Configuring Cisco VTP

Virtual Trunking Protocol, known as VTP is used to share VLAN information from a server switch to multiple client switches. This makes VLAN management easier across multiple switches. This lab will discuss and demonstrate the configuration and verification of VTP.

Real World Application & Core Knowledge

One of the biggest hurdles traditionally with maintaining VLAN’s across multiple switches is the fact that you’d have to add/remove and manage VLAN’s on each switch independently. VLAN Trunking Protocol, also known as VTP is a technology that allows for the propagation of VLAN’s from a single switch to multiple switches in a Server-Client fashion. In this lab you’ll dive into configuring VTP Server and VTP Client mode to propagate VLAN’s from a single switch to multiple switches.

In the world of VTP, the VTP Server is the centralized point of management in the network for VLAN propagation. Whenever you create a new VLAN on the VTP Server, this VLAN will automatically be propagated to the switches in the same VTP Domain. Think of a VTP Domain as a single autonomous system, or a single collection of switches that share the same VLAN’s. For example you have a large campus building in a University network. This building in the three tier design model will have an access and distribution core. The VTP Server in this design would be the distribution switch. In most cases, the VTP server would be a chassis switch or a switch stack to provide redundancy to access switches.

Creating a VLAN on the distribution switch will allow for all access switches to access other access switches on different floors of the building on the same VLAN, this eliminates the need to create the vlan on 3 separate switches, the distribution, and both access switches in the given example.

In large enterprise networks VTPv2 can be used in the campus core as VTPv2 can only propagate up to 1005 VLAN’s, however once you hit the VTP VLAN ceiling you’d be required to migrate to VTP Version 3 to allow for the propagation of 4095 VLAN’s.

There are three VTP Versions currently; VTP Version 3 which is quite new provides major advantages over versions one and two.

VTP Version 1 was the initial release of this technology gives you the ability to configure the switch as a VTP Server, VTP Client, VTP Transparent Switch (will be discussed in Lab 4-11) and on CatOS switches, VTP Mode OFF which completely disables VTP.

VTP Version 2 is not to much different from v1 however VTPv2 includes the support for token ring VLAN’s and VTP Pruning. If neither of these features are required in a network then there is no need to upgrade from version one to version two.

VTP Version 3 on the other hand has significant advantages over its predecessors, two of the most beneficial features to modern networks is that VTP v3 supports the entire IEEE VLAN Range 1-4095 and also the ability to propagate Private VLAN information. VTP v3 also gives better administrative control over the VTP domain by allowing you to configure which devices can update other devices view of the VLAN topology. You now have the option to turn VTP on or off on a per trunk basis and now the VTP server has a primary and backup VTP server.

Now take a step back for a second and ask yourself what happens if someone else plugs a switch into the network with the same VTP domain and a higher revision of the database and completely different VLAN information. The answer is quite simple, you’re network goes into the bit bucket as your VLAN’s on all switches change, some get removed, new ones added and so on. When a VLAN is removed on a switch and ports are in that specific VLAN, those ports get shutdown. All in all, if this happens on your watch and its your fault you better update your resume.

But don’t worry, there is hope!! With the a VTP Password, you can prevent unwanted VTP server switches in the network. By using a VTP password switches can only be a client of a VTP Server if the passwords match.

VTP Domains can be unique to location but there is one domain name that is special; VTP Domain: NULL, this domain name basically is no domain name, its blank and is represented as the domain name NULL. However when it is changed you cannot change it back to NULL.

In this lab you will familiarize yourself with the following commands;

Command Description
vtp mode server This command is executed in global configuration mode and sets the switch as a VTP Server. This is the default VTP mode for a new switch with the VTP domain set to NULL
vtp mode client This command is executed in global configuration mode and sets the switch as a VTP client which learns its VLAN information from the VTP Server in its specified VTP Domain.
vtp domain domainname This command is executed in global configuration mode and sets the VTP domain of a device.
vtp version i This command is executed in global configuration mode and sets the VTP Version of the device.
vtp password password This command is executed in global configuration mode and sets the VTP password to prevent unauthorized VTP Servers and/or Clients in a particular VTP Domain.
show vtp password This command can only be executed in privileged mode and displays the current VTP Password.
show vtp status This command can be executed from user or privileged mode to view the current VTP configuration such as VTP mode, Domain, Version, Pruning and more.
The Free CCNA Workbook CCNA GNS3 topology uses the NM-16ESW in a Cisco 3640 series switch. The commands listed above must be executed in VLAN Database configuration mode and will slightly vary. Be sure to use the context sensitive help.

Lab Prerequisites

  • If you are using GNS3 than load the Free CCNA Workbook GNS3 topology than start devices; SW1, SW2 and SW3.
  • Establish a console session with devices SW1, SW2 and SW3 than configure the devices respected hostname(s).
  • Shutdown interfaces Fa0/13, Fa0/14 and Fa0/15 on SW2 and SW3.
  • Configure interfaces Fa0/10, Fa0/11 and Fa0/12 on both SW1 and SW2 in an EtherChannel. Use channel-group number 1 and configure the channel group to trunk.
  • Configure interfaces Fa0/13, Fa0/14 and Fa0/15 on SW1 and interfaces Fa0/10, Fa0/11 and Fa0/12 on SW3 in an EtherChannel. Use channel-group number 2 and configure the channel group to trunk.

Lab Objectives

  • Configure SW1 as the VTP Server and configure SW2 and SW3 as VTP Clients. Set the VTP Domain name to CISCO on all three switches.
  • Configure VLAN 10 with the name Development on the VTP Server and verify that it propagates to SW2 and SW3 properly.
  • Set the VTP Version to v2 and secure the VTP Domain by using the password Cisco$123. Verify your configuration.

 

The instructional section of this lab is demonstrated using three Cisco Catalyst 3560 Series switches.

Lab Instruction

Step 1. – Configure SW1 as the VTP Server and configure SW2 and SW3 as VTP Clients. Set the VTP Domain name to CISCO on all three switches.

Configuring the VTP Mode and VTP Domain are done by the use of the vtp mode modetype and the vtp domain domainname as shown below; Keep in mind when setting the VTP Domain, this must be set prior to the VTP mode if you are setting the VTP domain on a client switch. If you need to change the VTP domain you must set it to transparent then change the name and/or password then set the switch back to VTP mode client.

SW1 con0 is now available



Press RETURN to get started.



SW1>enable
SW1#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
SW1(config)#vtp mode server
Device mode already VTP SERVER.
SW1(config)#vtp domain CISCO
Changing VTP domain name from NULL to CISCO
SW1(config)#

SW2 con0 is now available



Press RETURN to get started.



SW2>enable
SW2#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
SW2(config)#vtp domain CISCO
Domain name already set to CISCO.
SW2(config)#vtp mode client
Setting device to VTP CLIENT mode.
SW2(config)#

SW3 con0 is now available



Press RETURN to get started.



SW3>enable
SW3#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
SW3(config)#vtp domain CISCO
Domain name already set to CISCO.
SW3(config)#vtp mode client
Setting device to VTP CLIENT mode.
SW3(config)#

Step 2. – Configure VLAN 10 with the name Development on the VTP Server and verify that it propagates to SW2 and SW3 properly.

To complete this objective you need to create the VLAN on the VTP Server, which in this case is SW1. Create the VLAN as you would any other VLAN on a Cisco Catalyst Series switch as shown below;

SW1(config)#vlan 10
SW1(config-vlan)#name Development
SW1(config-vlan)#end
SW1#

Now verify that the VLAN is being propagated properly by using the show vlan on SW2 and SW3 as shown below;

SW2(config)#end
SW2#show vlan
%SYS-5-CONFIG_I: Configured from console by console
SW2#show vlan

VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
1    default                          active    Fa0/1, Fa0/2, Fa0/3, Fa0/4
                                                Fa0/5, Fa0/6, Fa0/7, Fa0/8
                                                Fa0/9, Fa0/13, Fa0/14, Fa0/15
                                                Fa0/16, Fa0/17, Fa0/18, Fa0/19
                                                Fa0/20, Fa0/21, Fa0/22, Fa0/23
                                                Fa0/24, Gi0/1, Gi0/2
10   Development                      active    
1002 fddi-default                     act/unsup 
1003 token-ring-default               act/unsup 
1004 fddinet-default                  act/unsup 
1005 trnet-default                    act/unsup 

VLAN Type  SAID       MTU   Parent RingNo BridgeNo Stp  BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
1    enet  100001     1500  -      -      -        -    -        0      0   
10   enet  100010     1500  -      -      -        -    -        0      0   
1002 fddi  101002     1500  -      -      -        -    -        0      0   
1003 tr    101003     1500  -      -      -        -    srb      0      0   
1004 fdnet 101004     1500  -      -      -        ieee -        0      0   
1005 trnet 101005     1500  -      -      -        ibm  -        0      0   
          
Remote SPAN VLANs
------------------------------------------------------------------------------


Primary Secondary Type              Ports
------- --------- ----------------- ------------------------------------------

SW2#

SW3(config)#end
SW3#show vlan

VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
1    default                          active    Fa0/1, Fa0/2, Fa0/3, Fa0/4
                                                Fa0/5, Fa0/6, Fa0/7, Fa0/8
                                                Fa0/9, Fa0/13, Fa0/14, Fa0/15
                                                Fa0/16, Fa0/17, Fa0/18, Fa0/19
                                                Fa0/20, Fa0/21, Fa0/22, Fa0/23
                                                Fa0/24, Gi0/1, Gi0/2
10   Development                      active    
1002 fddi-default                     act/unsup 
1003 token-ring-default               act/unsup 
1004 fddinet-default                  act/unsup 
1005 trnet-default                    act/unsup 

VLAN Type  SAID       MTU   Parent RingNo BridgeNo Stp  BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
1    enet  100001     1500  -      -      -        -    -        0      0   
10   enet  100010     1500  -      -      -        -    -        0      0   
1002 fddi  101002     1500  -      -      -        -    -        0      0   
1003 tr    101003     1500  -      -      -        -    srb      0      0   
1004 fdnet 101004     1500  -      -      -        ieee -        0      0   
1005 trnet 101005     1500  -      -      -        ibm  -        0      0   
          
Remote SPAN VLANs
------------------------------------------------------------------------------


Primary Secondary Type              Ports
------- --------- ----------------- ------------------------------------------

SW3#

Step 3. – Set the VTP Version to v2 and secure the VTP Domain by using the password Cisco$123. Verify your configuration.

To set the VTP version to v2, you execute the vtp version 2 command on the VTP Server switch, this setting is propagated to all switches in the VTP domain.

To set the VTP password, use the vtp password passwordgoeshere command in global configuration mode as shown below;

SW1#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
SW1(config)#vtp version 2
SW1(config)#vtp password Cisco$123
Setting device VLAN database password to Cisco$123
SW1(config)#end
SW1#

SW2#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
SW2(config)#vtp password Cisco$123
Setting device VLAN database password to Cisco$123
SW2(config)#end
SW2#

SW3#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
SW3(config)#vtp password Cisco$123
Setting device VLAN database password to Cisco$123
SW3(config)#end
SW3#

To verify the VTP version mode use the show vtp status command in user or privileged mode as shown below;

SW2#show vtp status
VTP Version                     : running VTP2
Configuration Revision          : 3
Maximum VLANs supported locally : 1005
Number of existing VLANs        : 6
VTP Operating Mode              : Client
VTP Domain Name                 : CISCO
VTP Pruning Mode                : Disabled
VTP V2 Mode                     : Enabled
VTP Traps Generation            : Disabled
MD5 digest                      : 0x96 0xF1 0x2F 0xDD 0x5F 0x1F 0x37 0x53 
Configuration last modified by 192.168.255.1 at 3-2-93 15:11:27
SW2#

To verify the VTP Password you must use the show vtp password command in privileged mode only as shown below;

SW2#show vtp password
VTP Password: Cisco$123
SW2#
◄ Previous Lab
Next Lab ►