Virtual Trunking Protocol, known as VTP is used to share VLAN information from a server switch to multiple client switches. This makes VLAN management easier across multiple switches. This lab will discuss and demonstrate the configuration and verification of VTP.
One of the biggest hurdles traditionally with maintaining VLAN’s across multiple switches is the fact that you’d have to add/remove and manage VLAN’s on each switch independently. VLAN Trunking Protocol, also known as VTP is a technology that allows for the propagation of VLAN’s from a single switch to multiple switches in a Server-Client fashion. In this lab you’ll dive into configuring VTP Server and VTP Client mode to propagate VLAN’s from a single switch to multiple switches.
In the world of VTP, the VTP Server is the centralized point of management in the network for VLAN propagation. Whenever you create a new VLAN on the VTP Server, this VLAN will automatically be propagated to the switches in the same VTP Domain. Think of a VTP Domain as a single autonomous system, or a single collection of switches that share the same VLAN’s. For example you have a large campus building in a University network. This building in the three tier design model will have an access and distribution core. The VTP Server in this design would be the distribution switch. In most cases, the VTP server would be a chassis switch or a switch stack to provide redundancy to access switches.
Creating a VLAN on the distribution switch will allow for all access switches to access other access switches on different floors of the building on the same VLAN, this eliminates the need to create the vlan on 3 separate switches, the distribution, and both access switches in the given example.
In large enterprise networks VTPv2 can be used in the campus core as VTPv2 can only propagate up to 1005 VLAN’s, however once you hit the VTP VLAN ceiling you’d be required to migrate to VTP Version 3 to allow for the propagation of 4095 VLAN’s.
There are three VTP Versions currently; VTP Version 3 which is quite new provides major advantages over versions one and two.
VTP Version 1 was the initial release of this technology gives you the ability to configure the switch as a VTP Server, VTP Client, VTP Transparent Switch (will be discussed in Lab 4-11) and on CatOS switches, VTP Mode OFF which completely disables VTP.
VTP Version 2 is not to much different from v1 however VTPv2 includes the support for token ring VLAN’s and VTP Pruning. If neither of these features are required in a network then there is no need to upgrade from version one to version two.
VTP Version 3 on the other hand has significant advantages over its predecessors, two of the most beneficial features to modern networks is that VTP v3 supports the entire IEEE VLAN Range 1-4095 and also the ability to propagate Private VLAN information. VTP v3 also gives better administrative control over the VTP domain by allowing you to configure which devices can update other devices view of the VLAN topology. You now have the option to turn VTP on or off on a per trunk basis and now the VTP server has a primary and backup VTP server.
Now take a step back for a second and ask yourself what happens if someone else plugs a switch into the network with the same VTP domain and a higher revision of the database and completely different VLAN information. The answer is quite simple, you’re network goes into the bit bucket as your VLAN’s on all switches change, some get removed, new ones added and so on. When a VLAN is removed on a switch and ports are in that specific VLAN, those ports get shutdown. All in all, if this happens on your watch and its your fault you better update your resume.
But don’t worry, there is hope!! With the a VTP Password, you can prevent unwanted VTP server switches in the network. By using a VTP password switches can only be a client of a VTP Server if the passwords match.
VTP Domains can be unique to location but there is one domain name that is special; VTP Domain: NULL, this domain name basically is no domain name, its blank and is represented as the domain name NULL. However when it is changed you cannot change it back to NULL.
In this lab you will familiarize yourself with the following commands;
Command | Description |
---|---|
vtp mode server | This command is executed in global configuration mode and sets the switch as a VTP Server. This is the default VTP mode for a new switch with the VTP domain set to NULL |
vtp mode client | This command is executed in global configuration mode and sets the switch as a VTP client which learns its VLAN information from the VTP Server in its specified VTP Domain. |
vtp domain domainname | This command is executed in global configuration mode and sets the VTP domain of a device. |
vtp version i | This command is executed in global configuration mode and sets the VTP Version of the device. |
vtp password password | This command is executed in global configuration mode and sets the VTP password to prevent unauthorized VTP Servers and/or Clients in a particular VTP Domain. |
show vtp password | This command can only be executed in privileged mode and displays the current VTP Password. |
show vtp status | This command can be executed from user or privileged mode to view the current VTP configuration such as VTP mode, Domain, Version, Pruning and more. |
Lab Objectives
Step 1. – Configure SW1 as the VTP Server and configure SW2 and SW3 as VTP Clients. Set the VTP Domain name to CISCO on all three switches.
Configuring the VTP Mode and VTP Domain are done by the use of the vtp mode modetype and the vtp domain domainname as shown below; Keep in mind when setting the VTP Domain, this must be set prior to the VTP mode if you are setting the VTP domain on a client switch. If you need to change the VTP domain you must set it to transparent then change the name and/or password then set the switch back to VTP mode client.
SW1 con0 is now available Press RETURN to get started. SW1>enable SW1#configure terminal Enter configuration commands, one per line. End with CNTL/Z. SW1(config)#vtp mode server Device mode already VTP SERVER. SW1(config)#vtp domain CISCO Changing VTP domain name from NULL to CISCO SW1(config)#
SW2 con0 is now available Press RETURN to get started. SW2>enable SW2#configure terminal Enter configuration commands, one per line. End with CNTL/Z. SW2(config)#vtp domain CISCO Domain name already set to CISCO. SW2(config)#vtp mode client Setting device to VTP CLIENT mode. SW2(config)#
SW3 con0 is now available Press RETURN to get started. SW3>enable SW3#configure terminal Enter configuration commands, one per line. End with CNTL/Z. SW3(config)#vtp domain CISCO Domain name already set to CISCO. SW3(config)#vtp mode client Setting device to VTP CLIENT mode. SW3(config)#
Step 2. – Configure VLAN 10 with the name Development on the VTP Server and verify that it propagates to SW2 and SW3 properly.
To complete this objective you need to create the VLAN on the VTP Server, which in this case is SW1. Create the VLAN as you would any other VLAN on a Cisco Catalyst Series switch as shown below;
SW1(config)#vlan 10 SW1(config-vlan)#name Development SW1(config-vlan)#end SW1#
Now verify that the VLAN is being propagated properly by using the show vlan on SW2 and SW3 as shown below;
SW2(config)#end SW2#show vlan %SYS-5-CONFIG_I: Configured from console by console SW2#show vlan VLAN Name Status Ports ---- -------------------------------- --------- ------------------------------- 1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4 Fa0/5, Fa0/6, Fa0/7, Fa0/8 Fa0/9, Fa0/13, Fa0/14, Fa0/15 Fa0/16, Fa0/17, Fa0/18, Fa0/19 Fa0/20, Fa0/21, Fa0/22, Fa0/23 Fa0/24, Gi0/1, Gi0/2 10 Development active 1002 fddi-default act/unsup 1003 token-ring-default act/unsup 1004 fddinet-default act/unsup 1005 trnet-default act/unsup VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2 ---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------ 1 enet 100001 1500 - - - - - 0 0 10 enet 100010 1500 - - - - - 0 0 1002 fddi 101002 1500 - - - - - 0 0 1003 tr 101003 1500 - - - - srb 0 0 1004 fdnet 101004 1500 - - - ieee - 0 0 1005 trnet 101005 1500 - - - ibm - 0 0 Remote SPAN VLANs ------------------------------------------------------------------------------ Primary Secondary Type Ports ------- --------- ----------------- ------------------------------------------ SW2#
SW3(config)#end SW3#show vlan VLAN Name Status Ports ---- -------------------------------- --------- ------------------------------- 1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4 Fa0/5, Fa0/6, Fa0/7, Fa0/8 Fa0/9, Fa0/13, Fa0/14, Fa0/15 Fa0/16, Fa0/17, Fa0/18, Fa0/19 Fa0/20, Fa0/21, Fa0/22, Fa0/23 Fa0/24, Gi0/1, Gi0/2 10 Development active 1002 fddi-default act/unsup 1003 token-ring-default act/unsup 1004 fddinet-default act/unsup 1005 trnet-default act/unsup VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2 ---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------ 1 enet 100001 1500 - - - - - 0 0 10 enet 100010 1500 - - - - - 0 0 1002 fddi 101002 1500 - - - - - 0 0 1003 tr 101003 1500 - - - - srb 0 0 1004 fdnet 101004 1500 - - - ieee - 0 0 1005 trnet 101005 1500 - - - ibm - 0 0 Remote SPAN VLANs ------------------------------------------------------------------------------ Primary Secondary Type Ports ------- --------- ----------------- ------------------------------------------ SW3#
Step 3. – Set the VTP Version to v2 and secure the VTP Domain by using the password Cisco$123. Verify your configuration.
To set the VTP version to v2, you execute the vtp version 2 command on the VTP Server switch, this setting is propagated to all switches in the VTP domain.
To set the VTP password, use the vtp password passwordgoeshere command in global configuration mode as shown below;
SW1#configure terminal Enter configuration commands, one per line. End with CNTL/Z. SW1(config)#vtp version 2 SW1(config)#vtp password Cisco$123 Setting device VLAN database password to Cisco$123 SW1(config)#end SW1#
SW2#configure terminal Enter configuration commands, one per line. End with CNTL/Z. SW2(config)#vtp password Cisco$123 Setting device VLAN database password to Cisco$123 SW2(config)#end SW2#
SW3#configure terminal Enter configuration commands, one per line. End with CNTL/Z. SW3(config)#vtp password Cisco$123 Setting device VLAN database password to Cisco$123 SW3(config)#end SW3#
To verify the VTP version mode use the show vtp status command in user or privileged mode as shown below;
SW2#show vtp status
VTP Version : running VTP2
Configuration Revision : 3
Maximum VLANs supported locally : 1005
Number of existing VLANs : 6
VTP Operating Mode : Client
VTP Domain Name : CISCO
VTP Pruning Mode : Disabled
VTP V2 Mode : Enabled
VTP Traps Generation : Disabled
MD5 digest : 0x96 0xF1 0x2F 0xDD 0x5F 0x1F 0x37 0x53
Configuration last modified by 192.168.255.1 at 3-2-93 15:11:27
SW2#
To verify the VTP Password you must use the show vtp password command in privileged mode only as shown below;
SW2#show vtp password
VTP Password: Cisco$123
SW2#