VTP stands for VLAN Trunking Protocol, it is an important protocol applied in a switched environment. After the configuration of VTP, all the switches in the administrative domain can be managed to allow VLAN information to be advertised automatically.
The main advantage VTP brings is that you can save the time to add or maintain individual VLANs on each switch. This increases the VLAN management efficiency dramatically. To implement VTP in a switched environment, there are 3 requirements:
- Trunk link between switches
- All the switches have the same VTP domain name
- All the switches have the same password
VTP is Cisco proprietary and has 3 versions:
- VTP version 1
- VTP version 2
- VTP version 3
VTP version 2: In Cisco IOS switches, VTPv1 is the default setting and it is similar to the VTPv2. VTPv2 supports a normal range of VLANs from VLAN 1 – VLAN 1005. VTPv2 has 3 modes:
- Server Mode
- Client Mode
- Transparent Mode
The switches which are in Server Mode are called Main Switches. Normally, you configure only one main switch in Server Mode. Its function is to manage the switched environment as adding or maintenance happens in the main switch. The Server Mode switch is able to advertise the modification to all other switch members in the same VTP domain. This enables the VLAN modifications to be applied to the respective VLAN in the same VTP domain.
Most switches in the VTP domain are in Client Mode. These switches are located in the same VTP domain and they listen to the same VTP advertisement from the main switch (Server Mode). They are able to update their own VLAN database according to the VTP advertisements revision number.
The switches in Transparent Mode is kind of Client Mode switches. The difference is that this mode doesn’t listen to the VTP advertisements and it doesn’t update the VLAN database. However, the Transparent Mode switches are able to add, delete and modify the VLAN database locally.
VTP version 3: Compared with VTP version 2, VTP version 3 is more secure and reliable. VTPv3 is able to support a VLAN ranges from VLAN 1006 to VLAN 4096.
Unlike VTPv2, VTPv3 has 2 roles in Server Mode:
- Primary Server Role
- Secondary Server Role
The Primary Server Role of VTPv3 retains all the features of VTPv2 Server Mode, it can modify VLANs and advertises the update to its switch members in the same domain. However, there is a restriction that in a VTP domain, only one switch can run the Server Mode. The Primary Server Role changes to Secondary Server Role when a switch is reloaded.
The Secondary Server Role of VTPv3 is not able to modify VLANs and their attributes. It is played as a back-up of the Primary Server Role switch and can be promoted to Primary Server Role when it is configured to be.
In summary, the existence of Primary Server Role and Secondary Role avoids the unintended VLAN changes to an extent. The reason is that there is only one switch can run Primary Server Role in the VTP domain. This Primary Server Role can be revoked and replaced by another switch in the same VTP domain.
In VTP version 3, password security is improved. The domain password is encrypted and stored. It is not able to be read like the plaintext in the VTP version 2. Another security improvement of VTPv3 is that the hidden authentication is supported.
To learn Cisco Certification