To VTP or Not to VTP

by: George El., December 2018, Reading time: 3 minutes

VTP is the cisco Vlan Trunking Protocol. It allows the automatic configuration of vlans by setting one or more switches as VTP servers and other switches as VTP clients. Changes are allowed only in the Servers. There is another mode, called transparent, which allows the propagation of vtp advertisements but does not participate in the vtp domain. Finally there is vtp mode off, where you turn off VTP, and it doesn’t forward any advertisements. By default when a switch is booted is VTP server. This means that it can cause problems on your network. That’s why you specify a domain name and password in vtp configuration. However imagine this: you have an old switch that you disconnected and for some reason you connect it again to the network. If it’s revision number is bigger than the one currently on the network, it will delete all your vlans that doesn’t have in its configuration. Another thing to note is that even clients can cause problems in the network.

This part is from the official CCNP certification guide:

It might seem intuitive that a switch acting as a VTP server could come online with a higher configuration revision number and wreak havoc on the whole domain. You should also be aware that this same thing can happen if a VTP client comes online with a higher revision, too! Even though it seems as if a client should strictly listen to advertisements from servers, a client can and does send out its own advertisements. When it first powers up, a client sends a summary advertisement from its own stored database. It realizes that it has a greater revision number if it receives an inferior advertisement from a server. Therefore, it sends out a subset advertisement with the greater revision number, which VTP servers will accept as more up-to-date information. Even in VTP client mode, a switch will store the last known VTP information—including the configuration revision number. Do not assume that a VTP client will start with a clean slate when it powers up.

In my 20 years as network engineer I have experienced twice the case, where an young engineer connects a new swith to a network and suddenly the whole network goes down. If you are on your main switch you will see a lot of interfaces going down without any apparent reason, just because the vlans are deleted. You can easily circumvent the problem by recreating the vlans on the server, but you will experience downtime.

So, it is cisco’s recommendation not to use vtp anymore, because of the dangers inhered to it. Another thing to remember is that if you connect a switch on your network always turn it to transparent mode and then client, to zero the revision number

For more information you can check cisco’s site understanding vtp

comments powered by Disqus