|
|
This chapter describes how to configure the VLAN Trunk Protocol (VTP).
This chapter consists of these sections:
Before you create VLANs, you must decide whether to use VTP in your network. With VTP, you can make configuration changes centrally on one or more switches and have those changes automatically communicated to all the other switches in the network.
VTP is a Layer 2 messaging protocol that maintains VLAN configuration consistency by managing the addition, deletion, and renaming of VLANs on a network-wide basis. VTP minimizes misconfigurations and configuration inconsistencies that can result in a number of problems, such as duplicate VLAN names, incorrect VLAN-type specifications, and security violations.
These sections describe how VTP works:
A VTP domain (also called a VLAN management domain) is made up of one or more interconnected switches that share the same VTP domain name. A switch can be configured to be in one and only one VTP domain. You make global VLAN configuration changes for the domain using either the command-line interface (CLI) or Simple Network Management Protocol (SNMP).
By default, the switch is in VTP server mode and is in the no-management domain state until the switch receives an advertisement for a domain over a trunk link or you configure a management domain. You cannot create or modify VLANs on a VTP server until the management domain name is specified or learned.
If the switch receives a VTP advertisement over a trunk link, it inherits the management domain name and the VTP configuration revision number. The switch ignores advertisements with a different management domain name or an earlier configuration revision number.
If you configure the switch as VTP transparent, you can create and modify VLANs but the changes affect only the individual switch.
When you make a change to the VLAN configuration on a VTP server, the change is propagated to all switches in the VTP domain. VTP advertisements are transmitted out all trunk connections, including Inter-Switch Link (ISL), IEEE 802.1Q, IEEE 802.10, and ATM LAN Emulation (LANE).
VTP maps VLANs dynamically across multiple LAN types with unique names and internal index associations. Mapping eliminates excessive device administration required from network administrators.
You can configure a switch to operate in any one of these VTP modes:
Each switch in the VTP domain sends periodic advertisements out each trunk port to a reserved multicast address. VTP advertisements are received by neighboring switches, which update their VTP and VLAN configurations as necessary.
The following global configuration information is distributed in VTP advertisements:
If you use VTP in your network, you must decide whether to use VTP version 1 or version 2.
VTP version 2 supports the following features not supported in version 1:
VTP pruning enhances network bandwidth use by reducing unnecessary flooded traffic, such as broadcast, multicast, unknown, and flooded unicast packets. VTP pruning increases available bandwidth by restricting flooded traffic to those trunk links that the traffic must use to access the appropriate network devices. By default, VTP pruning is disabled.
Make sure that all devices in the management domain support VTP pruning before enabling it. VTP pruning is supported in supervisor engine software release 2.3 and later.
Figure 8-1 shows a switched network without VTP pruning enabled. Port 1 on Switch 1 and port 2 on Switch 4 are assigned to the Red VLAN. A broadcast is sent from the host connected to Switch 1. Switch 1 floods the broadcast and every switch in the network receives it, even though Switches 3, 5, and 6 have no ports in the Red VLAN.
Figure 8-2 shows the same switched network with VTP pruning enabled. The broadcast traffic from Switch 1 is not forwarded to Switches 3, 5, and 6 because traffic for the Red VLAN has been pruned on the links indicated (port 5 on Switch 2 and port 4 on Switch 4).
Enabling VTP pruning on a VTP server enables pruning for the entire management domain. VTP pruning takes effect several seconds after you enable it. By default, VLANs 2 through 1000 are pruning-eligible. VTP pruning does not prune traffic from VLANs that are pruning-ineligible. VLAN 1 is always pruning-ineligible; traffic from VLAN 1 cannot be pruned.
To make a VLAN pruning ineligible, enter the clear vtp pruneeligible command. To make a VLAN pruning eligible again, enter the set vtp pruneeligible command. You can set VLAN pruning-eligibility regardless of whether VTP pruning is enabled or disabled for the domain. Pruning eligibility always applies to the local device only, not for the entire VTP domain.
Table 8-1 shows the default VTP configuration.
| Feature | Default Value |
|---|---|
VTP domain name | Null |
VTP mode | Server |
VTP version 2 enable state | Version 2 is disabled |
VTP password | None |
VTP pruning | Disabled |
Follow these guidelines when implementing VTP in your network:
| Caution If you configure VTP in secure mode, the management domain will not function properly if you do not assign a management domain password to each switch in the domain. |
These sections describe how to configure VTP:
When a switch is in VTP server mode, you can change the VLAN configuration and have it propagate throughout the network.
To configure the switch as a VTP server, perform this task in privileged mode:
| Task | Command |
|---|---|
Step 1 Define the VTP domain name. | set vtp domain name |
Step 2 Place the switch in VTP server mode. | set vtp mode server |
Step 3 (Optional) Set a password for the VTP domain. | set vtp passwd passwd |
Step 4 Verify the VTP configuration. | show vtp domain |
This example shows how to configure the switch as a VTP server and verify the configuration:
Console> (enable) set vtp domain Lab_Network VTP domain Lab_Network modified Console> (enable) set vtp mode server VTP domain Lab_Network modified Console> (enable) show vtp domain Domain Name Domain Index VTP Version Local Mode Password -------------------------------- ------------ ----------- ----------- ---------- Lab_Network 1 2 server - Vlan-count Max-vlan-storage Config Revision Notifications ---------- ---------------- --------------- ------------- 10 1023 40 enabled Last Updater V2 Mode Pruning PruneEligible on Vlans --------------- -------- -------- ------------------------- 172.20.52.70 disabled disabled 2-1000 Console> (enable)
When a switch is in VTP client mode, you cannot change the VLAN configuration on the switch. The client switch receives VTP updates from a VTP server in the management domain and modifies its configuration accordingly.
To configure the switch as a VTP client, perform this task in privileged mode:
| Task | Command |
|---|---|
Step 1 Define the VTP domain name. | set vtp domain name |
Step 2 Place the switch in VTP client mode. | set vtp mode client |
Step 3 Verify the VTP configuration. | show vtp domain |
This example shows how to configure the switch as a VTP client and verify the configuration:
Console> (enable) set vtp domain Lab_Network VTP domain Lab_Network modified Console> (enable) set vtp mode client VTP domain Lab_Network modified Console> (enable) show vtp domain Domain Name Domain Index VTP Version Local Mode Password -------------------------------- ------------ ----------- ----------- ---------- Lab_Network 1 2 client - Vlan-count Max-vlan-storage Config Revision Notifications ---------- ---------------- --------------- ------------- 10 1023 40 enabled Last Updater V2 Mode Pruning PruneEligible on Vlans --------------- -------- -------- ------------------------- 172.20.52.70 disabled disabled 2-1000 Console> (enable)
When you configure the switch as VTP transparent, you disable VTP on the switch. A VTP transparent switch does not send VTP updates and does not act on VTP updates received from other switches. However, a VTP transparent switch running VTP version 2 does forward received VTP advertisements out all of its trunk links.
To disable VTP on the switch, perform this task in privileged mode:
| Task | Command |
|---|---|
Step 1 Place the switch in VTP transparent mode (disabling VTP on the switch). | set vtp mode transparent |
Step 2 Verify the VTP configuration. | show vtp domain |
This example shows how to configure the switch as VTP transparent and verify the configuration:
Console> (enable) set vtp mode transparent VTP domain Lab_Net modified Console> (enable) show vtp domain Domain Name Domain Index VTP Version Local Mode Password -------------------------------- ------------ ----------- ----------- ---------- Lab_Net 1 2 Transparent - Vlan-count Max-vlan-storage Config Revision Notifications ---------- ---------------- --------------- ------------- 10 1023 0 enabled Last Updater V2 Mode Pruning PruneEligible on Vlans --------------- -------- -------- ------------------------- 172.20.52.70 disabled disabled 2-1000 Console> (enable)
VTP version 2 is disabled by default on VTP version 2-capable switches. When you enable VTP version 2 on a switch, every VTP version 2-capable switch in the VTP domain will enable version 2 as well.
| Caution VTP version 1 and VTP version 2 are not interoperable on switches in the same VTP domain. Every switch in the VTP domain must use the same VTP version. Do not enable VTP version 2 unless every switch in the VTP domain supports version 2. |
To enable VTP version 2, perform this task in privileged mode:
| Task | Command |
|---|---|
Step 1 Enable VTP version 2 on the switch. | set vtp v2 enable |
Step 2 Verify that VTP version 2 is enabled. | show vtp domain |
This example shows how to enable VTP version 2 and verify the configuration:
Console> (enable) set vtp v2 enable This command will enable the version 2 function in the entire management domain. All devices in the management domain should be version2-capable before enabling. Do you want to continue (y/n) [n]? y VTP domain Lab_Net modified Console> (enable) show vtp domain Domain Name Domain Index VTP Version Local Mode Password -------------------------------- ------------ ----------- ----------- ---------- Lab_Net 1 2 server - Vlan-count Max-vlan-storage Config Revision Notifications ---------- ---------------- --------------- ------------- 10 1023 1 enabled Last Updater V2 Mode Pruning PruneEligible on Vlans --------------- -------- -------- ------------------------- 172.20.52.70 enabled disabled 2-1000 Console> (enable)
To disable VTP version 2, perform this task in privileged mode:
| Task | Command |
|---|---|
Step 1 Disable VTP version 2. | set vtp v2 disable |
Step 2 Verify that VTP version 2 is disabled. | show vtp domain |
This example shows how to disable VTP version 2:
Console> (enable) set vtp v2 disable This command will disable the version 2 function in the entire management domain. Warning: trbrf & trcrf vlans will not work properly in this mode. Do you want to continue (y/n) [n]? y VTP domain Lab_Net modified Console> (enable)
To configure VTP pruning, perform this task in privileged mode:
| Task | Command |
|---|---|
Step 1 Enable VTP pruning in the management domain. | set vtp pruning enable |
Step 2 (Optional) Make specific VLANs pruning-ineligible on the device. (By default, VLANs 2-1000 are pruning-eligible.) | clear vtp pruneeligible vlan_range |
Step 3 (Optional) Make specific VLANs pruning-eligible on the device. | set vtp pruneeligible vlan_range |
Step 4 Verify the VTP pruning configuration. | show vtp domain |
Step 5 Verify that the appropriate VLANs are being pruned on trunk ports. | show trunk |
This example shows how to enable VTP pruning in the management domain and how to make VLANs 2-99, 250-255, and 501-1000 pruning-eligible on the particular device:
Console> (enable) set vtp pruning enable This command will enable the pruning function in the entire management domain. All devices in the management domain should be pruning-capable before enabling. Do you want to continue (y/n) [n]? y VTP domain Lab_Network modified Console> (enable) clear vtp pruneeligible 100-500 Vlans 1,100-500,1001-1005 will not be pruned on this device. VTP domain Lab_Network modified. Console> (enable) set vtp pruneeligible 250-255 Vlans 2-99,250-255,501-1000 eligible for pruning on this device. VTP domain Lab_Network modified. Console> (enable) show vtp domain Domain Name Domain Index VTP Version Local Mode Password -------------------------------- ------------ ----------- ----------- ---------- Lab_Network 1 2 server - Vlan-count Max-vlan-storage Config Revision Notifications ---------- ---------------- --------------- ------------- 8 1023 16 disabled Last Updater V2 Mode Pruning PruneEligible on Vlans --------------- -------- -------- ------------------------- 172.20.52.2 disabled enabled 2-99,250-255,501-1000 Console> (enable) show trunk Port Mode Encapsulation Status Native vlan -------- ----------- ------------- ------------ ----------- 1/1 auto isl trunking 523 Port Vlans allowed on trunk -------- --------------------------------------------------------------------- 1/1 1-1005 Port Vlans allowed and active in management domain -------- --------------------------------------------------------------------- 1/1 1,522-524 Port Vlans in spanning tree forwarding state and not pruned -------- --------------------------------------------------------------------- 1/1 1,522-524 Console> (enable)
To disable VTP pruning, perform this task in privileged mode:
| Task | Command |
|---|---|
Step 1 Disable VTP pruning in the management domain. | set vtp pruning disable |
Step 2 Verify that VTP pruning is disabled. | show vtp domain |
This example shows how to disable VTP pruning in the management domain:
Console> (enable) set vtp pruning disable This command will disable the pruning function in the entire management domain. Do you want to continue (y/n) [n]? y VTP domain Lab_Network modified Console> (enable)
To monitor VTP activity, including VTP advertisements sent and received and VTP errors, perform this task:
| Task | Command |
|---|---|
Display VTP statistics for the switch. | show vtp statistics |
This example shows how to display VTP statistics on the switch:
Console> (enable) show vtp statistics
VTP statistics:
summary advts received 4690
subset advts received 7
request advts received 0
summary advts transmitted 4397
subset advts transmitted 8
request advts transmitted 0
No of config revision errors 0
No of config digest errors 0
VTP pruning statistics:
Trunk Join Trasmitted Join Received Summary advts received from
non-pruning-capable device
-------- --------------- ------------- ---------------------------
1/1 0 0 0
1/2 0 0 0
Console> (enable)
Posted: Wed Nov 10 13:20:02 PST 1999
Copyright 1989-1999©Cisco Systems Inc.