VTP is a Layer 2 messaging protocol that maintains VLAN configuration consistency by managing the additions, deletions, and name changes of VLANs across networks.
The following setup is a simple demonstration of how VTP operates.
We start with 3 switches, SwitchA, SwitchB and SwitchC.
By default, the switches are in Server VTP mode. We can verify that using the sh vtp status command.
SwitchA#sh vtp status
VTP Version : 2
Configuration Revision : 0
Maximum VLANs supported locally : 255
Number of existing VLANs : 5
VTP Operating Mode : Server
VTP Domain Name :
VTP Pruning Mode : Disabled
VTP V2 Mode : Disabled
VTP Traps Generation : Disabled
MD5 digest : 0x7D 0x5A 0xA6 0x0E 0x9A 0x72 0xA0 0x3A
Configuration last modified by 0.0.0.0 at 0-0-00 00:00:00
Local updater ID is 0.0.0.0 (no valid interface found)
We will set the VTP domain to TESTCCNA on SwitchA using vtp domain command.
SwitchA(config)#vtp domain TESTCCNA
Changing VTP domain name from NULL to TESTCCNA
We will set the VTP mode of SwitchB to client and VTP mode of SwitchC to transparent using the vtp mode command.
SwitchB(config)#vtp mode client
Setting device to VTP CLIENT mode.
SwitchC(config)#vtp mode transparent
Setting device to VTP TRANSPARENT mode.
VTP requires the links connecting the switches to be trunked. So we start connecting SwitchA to SwitchB and SwitchA to SwitchC and set the interfaces used for the connections to trunk mode by using the switchport mode trunk command on each interface.
Once the trunk links are up, run the sh vtp status on SwitchB and you will see that the VTP domain has been set to TESTCCNA as well. The VTP server (SwitchA) has propagated the information to the VTP client (SwitchB).
SwitchA#sh vtp status
VTP Version : 2
Configuration Revision : 0
Maximum VLANs supported locally : 255
Number of existing VLANs : 5
VTP Operating Mode : Server
VTP Domain Name : TESTCCNA
VTP Pruning Mode : Disabled
VTP V2 Mode : Disabled
VTP Traps Generation : Disabled
MD5 digest : 0xEA 0xE5 0xDA 0x6D 0x41 0xF4 0xA2 0xA3
Configuration last modified by 0.0.0.0 at 0-0-00 00:00:00
Local updater ID is 0.0.0.0 (no valid interface found)
However, if you check the VTP status on SwitchC, you will see that its VTP domain remains NULL or empty. This is because in transparent mode, it does not synchronize with the server or client.
Now run sh vlan brief command on all the 3 switches and you should only see VLAN 1 and VLANs 1002-1005. You should also take note that the VTP Configuration Revision on all the 3 switches is 0.
Add VLAN 2 and VLAN 3 on SwitchA and verify it using sh vlan brief command. Also run the sh vtp status on SwitchA and you will noticed the Configuration Revision has been updated to 2.
SwitchA#sh vtp status
VTP Version : 2
Configuration Revision : 2
Maximum VLANs supported locally : 255
Number of existing VLANs : 7
VTP Operating Mode : Server
VTP Domain Name : TESTCCNA
VTP Pruning Mode : Disabled
VTP V2 Mode : Disabled
VTP Traps Generation : Disabled
MD5 digest : 0xC4 0xB2 0x5A 0xFE 0xFB 0x34 0x62 0x2D
Configuration last modified by 0.0.0.0 at 3-1-93 00:43:15
Local updater ID is 0.0.0.0 (no valid interface found)
Now use sh vlan brief and sh vtp status on SwitchB and you will see that the 2 new VLANs has been added on SwitchB as well and the Configuration Revision updated to 2.
Now on SwitchB, try adding a VLAN and you will be denied from doing so. You cannot configure VLAN when the VTP mode is set to client.
SwitchB(config)#vlan 4
VTP VLAN configuration not allowed when device is in CLIENT mode.
But if check on SwitchC, the 2 new VLANs was not added and the Configuration Revision remains as 0. Again in transparent mode, it does not synchronize with the server or client. Even if we set the VTP domain to TESTCCNA, it will still not apply the update.
Now, on SwitchC, add VLAN 100 and 101. Verify the VLANs has been added using sh vlan brief. Run sh vtp status and you will notice that the Configuration Revision remains as 0. Whatever VLAN configuration you made on SwitchC will not propagate to other switches because it is in transparent mode.
However, in client or transparent mode, the switch will still forward advertisements to switches connected to it via trunk link. To test this out, we added SwitchD and connect it to SwitchC via a trunk link. Do make sure that SwitchD does not have any VLAN configuration and the Configuration Revision is 0 before connecting.
Run the sh vtp status and sh vlan brief commands on SwitchD and you will see that the VLAN configuration has been applied to SwitchD and the Configuration Revision updated to 2.
SwitchD#sh vtp status
VTP Version : 2
Configuration Revision : 2
Maximum VLANs supported locally : 255
Number of existing VLANs : 7
VTP Operating Mode : Server
VTP Domain Name : TESTCCNA
VTP Pruning Mode : Disabled
VTP V2 Mode : Disabled
VTP Traps Generation : Disabled
MD5 digest : 0xC4 0xB2 0x5A 0xFE 0xFB 0x34 0x62 0x2D
Configuration last modified by 0.0.0.0 at 3-1-93 00:43:15
Local updater ID is 0.0.0.0 (no valid interface found)
Okay, now come the dangerous of using VTP to maintain the VLAN configuration. Disconnect SwitchD from SwitchC. On SwitchD, add VLAN 200 and 300 and delete VLAN 2 and 3.
SwitchD(config)#vlan 200
SwitchD(config-vlan)#vlan 300
SwitchD(config-vlan)#no vlan 2
SwitchD(config)#no vlan 3
Also note that Configuration Revision on SwitchD is now 6.
SwitchD#sh vtp status
VTP Version : 2
Configuration Revision : 6
Maximum VLANs supported locally : 255
Number of existing VLANs : 7
VTP Operating Mode : Server
VTP Domain Name : TESTCCNA
VTP Pruning Mode : Disabled
VTP V2 Mode : Disabled
VTP Traps Generation : Disabled
MD5 digest : 0xCD 0xCC 0x8A 0xB5 0x00 0x3C 0x34 0x55
Configuration last modified by 0.0.0.0 at 3-1-93 00:22:41
Local updater ID is 0.0.0.0 (no valid interface found)
Now connect SwitchD back to Switch using trunk link.
Run sh vtp status and sh vlan brief on SwitchA and SwitchB. You will see that the Configuration Revision has been updated to 6 as well. VLAN 2 and 3 has been removed and VLAN 200 and 300 has been added. This happened because SwitchD after making changes to the VLAN configuration, has its Configuration Revision incremented to 6. Because SwitchD’s Configuration Revision is higher (meaning most updated) than SwitchA and SwitchB, its VLAN configuration get applied on them.
Imagine if SwitchD is actually an old switch with higher Configuration Revision with such VLAN configuration and VLAN 2 and 3 are actually in use. You will suddenly see all switchports assigned to VLAN 2 and 3 do down. If you ever use VTP server or client, make sure to check the VTP status before connecting a new/old switch.
Okay, back to study again.
No comments:
Post a Comment