VTP advice

spj2019 · ‎06-20-2019

Hello,
I've been given the chore of configuring a dozen routers/switches but although I've been handed some specifications regarding Vlans and IP addressing, I don't have any requirements regarding VTP. I confess I don't know much about this protocol and was wondering if I really need to use it or if I could spare myself the configuration effort. Is it active by default ? I'm asking because after configuring a switch and then trying to replicate the configuration on another device by uploading the config file, I found that my VLANs were not defined. When I tried to define them, I got a message saying that VLAN configuration was not allowed in VTP client mode...? Bu I had no VTP commands in my configuration..... I'm confused and would like to understand if I use Transparent mode or none (OFF) would each device be able to make its' own VLAN definitions ? would the vlans be stored in the vlan.dat file for each device ? Thanks for any pointers and advice !

Cheers, spj

omz · ‎06-20-2019

Hi spj

VLAN Trunk Protocol (VTP) reduces administration in a switched network. When you configure a new VLAN on one VTP server, the VLAN is distributed through all switches in the domain. This reduces the need to configure the same VLAN everywhere. VTP is a Cisco-proprietary protocol that is available on most of the Cisco Catalyst series products.

was wondering if I really need to use it or if I could spare myself the configuration effort.

I would not use it. VTPv1/2 are security risks and a switch with lower mac address in server mode can destroy your vlans if connected on the network. VTPv3 is better but still, I would avoid the pain.

Is it active by default ?

VTP server is the default mode. You create the vlans on the server and clients in the same domain receive the vlans.

if I use Transparent mode or none (OFF) would each device be able to make its' own VLAN definitions ?

In VTP transparent mode a switch doesn’t share its VLAN database, but it forwards received VTP advertisements. You can create and delete VLANs on a VTP transparent switch, but the changes are not sent to other switches.

would the vlans be stored in the vlan.dat file for each device ?

yes if create them or copy config with vlans on the switch

show vtp status command will show the status. client / server mode.

conf t
vtp mode {client |server | transparent |off} {vlan | mst |unknown}
vtp mode transparent (Sets the switch to transparent  mode)
vtp mode server (Sets the switch to server mode)

You learn more about vtp here -

https://www.cisco.com/c/en/us/support/docs/lan-switching/vtp/10558-21.html

https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3560/software/release/12-2_52_se/configuration/guide/3560scg/swvtp.html#wp1233873

Hope this helps.

spj2019 · ‎06-23-2019

thanks omz ! your words just confirm my opinion (based on the documentation I had read) that I don't need VTP. My devices are distributed throughout 6 different sites : a main site with a router and with two stacked switches, and 5 branch sites with a router and switch. I think I'll just set the mode to OFF. Having said that, when I put the VTP mode to OFF, what happens to the already defined VLANS ? will I have to define them again ?
Thank you, spj

omz · ‎06-23-2019

hi you welcome glad to help..

The already configured vlans would stay. They won't be removed or deleted.

I have seen people configure vtp initially for large deployments.. push the vlans and then turn vtp mode to transparent/off.

alex.perkins1 · ‎06-20-2019

Good afternoon spj2019,

First things first, you need to understand the protocol before you implement anything. VTP is something that can go very badly for you if you configure it wrong (v3 has addressed some of these concerns but you'll still find lots of people who refuse to go anywhere near VTP).

Here's where I would start if I were you:

https://www.cisco.com/c/en/us/support/docs/lan-switching/vtp/10558-21.html

Basically though, when you have a switch in Client mode it can't update the VLAN database at all. That is the whole purpose of the Server. The Server would be the authoritative source and would push out any VLAN changes within the VTP domain out to the rest of the switches.

Go ahead and read through the document that I linked above and feel free to ask any additional questions that you have after doing so.

spj2019 · ‎06-23-2019

Thank you for the pointers Alex. I don't think I'll use VTP having my devices distributed over six different sites with basically a single router and switch within each site. I'll just have to use the VTP mode OFF statement so that I can define VLANS on each individual switch. Thanks, spj

Joseph W. Doherty · ‎06-20-2019

Do you "need" to use VTP? No, not all all. Can it be useful? It can, personally I like using it (especially as it keeps VLAN descriptions consistent across devices). However, if used carelessly or recklessly, you can screw up your whole L2 infrastructure in the blink of an eye (as is also true with many other configuration options).

Both the transparent and (later) "off" mode only support a local VLAN database (the former though can pass VTP between devices connected to it, although it doesn't use or share its VLAN information with those connected devices).

spj2019 · ‎06-23-2019

Hi Joseph, thanks for your indications. Since I only have a single router and switch in each of my 6 separate sites, I don't think I'll be using VTP. OFF mode seems to be the way for me! Regards, spj

Joseph W. Doherty · ‎06-23-2019

If you only have a single switch at each site, yup VTP doesn't do much for you.