VTP Theory

                       Now we talked bit about Vlans and Trunks, let’s imagine that we have a topology that looks like when we see on picture.

                     We have got 5 Switches that are interconnected like you see here with Trunks and let’s imagine that we using Dot1Q Trunks and what we want to do is add a New Vlan, let’s imagine that there is a new Department and we need to add a Vlan for that new Department and let’s imagine all these Switches are in the same building, what we could do is, we can go to each Switch, we can go to Switch1 and say “you have a new Vlan and that new Vlan is 300”.

                      Then we could go to the next Switch and say “you have new Vlan of 300”,then we could go to next, next and next, we could go to each Switch individually and say “you got a new Vlan” that’s solution of we think about it doesn’t scale very well, if we have to visit every Single Switch that could be a lot of administrative overhead if we wanted to add or delete or change Vlan.

                     But the good news is if we do have a topology like this, we can take advantage of something called VTP, “The Vlan Trunking Protocol”, be careful don’t be thrown off by name, the name of Vlan Trunking Protocol makes it sound like here is the protocol that does Trunking you really doesn’t, if i could name this Protocol, i would called it “The Vlan Advertisement Protocol” because that what it does, it advertises Vlan information.

                      Let’s go back to scenario where we want to create Vlan 300 on all of the Switches what we can do with VTP is create Vlan 300 on Switch1 and then we could send VTP advertisements down to our neighboring Switches.

                        But, please keep in mind that this Advertisements has to be over Trunks links maybe that’s why it’s called Vlan Trunking Protocol because it flows over Trunks links and when the Switches in the middle get these Advertisements, they could now say “hey! we have got a new Vlan”, Switch2 now has a Vlan of 300 and Switch3 it also has a newly created Vlan in its local Vlan database on of 300.

                      And these Switches on the middle that received the VTP Advertisements they could send VTP Advertisements out of their other Trunks Port, letting the Switches on the bottom know that they now have a new Vlan, Switch4 has a Vlan of 300 and Switch5 it also has a newly created Vlan of 300.

                      Now every Switch in this topology knows about Vlan 300, it’s added to the Vlan Database of each of these Switches and we only had to edit to one Switch which dramatically cuts down on the Administrative overhead of going to each Switch individually, that’s the broad overview of what VTP can do for us, but obesely there are many options we can configure for example, we might want to ask the design question, if we want to use VTP amongst these Switches, do i want to able to go to any of these Switches and add or delete or rename of Vlan or should it be just one or more select Switches.

                       If we do not want a particular Switch to be able to create and modify or delete Vlan, let’s say Switch4, we can go it and say “you are operating a Client mode”.

                    A Client Mode Switch can update its database and response to VTP Advertisement that it receives and if it does receive VTP Advertisement it will still have forwarded on out of its other Trunk Ports, but we cannot administratively connect to that Switch and say “we want to create a Vlan, we want to delete a Vlan and we want to rename the Vlan”.

                   No, Client mode Switch it’s Vlan database only gets updated based on Advertisements that it received and again it can forward those Advertisement on, they don’t terminate on the Client Switch and in addition to having Client mode, we also have a Server mode.

                 Let’s imagine that this Switch1 is running in a Server mode and the Switch that operating in VTP Server mode can create modify and delete a Vlan locally and that change will be propagated over Trunk links to neighboring Switches and if it receives a VTP advertisements maybe from another Server, Yes we can have multiple Servers on our topology that perfectly fine, if it receives a VTP advertisements it’s gonna forwarded on out of its other Trunks Ports and like we said, we can have multiple Server in a topology, we can have multiple Client as well.

                       Let’s imagine that this Switch2 is another Server mode Switch, this Switch5 is a Client Mode Switch but there is one other option we not yet mentioned and it’s a Transparent Mode Switch.

                      A Transparent Mode Switch can create modify or delete Vlans in its local database, when we make a change to a Transparent Mode Switch that change is not advertised to other Switches. What happened when a Transparent Mode Switch receives a VTP Advertisement?

                 As you might guess that Transparent Mode Switch does not update its database based on that advertisement, changes to a Transparent Mode Switches Vlan databases can allow, we made locally on that Switch but just because the Transparent Mode doesn’t make an update based on received VTP advertisement, that doesn’t prevented from sending the Advertisement out of its other Trunk Port, so that other Switches in the topology like the Client Switch5 can get that advertisement and make update to its database based on that Advertisement.

                 So, sum up Transparent Mode operation we not trying to block VTP Advertisements if we received one we can forward it on, what we trying to do is make sure that this Switch3 doesn’t get its Vlan database updated based on those VTP advertisements.

                Well allowing an administrator to connect to that Switch and make updates, make changes to that Vlan database locally on that Switch, now our next session we gonna be taking a look at the Configuration of VTP but before we get into that, couple of other thing we want to do on this session, i want to show you a side by side comparison of these 3 different VTP modes and also wanna you to walk through a sample VTP scenario on whiteboard to see how things should work, then in our next session we go out and see how to actually configure VTP but for now let’s do.

                        Here on Picture, we can see those 3 different Modes of VTP operation that we talked about, let’s begin by talking bit about the Server mode if we have a Switch that is, in a Server mode then we can connect to that Switch(maybe we do a SSH Telnet connection or maybe we connect to the console) but once we administratively connected to that Switch, we can then create a Vlan on that Switch have added to that Switches Vlan database, delete a Vlan from that Switches Vlan database or modify the existing Vlan and we already mentioned that we can have more than 1 Server and if One Server receives a VTP advertisement from a another Server it can make an update based on that VTP advertisements and if it does receive VTP advertisement from another Server in the network it can forward that VTP advertisement out to other Switches.

                         Remembering that these VTP advertisement only flow over Trunk links and in addition to forwarding VTP messages that Server receives, it can also originate VTP advertisements, let’s say that we make a change on a Switch that’s configured in a Server Mode and it sends that Advertisement out to a neighboring Switch, that neighboring Switch is gonna take a look that Advertisement and say “ok!  let me compare this Advertisement with the context of my Vlan Database” let see

Ø  Which version of Vlan information seems to be most up to date?

Ø  is it the VTP Advertisement or it’s my Local Database?

Ø  How does a Switch determinate if one Vlan databases is more up to date then another Vlan Database?

                           Well every time we make a change to our Vlan database on a Server Mode Switch it’s going to increment a number, it’s called the “Configuration Revision Number”

Ø  And if we add a Vlan, that’s adds 1 to whatever the Current Configuration Revision Number is
Ø   If we change the name of Vlan, it’s gonna increment that by another 1
Ø   If we delete the Vlan, it gets increment again by 1

               And when Switch receives a VTP advertisement it’s going to compare the “Configuration Revision number of that Advertisements” with the “Configuration Revision Number of its local Vlan database”, whichever number is higher that’s the one, it’s gonna be believed, that’s considered to be a most Authoritative and that’s the version of the Vlan Database we go with.

                 If we have a Switch that’s running in a Client mode, we cannot connect to that Switch and make any changes to our Vlan database locally, we cannot create, modify and delete a Vlan but that Switch does have a Vlan database and it can update its database based on received Advertisements and if it receives a VTP Advertisement it can forward that out its other Trunk Ports to neighboring Switches and here something that not as obvious.

                 The Client Mode Switch can originate a VTP advertisement, it’s gonna be telling its neighboring Switches “hey guys! This is what my Vlan database look like”, even though we don’t make modification locally to that Client Mode Switch, it can still send out its version of the Vlan database, let me give you example, let say that.

                       I purchase a new Switch and i had that Switch sitting on my desk, i am doing some experiments maybe i updated the Cisco iOS version on it, i have been adding some Vlans and deleting some of and it’s been Server mode that time, and every time i made a change it incremented the Configuration Revision Number.

                     Well now let say it’s time to added it to a Network and i say, we gonna set this to Client Mode and i set it to Client Mode but that doesn’t reset the Configuration Revision Number, i added to the network that Client Mode Switch is gonna advertise its version of the Vlan database to the other Switches and if based on the changes i have been making locally, the Switch sitting up my desk, if those changes caused the Configuration Revision number to be higher than the Configuration Revision number that all the Switches currently have, guess they gonna believe, they gonna believe my newly added Switch and we could accidently blow away the correct Vlan Database for all of the other Switches.

                 But coming up i am gonna give you some recommendations about how to safely add a Switch to your Network and our final mode of VTP Operation is Transparent Mode.

              On a Transparent mode Switch we can create, modify and delete Vlans but those changes only going to apply to that Switches Vlan database, those changes do not get advertised to anyone else, and if this Transparent mode Switch receives a VTP advertisements it can forwarded on to other Switches, it’s not trying to block VTP advertisement with a  Transparent Mode Switch but the Transparent Mode Switch is going to ignore that Advertisements, another words, “it’s not going to update its local database based on the context of that advertisement”, in even though it can forward VTP messages it’s not going to originate any of those Advertisements and now we go this clear understanding of these different VTP Modes, let’s go back to that topology that we were looking at few movement ago and walk through an example of what’s happening in background with VTP when we go to a Switch and add a Vlan?

                       Going back to our topology from earlier let’s assigned some different Modes of these Switches, let’s say that the Switch1 is in Server Mode and we say this Switch2 is Server Mode Switch, we make the Switch3 is Transparent Mode and lets also make the Switch4 in a Transparent Mode and we will through on Client as well, let say the Switch5 in a Client Mode.

                      To begin with the Configuration Revision Number of this topology is 10, and we make a change, we go to one of the Servers not the Client, we go to one of the Servers and we just use the Switch1 Server and we say “We going to add vlan 300”, when we do that on the Server Mode Switch, it’s going to go head and update its Local Vlan Database to add that Vlan and its Configuration Revision Number, abbreviated that CRN, it’s Configuration Revision Number now goes from a 10 to an 11.

                     And it’s gonna send VTP advertisements out its Trunk Ports to its neighboring Switches, what happened when this Switch2, this Server mode Switch2 gets that VTP Advertisement, let’s gonna look advertisement and say
Ø  How does the Configuration Revision Number of that Advertisement compare to the Configuration Revision Number of my Vlan Database?

                    And its gonna say “Oh! the Advertisement is an 11, my Local Database is 10”, i am going to believe the Advertisement and i am going to create Vlan 300 and my local Vlan Database, it’s also going to forward that Vlan Advertisement out all of its other Trunk Ports.

Ø  Which is gonna takes it down to this Switch4 Transparent Mode Switch

Ø  What happens when this Advertisement reaches to Switch3 Transparent Mode Switch?

                      Well in its Transparent Mode meaning that it’s not going to update its Local Database based on that Advertisement, however it will forwarded it out it’s gonna send it down to Switch5 Client Mode Switch.

                    Now what happens with Switch4 Transparent Mode Switch, same thing is the other Transparent Mode Switch, the advertisement is going to be ignored but the Client Mode Switch gonna say “who has the highest Configuration Revision Number”, the VTP Advertisements or my Local Vlan Database, it concludes that the Advertisements is higher, it’s got an 11, Switch5 Client Mode Switch it will also install a Vlan of 300 in its Local Vlan Database.

                Now the entire Switches in topology has gone from Configuration Revision Number of 10 to an 11, we say that synchronization is now complete and this is gonna be our study state until another change is made in the topology.

               And by the way, when we made this change on that Switch1 that change, that update sends out immediately, we didn’t wait for some timers where we say we gonna send VTP Advertisement in some seconds, now when the change is made that change gets advertised immediately.

               However, be aware that VTP is going to send out a VTP message every five minutes but this periodic VTP message doesn’t contain the flow of Vlan database information, it shot of light weight version of that it’s gonna contain things like
Ø  The VTP domain name
Ø  It will contain the Configuration Revision Number and some information like that but

                  it’s not gonna contain everything, it’s not gonna put big bandwidth impact on the network and we gonna take a look at Configuration of VTP in our next session but here something that we have to be place in order for VTP to work, in order for Switches to exchange information via VTP
Ø  They need to be in the same VTP Domain

                   The Domain need to be match and please be aware that this domain is Case-Sensitive name and it’s gonna match on our neighboring Switch in order for updates to be made and we already mentioned, we have to have Trunk links in a place,
Ø  VTP advertisements only flow over Trunk links, they not gonna be send out be Access Port and optionally,
Ø  We can add Passwords

                  We can have the same password on neighboring Switches to allow them to exchange VTP information and prevent somebody from intentionally or accidentally introducing a Switch on the Network that might blow away to existing Vlan database on all our Switches and also want you to know about the different VTP Versions.

                  They are currently 3 different Versions of VTP as Version1, Version2 and Version3, let’s talk about few of the differences between these different versions of VTP, first of all between Version 1 and Version 2, here is the difference in Version 1 if we had a Switch set to Transparent mode, it would actually take a look at the VTP message that it received before it would forwarded out other Trunk ports on that Switch
Ø  It would check to make sure that the domain name matched
Ø  It would make sure that the VTP version matched and

                 it would only forward that VTP advertisement if those things matched and many people would say, that is not what would we want a Transparent Mode Switch to do, we would want a Transparent Mode Switch to truly be Transparent and not do those checks.

                    Well VTP version 2 does Transparently forward on VTP Advertisements without checking the Domain Name in the Version, which is what VTP Version 1 did, and one other difference Between Versions 1 and 2 is that, Version2 added a support for Token ring Lan Switching and Token ring Vlan’s, we don’t see that much anymore but back in the days Cisco did have a Catalyst Switches that supported Token ring but differences did Version 3 bring.

                  Well version 3 allowed an additional Vlan numbers to be Advertised to be a VTP, this specifically number in a range of 1017 through 4094, and something interested that Version 2 does, if i plugin a Brand-new Cisco Catalyst Switch to the network and i have not gone through statically set the VTP Domain Name, with Version 2 it would see a VTP message coming from a neighboring Switch and it would automatically update its Domain Name based on the Advertisement that it receives, that seems like bit of a Security issue

                 Well VTP Version 3 forced you to do manual Configuration of your VTP domain and that’s one Security enhancement but VTP Version 3 also does a better job of a securing the VTP domain password, if you set the one of those up, and VTP version 3 also makes a fundamental change in, how Vlan database information has propagated even though we could have multiple Servers in our Switch topology, there gonna be one and only one Primary Server in a VTP domain and only that primary Server is able to make updates to other devices, and one other thing that VTP Version 3 brings to the Table is support for MST, that’s the Version of Spanning Tree Protocol that allows us to do defined different instances of Spanning Tree and we can say that these Vlans belongs to this instance of Spanning Tree and these other Vlans belongs to other instance of Spanning Tree VTP Version 3 supports that, and one of feature i want to aware that before we go out and start doing the Configuration and is VTP Pruning.

                       Let’s say that on the Switch1 we had Vlans 100,200 and 300 but of this Switch5 as an example, let say we had couple of Laptops and the Laptop1 it belonged to Vlan 100, and the Laptop2 belong to Vlan 200

                      But nowhere on the Switch, to i have nobody belongs to Vlan 300 but remember that a Trunk by default is going to forward traffic for all of the Vlan’s across that Trunk and we talked about how we could administratively create a list of allowed Vlans over a Trunk but that’s extra administrative work to do that, would it be great though that Switch5 could say “i don’t have anybody belonging to Vlan 300”, so don’t send me any Vlan 300 traffic over this Trunk, that’s one of this thing that VTP can do for us if there is no Vlan 300 traffic needed if we have VTP Pruning enabled for that Trunk, we can dynamically Prun off unneeded Vlans, that’s the theory of VTP, now let see how to set it up in our next session.      

Click Here To Download The PDF File

                     If You Like the Post. Don’t forget 

            to “Subscribe/Share/Comment”. Thank You.