Showing results for 
Search instead for 
Did you mean: 

VTP Version Difference

Hi Guys,

Could you explain the about VTP version difference between VTP1,VTP2and VTP 3?

Cisco Employee

VTP 1 VS VTP -2 (Vtp 2 has the following upgrade support on its head)

1.  Support for Token Ring Vlans.


2. Version 2 supports consistancy checks.  This means that when new information about the VTP domain is entered through the command line or some other method like SNMP, VTP version 2 will perform the consistancy check.  VTP version 2 will not check a VTP frame if is it received from another VTP peer or if the information is obtained from NVRAM.  The VTP peer will perfom a MD5 hash check on a VTP frame received from a VTP peer and if it's correct, it will accept the message.


3.  In VTP version 2, if a switch is in transparent mode, it will forward the message without checking version information.  A transparent switch using VTP version 1 will check the domain and version before if forwards the frame.

VTP V3:-

TP version 3 supports these features that are not supported in version 1 or version 2:

Enhanced authentication—You can configure the authentication as hidden or secret. When hidden, the secret key from the password string is saved in the VLAN database file, but it does not appear in plain text in the configuration. Instead, the key associated with the password is saved in hexadecimal format in the running configuration. You must reenter the password if you enter a takeover command in the domain. When you enter the secret keyword, you can directly configure the password secret key.

Support for extended range VLAN (VLANs 1006 to 4094) database propagation. VTP versions 1 and 2 propagate only VLANs 1 to 1005. If extended VLANs are configured, you cannot convert from VTP version 3 to version 1 or 2.

Note VTP pruning still applies only to VLANs 1 to 1005, and VLANs 1002 to 1005 are still reserved and cannot be modified.

Private VLAN support.

Support for any database in a domain. In addition to propagating VTP information, version 3 can propagate Multiple Spanning Tree (MST) protocol database information. A separate instance of the VTP protocol runs for each application that uses VTP.

VTP primary server and VTP secondary servers. A VTP primary server updates the database information and sends updates that are honored by all devices in the system. A VTP secondary server can only back up the updated VTP configurations received from the primary server to its NVRAM.

By default, all devices come up as secondary servers. You can enter the vtp primary privileged EXEC command to specify a primary server. Primary server status is only needed for database updates when the administrator issues a takeover message in the domain. You can have a working VTP domain without any primary servers. Primary server status is lost if the device reloads or domain parameters change, even when a password is configured on the switch.

The option to turn VTP on or off on a per-trunk (per-port) basis. You can enable or disable VTP per port by entering the [no] vtp interface configuration command. When you disable VTP on trunking ports, all VTP instances for that port are disabled. You cannot set VTP to off for the MST database and on for the VLAN database on the same port.

When you globally set VTP mode to off, it applies to all the trunking ports in the system. However, you can specify on or off on a per-VTP instance basis. For example, you can configure the switch as a VTP server for the VLAN database but with VTP off for the MST database.

More info can be found from the following link:-




  • 1
  • 2

Nice article InayathUllah! But I still have a question: Can I configure extended vlans when my switch is in transparent mode and is using vtp v2?



Ali C


Thanks InayathUlla,

i have selected one company totally network responsible switching and VPN

what should i verify once i have to join to my new company  

Content for Community-Ad