VTP stands for VLAN Trunking Protocol, which is a misnomer as it’s not a trunking protocol. As we know, there are only two trunking protocols — ISL and 802.1q.
VTP is a VLAN management protocol which replicates the VLAN configuration among switches in the network. A better, alternate name to VTP should have been VRP — VLAN Replication Protocol.
- VTP is a VLAN replication protocol.
- VTP replicates the VLAN configuration from one switch to all switches that are in the same VTP domain, reducing manual configuration in every switch.
- VTP works by replicating the VLANs from a switch that has the highest Configuration Revision Number to other switches in the VTP domain.
- VTP replicates the VLAN IDs and their names, and not the ports associated to the VLANs. Ports still have to be assigned to VLANs manually in the switches.
- VTP synchronization happens through the trunk links between the switches.
- VTP is a Cisco’s proprietary protocol that works only among Cisco switches.
There are three VTP modes a switch can be at any given time :
A switch in a VTP server mode has the ability to add, delete or modify the VLANs in it. These modifications will be replicated across all the switches in the VTP domain. In a VTP domain, there can be more than one VTP server. The VTP server that has the highest Configuration Revision Number replicates its VLAN configuration to all the VTP clients and other VTP servers in its VTP domain.
A switch configured to be a VTP Client can only receive the VTP updates from the VTP server in its domain. It can’t replicate its VLAN modifications to other members of the VTP domain.
This is the default VTP mode in all Cisco switches. In VTP Transparent mode, the switch won’t participate in any VTP VLAN synchronization. It’s transparent to VTP. However, it does pass the VTP messages through it to other switches in the VTP domain.
There are two concepts regarding VTP that describe how VTP works :
1. VTP Domain
The VTP Domain is a name that identifies all the switches that are part of the VTP process. In other words, the switches that desire to be a part of the VTP require to have the corresponding VTP domain name.
The switch in the VTP Server mode requires to be configured with the VTP Domain Name for it to be able to replicate its VLAN configuration to other switches.
The switch in the VTP Client mode automatically gets the VTP domain name from the VTP server in the network over its trunk link. If there are more than one VTP server in the network, the client configures its VTP domain name from the one that has the highest Configuration Revision Number.
2. Configuration Revision Number
The VTP servers have a way of resolving which server’s VLAN configuration should be replicated to other switches within the VTP domain at any given time. It’s through the Configuration Revision Number.
The VTP servers start at the Configuration Revision Number 0 (zero). As the server changes its VLAN configuration by adding, deleting or modifying the VLANs, the Configuration Revision Number increases. At any given instant of time, the server with the highest Configuration Revision Number replicates its VLAN configuration to all the other switches within its VTP domain.
The VTP domain name as well as the Configuration Revision Number can be seen by running show vtp status command on the switch.
show vtp status
Configuring VTP :
VTP configuration is pretty simple where you specify the VTP domain name and the VTP mode in the global configuration mode of the switch.
1. VTP Server
Switch#conf t Switch(config)#vtp mode server Switch(config)#vtp domain DOMAIN_NAME
2. VTP Client
Switch#conf t Switch(config)#vtp mode client
3. VTP Transparent (default mode)
Switch#conf t Switch(config)#vtp mode transparent
All the concepts I explained about VTP are pretty nicely demonstrated inside Cisco Packet Tracer by Joe Astorino.
VTP — A Double Edged Sword
We saw the bright side of VTP and understood how it eliminates the manual VLAN configuration on switches. There’s also a dark side to VTP. In fact, it’s so dangerous that by default all switches are set to be in VTP transparent mode. If not enough attention is paid, VTP has the potential to bring down the whole network within few seconds.
Imagine a scenario wherein you brought your home switch to office with the intention of studying and practicing some switching concepts during your free time at the office. If you are like me who spends a lot of time with switches, chances are high that your switch has a complex configuration of various services on it. As you were playing with your switch in the office, maybe after a heavy lunch when you were feeling a bit sleepy, you get the temptation of connecting your switch to the yellowish network wall jack that’s rightfully installed inside your cubicle to provide intranet access to your PC💡 . Since you were feeling sleepy (because of that yummy lunch!), you connect your home switch to the wall jack without giving much thought about what you were doing. 5 seconds…10 seconds…15 seconds, all of a sudden the colleagues around you start to ask whether you have the network access❓ . Slowly the steam of unrest accelerates throughout the office. Before long, the whole office halts and gets furious because of the network outage. By the time you wake up from your sleepy/lethargic state and realize what’s happening, the damage is done😮 . You can try to fix the problem or hide your switch and run to home. Either way, you really are the culprit! While you can console your worried mind by blaming the cook who prepared that tasty meal for lunch, you certainly can’t escape the numbing electric treatment from the network administrators😦 .
I got a bit poetic there. Anyway, what just happened was that your pet switch had VTP server mode active on it. To make matter worse, its Configuration Revision Number was higher than all the VTP servers in the office network. Because it’s a VTP server and its revision number is much higher, all the other switches in the intranet synchronized their VLAN configuration to that of your home switch. And instantly the Finance, HR, Accounting and Development VLANs in the office switches were replaced with the Red, Green, Pink and Purple VLANs, reflecting your love of colors that you passionately configured on your home switch🙄 .
This is just one example among many accidental damages VTP could cause to a production network. Therefore, be cautious and mindful about VTP. It’s wise to keep the switches in VTP transparent mode unless there’s a specific need not to do so.