Pruning
•Disabling VTP Pruning
Configuring a VTP Server
When a switch is in VTP server mode, you can change the VLAN configuration and have it propagate throughout the network.
To configure the switch as a VTP server, perform this task in privileged mode:
|
Task
|
Command
|
Step 1
|
Define the VTP domain name.
|
set vtp domain name
|
Step 2
|
Place the switch in VTP server mode.
|
set vtp mode server
|
Step 3
|
(Optional) Set a password for the VTP domain.
|
set vtp passwd passwd
|
Step 4
|
Verify the VTP configuration.
|
show vtp domain
|
This example shows how to configure the switch as a VTP server and verify the configuration:
Console> (enable) set vtp domain Lab_Network
VTP domain Lab_Network modified
Console> (enable) set vtp mode server
VTP domain Lab_Network modified
Console> (enable) show vtp domain
Domain Name Domain Index VTP Version Local Mode Password
-------------------------------- ------------ ----------- ----------- ----------
Vlan-count Max-vlan-storage Config Revision Notifications
---------- ---------------- --------------- -------------
Last Updater V2 Mode Pruning PruneEligible on Vlans
--------------- -------- -------- -------------------------
172.20.52.70 disabled disabled 2-1000
Configuring a VTP Client
When a switch is in VTP client mode, you cannot change the VLAN configuration on the switch. The client switch receives VTP updates from a VTP server in the management domain and modifies its configuration accordingly.
To configure the switch as a VTP client, perform this task in privileged mode:
|
Task
|
Command
|
Step 1
|
Define the VTP domain name.
|
set vtp domain name
|
Step 2
|
Place the switch in VTP client mode.
|
set vtp mode client
|
Step 3
|
Verify the VTP configuration.
|
show vtp domain
|
This example shows how to configure the switch as a VTP client and verify the configuration:
Console> (enable) set vtp domain Lab_Network
VTP domain Lab_Network modified
Console> (enable) set vtp mode client
VTP domain Lab_Network modified
Console> (enable) show vtp domain
Domain Name Domain Index VTP Version Local Mode Password
-------------------------------- ------------ ----------- ----------- ----------
Vlan-count Max-vlan-storage Config Revision Notifications
---------- ---------------- --------------- -------------
Last Updater V2 Mode Pruning PruneEligible on Vlans
--------------- -------- -------- -------------------------
172.20.52.70 disabled disabled 2-1000
Configuring VTP Transparent Mode
When you configure the switch as VTP transparent, you disable VTP on the switch. A VTP transparent switch does not send VTP updates and does not act on VTP updates received from other switches. However, a VTP transparent switch running VTP version 2 does forward received VTP advertisements out all of its trunk links.
To disable VTP on the switch, perform this task in privileged mode:
|
Task
|
Command
|
Step 1
|
Place the switch in VTP transparent mode (disabling VTP on the switch).
|
set vtp mode transparent
|
Step 2
|
Verify the VTP configuration.
|
show vtp domain
|
This example shows how to configure the switch as VTP transparent and verify the configuration:
Console> (enable) set vtp mode transparent
VTP domain Lab_Net modified
Console> (enable) show vtp domain
Domain Name Domain Index VTP Version Local Mode Password
-------------------------------- ------------ ----------- ----------- ----------
Lab_Net 1 2 Transparent -
Vlan-count Max-vlan-storage Config Revision Notifications
---------- ---------------- --------------- -------------
Last Updater V2 Mode Pruning PruneEligible on Vlans
--------------- -------- -------- -------------------------
172.20.52.70 disabled disabled 2-1000
Disabling VTP Using the Off Mode
When you disable VTP using the off mode, the switch behaves the same as in VTP transparent mode with the exception that VTP advertisements are not forwarded.
To disable VTP using the off mode, perform this task in privileged mode:
|
Task
|
Command
|
Step 1
|
Disable VTP using the off mode.
|
set vtp mode off
|
Step 2
|
Verify the VTP configuration.
|
show vtp domain
|
This example shows how to disable VTP using the off mode:
Console> (enable) set vtp mode off
VTP domain Lab_Net modified
Console> (enable) show vtp domain
Domain Name Domain Index VTP Version Local Mode Password
-------------------------------- ------------ ----------- ----------- ----------
Vlan-count Max-vlan-storage Config Revision Notifications
---------- ---------------- --------------- -------------
Last Updater V2 Mode Pruning PruneEligible on Vlans
--------------- -------- -------- -------------------------
172.20.52.70 disabled disabled 2-1000
Enabling VTP Version 2
VTP version 2 is disabled by default on VTP version 2-capable switches. When you enable VTP version 2 on a switch, every VTP version 2-capable switch in the VTP domain also will enable version 2.
Caution VTP version 1 and VTP version 2 are not interoperable on switches in the same VTP domain. Every switch in the VTP domain must use the same VTP version. Do not enable VTP version 2 unless every switch in the VTP domain supports version 2.
To enable VTP version 2, perform this task in privileged mode:
|
Task
|
Command
|
Step 1
|
Enable VTP version 2 on the switch.
|
set vtp v2 enable
|
Step 2
|
Verify that VTP version 2 is enabled.
|
show vtp domain
|
This example shows how to enable VTP version 2 and verify the configuration:
Console> (enable) set vtp v2 enable
This command will enable the version 2 function in the entire management domain.
All devices in the management domain should be version2-capable before enabling.
Do you want to continue (y/n) [n]? y
VTP domain Lab_Net modified
Console> (enable) show vtp domain
Domain Name Domain Index VTP Version Local Mode Password
-------------------------------- ------------ ----------- ----------- ----------
Vlan-count Max-vlan-storage Config Revision Notifications
---------- ---------------- --------------- -------------
Last Updater V2 Mode Pruning PruneEligible on Vlans
--------------- -------- -------- -------------------------
172.20.52.70 enabled disabled 2-1000
Disabling VTP Version 2
To disable VTP version 2, perform this task in privileged mode:
|
Task
|
Command
|
Step 1
|
Disable VTP version 2.
|
set vtp v2 disable
|
Step 2
|
Verify that VTP version 2 is disabled.
|
show vtp domain
|
This example shows how to disable VTP version 2:
Console> (enable) set vtp v2 disable
This command will disable the version 2 function in the entire management domain.
Warning: trbrf & trcrf vlans will not work properly in this mode.
Do you want to continue (y/n) [n]? y
VTP domain Lab_Net modified
Configuring VTP Pruning
To configure VTP pruning, perform this task in privileged mode:
|
Task
|
Command
|
Step 1
|
Enable VTP pruning in the management domain.
|
set vtp pruning enable
|
Step 2
|
(Optional) Make specific VLANs pruning ineligible on the device. (By default, VLANs 2-1000 are pruning eligible.)
|
clear vtp pruning vlan_range
|
Step 3
|
(Optional) Make specific VLANs pruning eligible on the device.
|
set vtp pruneeligible vlan_range
|
Step 4
|
Verify the VTP pruning configuration.
|
show vtp domain
|
Step 5
|
Verify that the appropriate VLANs are being pruned on trunk ports.
|
show trunk
|
This example shows how to enable VTP pruning in the management domain and how to make VLANs 2-99, 250-255, and 501-1000 pruning eligible on the particular device:
Console> (enable) set vtp pruning enable
This command will enable the pruning function in the entire management domain.
All devices in the management domain should be pruning-capable before enabling.
Do you want to continue (y/n) [n]? y
VTP domain Lab_Network modified
Console> (enable) clear vtp pruneeligible 100-500
Vlans 1,100-500,1001-1005 will not be pruned on this device.
VTP domain Lab_Network modified.
Console> (enable) set vtp pruning 250-255
Vlans 2-99,250-255,501-1000 eligible for pruning on this device.
VTP domain Lab_Network modified.
Console> (enable) show vtp domain
Domain Name Domain Index VTP Version Local Mode Password
-------------------------------- ------------ ----------- ----------- ----------
Vlan-count Max-vlan-storage Config Revision Notifications
---------- ---------------- --------------- -------------
Last Updater V2 Mode Pruning PruneEligible on Vlans
--------------- -------- -------- -------------------------
172.20.52.2 disabled enabled 2-99,250-255,501-1000
Console> (enable) show trunk
* - indicates vtp domain mismatch
Port Mode Encapsulation Status Native vlan
-------- ----------- ------------- ------------ -----------
Port Vlans allowed on trunk
-------- ---------------------------------------------------------------------
Port Vlans allowed and active in management domain
-------- ---------------------------------------------------------------------
Port Vlans in spanning tree forwarding state and not pruned
-------- ---------------------------------------------------------------------
Disabling VTP Pruning
To disable VTP pruning, perform this task in privileged mode:
|
Task
|
Command
|
Step 1
|
Disable VTP pruning in the management domain.
|
set vtp pruning disable
|
Step 2
|
Verify that VTP pruning is disabled.
|
show vtp domain
|
This example shows how to disable VTP pruning in the management domain:
Console> (enable) set vtp pruning disable
This command will disable the pruning function in the entire management domain.
Do you want to continue (y/n) [n]? y
VTP domain Lab_Network modified
Monitoring VTP
To monitor VTP activity, including VTP advertisements sent and received and VTP errors, perform this task in privileged mode:
Task
|
Command
|
Display VTP statistics for the switch.
|
show vtp statistics
|
This example shows how to display VTP statistics on the switch:
Console> (enable) show vtp statistics
summary advts received 4690
summary advts transmitted 4397
subset advts transmitted 8
request advts transmitted 0
No of config revision errors 0
No of config digest errors 0
Trunk Join Transmitted Join Received Summary advts received from
non-pruning-capable device
-------- --------------- ------------- ---------------------------