VTP – VLAN Trunking Protocol

VTP uses Layer 2 trunk links to communicate VLAN information within a group of switches.

VTP manages the addition, deletion and renaming of vlan names by sending VTP update advertisements within an administrative domain in order for other switches to update their VLAN database, synchronization is done via a revision number.

In the advertisements the switch announces its revision number, vlans and vlan specific parameters, each switch can only belong to one domain and by default its domain is Null.

VTP uses the information of the Vlan.dat file to propagate the vlan of the switches, let us clarify that the vlan.dat file only stores the information of the vlans of normal range (1-1005), this file is used by VTP version 1 and 2.
VTP version 3 can propagate the information of extended range vlans.

The revision number that is sent in the advertisements is a number that increments by one when a change is made to the vlans, every time this number changes automatically the switch sends a VTP message. If a switch has a higher revision number, this switch replicates its configuration to the others.

For this reason, great care must be taken when installing a new switch in the network, because if it is already configured and by chance it has a higher revision number, this can cause a catastrophe because the switch will replicate its vlan configuration to the other switches.

As mentioned above the revision number increases by one each time a vlan is created, deleted or renamed and always starts at 0 unless the vlan.dat file has been modified.

VTP operation modes

  • Server mode: They have full control over the creation and modification of VLANs in the domain. VTP information is received and propagated to the other switches in the domain. This is the default mode but the switch does not send advertisements until a domain name is configured. Each VTP domain must have at least one VTP server.
  • Client mode: Does not allow the creation, change or deletion of VLANs. Switches operating in this mode keep passively listening for VTP updates in order to synchronize their VLAN database. All information received is forwarded over the trunk links to its neighbors in the same domain, the switch acts as a VTP relay.
  • Transparent mode: Switches do not participate in VTP. While in transparent mode, a switch does not advertise its own VLAN configuration and does not synchronize its VLAN database with incoming advertisements. A switch configured in transparent mode can create, delete and modify VLANs, but the changes are not transmitted to other switches in the domain, they affect only the local switch.In VTP version 1, a switch in transparent mode does not relay VTP information it receives to other switches unless their domain names and revision numbers match those of the other switches.In VTP version 2, transparent switches forward VTP advertisements received from their trunk link ports, acting as a VTP relay. This occurs regardless of the VTP domain name configuration.
  • Off mode (disabled): Switches do not participate in VTP and do not forward VTP messages, only supported in version 3.

Versiones de VTP

Versión 1 and 2:

  • Version 1 is the default version used by Cisco switches.
  • Version 1 and 2 support the normal range of VLANs 1-1005.
  • A switch that operates on version 1, but supports version 2, will automatically upgrade to version 2.
    • If it detects a neighbor that is version 2.
    • If it detects a neighbor that is version 3.
  • Version 2 relays VTP messages and can support token ring.
  • It does not support propagation of private vlans.
  • Supports plaintext and MD5 passwords.
  • Ideal for propagating Multiple STP (MSTP) configuration on multiple switches automatically.

Commands to configure VTP v1 and 2:

Switch(config)# vtp domain <Domain_name>
Switch(config)# vtp password <Password>
Switch(config)# vtp version 1 | 2
Switch(config)# vtp mode server | client | transparent

Version 3:

  • Can propagate VLAN range 1-4094 (normal range + extended range).
  • Supports propagating Private Vlan
  • Support to propagate MST (802.1s) configuration information.
  • VTP password can be stored and encrypted so that it is not displayed in plain text.
  • Add the function of primary server and secondary server, this step is required. Unlike version 1 and 2 where all are servers. Only the primary server can make modifications to the VTP domain, the secondary server(s) cannot make modifications, only that it is promoted to be a primary server with the vtp primary command.
  • It must be configured manually, both the version and a domain name. The default domain is Null for all versions.
  • It is compatible with version 2.

Commands to configure VTP v3:

Switch(config)# vtp domain <Domain_name>
Switch(config)# vtp password <Password> [hidden|secret]
Switch(config)# vtp version 3
Switch(config)# vtp mode server | client | transparent| off
Switch# vtp primary

The assignment or promotion of a primary VTP server is done with the vtp primary command from privileged exec mode, the switch will prompt for the VTP domain password to compel the task.

Validate vtp status:

switch# show vtp status
VTP configuration such as domain, password, revision number are stored in vlan.dat file along with vlans (normal range only). Deleting the configuration file with the erase startup-config command will not remove the VTP configurations.
If we need to reset the revision number to 0, we can do it as follows:
  • Change the VTP mode to transparent and then back to Server mode.
  • Change the existing VTP domain to a fake name (bogus), any non-existing VTP domain and then back to the original VTP domain.
If what we need is to delete the vlan.dat file we do it like this:
Switch# delete vlan.dat

!Or we can indicate the disk where the file is stored
Switch# delete flash:/vlan.dat

At the end we restart the switch to apply the changes.

VTP Prunning

VTP prunning causes broadcast and multicast to only be sent over a trunk if the switch receiving these packets has a port within that VLAN.

It does not send broadcast or multicast traffic over a trunk where it is known that there is no equipment connected in that vlan on neighboring switches.

Enable prunning:

Switch(config)# vtp prunning
Switch(config)# interface type member/module/number
Switch(config-if)# switchport trunk pruning vlan [{{add|except|remove} vlan-list}|none]


Switch# show interface g0/1 pruning

The default eligible vlans in prunning is vlan 2 through vlan 1001.

Más información:


Leave a Comment

Your email address will not be published. Required fields are marked *