Chapter 3: VTP Options (Free Preview)

This is a preview lesson. Please purchase the course to access all lessons.

The VTP Domain

A VTP domain (also called a VLAN management domain) consists of one or more switches. The VTP domain is uniquely identified by the domain name. A switch can only belong to one VTP domain.

By default the switch is in the VTP no-management-domain state. A switch can belong to a VTP domain if it receives an advertisement for a domain over a trunk link or if we configure a domain name.

Once a switch has learned its management domain and inherits the configuration revision number via a VTP advertisement that was received over a trunk link, it will ignore advertisements with a different domain name or an earlier configuration revision number.


VTP Advertisements (Messages)

VTP Packets travel inside ISL or 802.1Q (dot1q) frames. Therefore, a trunk link must exist between the two switches for VTP to function properly.  After the initial VTP synchronization, switches keep sending periodic VTP messages every 5 minutes to a reserved multicast address, even if there are no configuration changes.

VTP advertisements distribute this global domain information:

  • VTP protocol version: 1, 2, or 3
  • VTP domain name
  • VTP configuration revision number
  • Update identity and update timestamp
  • MD5 digest VLAN configuration, including maximum transmission unit (MTU) size for each VLAN.
  • Frame format

VTP advertisements distribute this VLAN information for each configured VLAN:

  • VLAN IDs (ISL and IEEE 802.1Q)
  • VLAN name
  • VLAN type
  • VLAN state
  • Additional VLAN configuration information specific to the VLAN type

In VTP version 3, VTP advertisements also include the primary server ID, an instance number, and a start index.


Configuration Revision Number

A 32-bit number advertised via VTP indicating the version of a switch’s VLAN database, which gets incremented by one for every time a change is made to the VLAN database.

Every time a switch receives a VTP message it compares the current configuration revision number to the configuration revision number in the VTP message. If the configuration revision number in the VTP message is higher, the switch synchronizes its VLAN database with the changes in the new VTP message.

In order to reset the configuration revision of a switch, change the VTP domain name, and then change the name back to the original name.


NOTE: Before adding a VTP switch to a VTP domain, always verify that its VTP configuration revision number is lower than the configuration revision number of the other switches in the VTP domain. Switches in a VTP domain always use the VLAN configuration of the switch with the highest VTP configuration revision number. If you add a switch that has a revision number higher than the revision number in the VTP domain, it can erase all VLAN information from the VTP server and VTP domain.


VTP Modes

In a VTP domain we can have switches acting as either  a VTP Server, Client or Transparent.

A switch in VTP Server mode allows us to  create, modify, and delete VLANs and specify other

configuration parameters, such as VTP version and VTP pruning. These changes we make on Server mode switches are propagated throughout the entire VTP domain that these switches belong to.

If you configure a switch as a VTP Transparent mode switch, it can also create, modify, and delete VLANs. However, these changes are significant only to that particular switch and they are not advertised to  other switches in the domain.

A VTP Client mode switch cannot create, change, or delete VLANs. It synchronizes its VLAN database based on received advertisements and passes those advertisements out trunk links to other switches.


Server Client Transparent
Participates in VTP Participates in VTP Does NOT Participate in VTP
Can create, modify, and delete VLANs and specify other configuration parameters, such as VTP version and VTP pruning, for the entire VTP domain Cannot create, change, or delete VLANs Can create, modify, and delete VLANs
Synchronizes its VLAN database based on received advertisements Synchronizes its VLAN database based on received advertisements Does not synchronize its VLAN database based on received advertisements
Forwards received VTP messages Forwards received VTP messages Forwards received VTP messages
Can originate VTP messages Can originate VTP messages Does not originate VTP messages
VLAN configurations are saved in NVRAM VTP versions 1 and 2, in VTP client mode, VLAN configurations are not saved in NVRAM. In VTP version 3, VLAN configurations are saved in NVRAM in client mode VTP and VLAN configurations are saved in NVRAM


VTP off:  A switch in VTP off mode functions in the same way as a VTP transparent switch, except that it does not forward VTP advertisements on trunks.



By default, VTP operates in version 1. Not that much different from VTP V1. The most significant difference is the added support for Token Ring VLANs. Changing the VTP version from 1 to 2 will not cause a switch to reload.


VTP Password

If a password was configured for the domain then it must be configured on all switches. The VTP password that was configured is translated in to a MD5 hash and is carried in all summary-advertisement VTP packets that are sent every 5 minutes.


Requirements for VTP to Work Between Two Switches

In order for two Cisco switches to process VTP messages from each other the Cisco IOS requires the following conditions to be met.

  1. The link between the two switches must be an either ISL or 802.1Q trunk link.
  2. The VTP domain name which is case-sensitive must match on both switches.
  3. If a password has been configured on one of the switches, then that password need to be configured on the other Cisco switch as well.


VTP Pruning

With switches all unknown unicasts, multicasts and broadcasts in a VLAN are flooded over the entire VLAN. When VTP pruning is not enabled, a switch floods, broadcasts, unknown unicast and multicast traffic  across all trunk links in a VTP domain.

The figure below shows a switched network without VTP pruning enabled. Port 32 on Switch A, port 34 on Switch B and port 32 on switch C are assigned to the Red VLAN. If a broadcast is sent from the host connected to Switch A, Switch A floods the broadcast and every switch in the network receives it, even though Switch D and Switch E have no ports in the Red VLAN.



Figure Flooding traffic without VTP Pruning enabled


On the other hand, when VTP pruning is active it block or prune unnecessary traffic to VLANs on trunk ports that are included in the pruning-eligible list. Therefore, if we consider our earlier example with VTP pruning enabled, broadcast traffic from Switch A is not forwarded to Switch D and Switch E because traffic for the Red VLAN has been pruned on the trunk links.



Figure Flooding traffic with VTP Pruning enabled

Once, VTP Pruning is enabled on a VTP Server, pruning is enabled for the entire management domain.

Making VLANs pruning-eligible or pruning-ineligible affects pruning eligibility for those VLANs on that particular trunk only. VLAN 1 and VLANs 1002 to 1005 are always pruning-ineligible. Extended-range VLANs are also pruning-ineligible.

Back to: CCNA Routing and Switching 200-125 > Ethernet LAN Switching