VLAN Trunking Protocol (VTP)

«« Previous
Next »»

VLAN Trunking Protocol (VTP) was developed by Cisco to reduce VLAN administration effort in a switched network, making it a Cisco proprietary protocol. The comparable IEEE standard in use by other manufacturers is GARP VLAN Registration Protocol (GVRP), and more recently Multiple VLAN Registration Protocol (MVRP). As you know by now, there are two important tasks to be performed when creating VLANs in a switched network: creating VLANs and assigning switch ports to VLANs. The first task requires the network administrator to define all the VLANs on each switch in a switched network. If performed manually by logging into each switch, this can be a tedious task on a large network involving a large number of switches and is also prone to error. VLANs can be created on only a single switch and this VLAN information is propagated through VTP messages to all switches in the network. This not only greatly reduces the effort involved but also minimizes the chance of an error. VTP allows you to add, delete, and rename VLANs on a single switch and this information is then propagated to all other switches in the VTP domain.

On a side note, the name VLAN Trunking Protocol (VTP) may be a bit misleading as the protocol does not have much to do with trunking. VTP just makes it easier to define VLANs by doing it on one central switch and propagating that information to the whole switched network through VTP messages.  In this manner, VTP allows for more consistent VLAN configuration, and accurate tracking and monitoring of VLANs by central administration. In other words, a switch can only share VLAN information with other switches over VTP if they are configured into the same VTP domain. VTP information is sent only over trunk ports whereas no VTP information is sent over access ports. Switches not only advertise all known VLANs with any specific parameters but also VTP management domain information and configuration revision number.

VTP Modes of Operation


A switch can operate in one of three different modes of operation within a VTP domain:

Server: This is the default mode on all Cisco Catalyst switches. The switch in VTP server mode is needed to propagate VLAN information throughout the VTP domain. Also, a switch must be in VTP server mode to be able to create, modify, and delete VLANs. VTP information should be changed on the switch operating in server mode and any change made to a switch in server mode will be propagated throughout the VTP domain via VTP advertisements forwarded on trunks. Also, VLAN configurations are saved in NVRAM for switch in VTP server mode.

Client: A switch in VTP client mode receives information from VTP servers, but it also sends and receives VTP updates just like VTP servers. But, in contrast to VTP server, a VTP client cannot create, modify, or delete VLANs. Also, you cannot assign a port on a VTP client to a VLAN before the VTP server notifies the client of the new VLAN. Also, a VTP client does not store the VLAN information it receives from a VTP server in NVRAM. This means that if the switch loses power or is reloaded, the VLAN information it has learnt would be gone and it would have to re-learn the information from a VTP server. So basically, switches that are in VTP client mode will just learn and pass along VTP information.

Transparent: Switches in VTP transparent mode receive VTP advertisements and forwards them over any configured trunk links, but that’s all. They do not update their own VLAN database with the VTP information they receive and pass along. Also, they can crate, modify, and delete VLANs in their own VLAN database but this database is kept isolated from the rest of the VTP domain and is not advertised at all. Practically, switches in VTP transparent mode do not participate in the VTP domain and act just as relay agents receiving VTP advertisements and passing them along. The utility of VTP transparent mode is to enable VTP servers and clients synchronise their VLAN databases even if they are connected via switches that are not supposed to have the same VLANs.

A switch can be configured in VTP transparent mode to receive and forward VTP information through trunk ports but not to update their VLAN databse. In other words, switches in transport mode only relay VTP information without updating their own VLAN databases.

Exam Concept:  Typically you will see questions on the CCNA exam about VTP modes.  Know that a switch has to be in VTP server or transparent mode in order to make any VLAN changes locally.

VTP Domains: Cisco switches participating in VLAN Trunking Protocol (VTP) are organized into management domains, or areas with similar VLAN requirements. A switch can be part of one and only one VTP domain and can share VLAN information with other switches in the same domain. Switches in different VTP domains do not share VTP information. If a switch receives a VTP advertisement from a switch in a different VTP domain, it will ignore such advertisement. Mismatched VTP domain names are a common cause why all switches in your network do not share VLAN information and should be one of the first things you should check when troubleshooting VTP issues.

The concept of a VTP management domain is somewhat analogous to the concept of autnomous system (AS) in Border Gateway Protocol (BGP). A switch can belong to only one VTP domain just like a BGP router can belong to a single AS.

Exam Concept – You will see a CCNA exam question asking what happens if a switch receives a VTP advertisement with a different management domain name.  Know it simply ignores such an advertisement.

Switches in a VTP domain advertise several attributes to their VTP domain neighbors. Each advertisement contains several parameters including VTP management domain, VTP revision number, known VLANs, and specific VLAN parameters. When a new VLAN is added to a switch in a VTP domain, other switches are notified of the new VLAN through VTP advertisements. In this way, all switches in a domain can prepare to receive traffic on their trunk ports using the new VLAN.

VTP Advertisements: The VLAN Trunking Protocol (VTP) uses Layer 2 frames to communicate VLAN information among a group of switches. These special frames are sent only out trunk links leading to neighboring switches. Each VTP advertisement contains a VTP header and a VTP message. The format of the VTP header can vary, based on the type of VTP message, but all VTP packets contain these fields in the header:

◈ VTP protocol version: 1, 2, or 3
◈ VTP message type
◈ VTP management domain name length
◈ VTP management domain name
◈ VTP configuration revision number

In addition to these parameters, each Cisco switch participating in VTP also advertises VLANs and VLAN parameters on its trunk ports to notify other switches in the domain. VTP advertisements are sent as multicast frames out trunk links. The receiving switch intercepts frames sent to the VTP multicast address and processes them.

VTP switches use an index called the VTP configuration revision number to keep track of the most recent VLAN information. Each switch participating in a VTP domain stores the configuration revision number that is last heard from a VTP advertisement. The VTP advertisement process always starts with configuration revision number zero (0). When subsequent changes are made on a VTP server, like addition or deletion of VLANs, the revision number is incremented before the advertisements are sent. When listening switches in the same domain receive an advertisement with a greater revision number than is stored locally, the advertisement overwrites any stored VLAN information. Because of this, it is very important to always force any newly added network switches to have revision number 0 before being attached to the network. Otherwise, a switch might have stored a revision number that is greater than the value currently in use in the domain, and all existing VLAN information in the domain might inadvertantly be overwritten.

VTP Message Types         


There are three types of VTP messages:

1. Summary Advertisements           

By default, Cisco switches issue summary advertisements at five minute intervals. Summary advertisements inform adjacent switches of the current VTP domain name and the configuration revision number. When a switch receives a summary advertisement frame, it compares the VTP domain name to its own VTP domain name. If the name is different, the switch simply ignores the packet. If the name is the same, the switch then compares the configuration revision to its own revision. If its own configuration revision is higher or equal, the packet is ignored. If it is lower, an advertisement request is sent.

2. Subset Advertisement      

When we add, delete, or modify a VLAN in a Cisco switch, the VTP server where changes are made increments the configuration revision number and issues a summary advertisement. One or several subset advertisements follow the summary advertisement. A subset advertisement contains a list of VLAN information. If there are several VLANs, more than one subset advertisement can be required to advertise all VLANs.

3. Advertisement Requests             

A switch needs a VTP advertisement request when the switch has been reset, the VTP domain name has been changed, or the switch has received a VTP summary advertisement with a higher configuration revision number than its own. Upon receiving an advertisement request, a VTP switch sends a summary advertisement. One or more subset advertisements also follow the summary advertisements.

Exam Concept – It is likely to see on the CCNA exam a question regarding VTP revision numbers.  Know this concept! 

VTP Password

If a password is configured for VTP, it must be configured on all switches in the VTP domain. The password is case sensitive and must be the same on all switches in the VTP management domain. The VTP password gets converted into a 16-byte value by the MD5 hashing algorithm and is carried in all summary-advertisement VTP packets.

Please keep in mind that VTP domain name and password are both case sensitive, so CertificationKits and certificationkits are different VTP domain names. A switch accepts VLAN information only from switches in its own domain. In large switched networks, you should consider dividing the network into multiple VTP domains. Dividing the network into multiple domains reduces the amount of VLAN information each switch must maintain. VTP domains are loosely analogous to autonomous systems in a routed network where a group of routers share common administrative policies. Multiple VTP domains are recommended only on large networks. On small and medium-sized networks, a single VTP domain is sufficient and infact more desirable as it minimizes problems.

As you already know the full range of VLANs is 1 to 4094, where normal-range VLANs have VLAN IDs 1 to 1005, and extended-range VLANs have VLAN IDs 1006 to 4094. VTP only propagates normal-range VLANs and a switch must be in VTP transparent mode when you create extended-range VLANs. Also, VLAN IDs 1 and 1002 to 1005 are automatically created on all Cisco Catalyst switches and cannot be removed.

VTP Pruning

Switches are intelligent devices as they try to learn which MAC addresses are connected to which switch ports by passively gleaning source MAC addresses from user frames. A host connected to a switch port must send at least one frame before the switch can learn its MAC address and associate it with its switch port in the MAC address table. MAC address table is a local database maintained by switches to map MAC addresses of connected hosts to their switch ports. But unknown unicasts, or unicasts to destination MAC addresses that the switch has not yet learned are treated just as broadcasts.  Thus unknown unicasts are forwarded out all switch ports other than the one on which they are received. As such these unknown unicasts reach all corners of a large switched network even to those switches which do not have any ports assigned to the VLAN. The same applies to broadcasts which are propagated to all switches in the network even if they don’t have any ports assigned to the VLAN. This is not an efficient use of available bandwidth, but fortunately VTP provides a way to preserve bandwidth by configuring it to reduce the volume of broadcasts, multicasts, and unknown unicast frames. This is called pruning which literally means cutting away dead or overgrown branches or stems from a tree, shrub, or bush. VTP pruning enables a switched network to send unknown unicasts, multicasts, and broadcasts to only those trunk links that actually have some ports downstream that may need that information. For example, if Switch 1 does not have any ports assigned to VLAN 100 and a broadcast is sent throughout VLAN 100, that broadcast would not traverse the trunk links connected to Switch 1. By default, VTP pruning is disabled on all switches.

«« Previous
Next »»

0 comments:

Post a Comment