Usage Guidelines
Note |
The
vtppruning ,
vtppassword , and
vtpversion commands are also available in privileged EXEC mode. We recommend that you use these commands in global configuration mode
only; do not use these commands in privileged EXEC mode.
|
Extended-range VLANs are not supported by VTP version 1 and version 2. Extended range VLANs are supported in VTP version
3.
When you define the domain-name value , the dom ain name is case sensitive and can be from 1 to 32 characters.
The
filename and
interface-name values are ASCII strings from 1 to 255 characters.
You must configure a password on each network device in the management domain when the switch is in secure mode.
Caution |
If you configure VTP in secure mode, the management domain does not function properly if you do not assign a management domain
password to each network device in the domain.
|
A VTP version 2-capable network device can operate in the same VTP domain as a network device running VTP version 1 if VTP
version 2 is disabled on the VTP version 2-capable network device (VTP version 2 is disabled by default).
Do not enable VTP version 2 on a network device unless all of the network devices in the same VTP domain are version 2-capable.
When you enable VTP version 2 on a network device, all of the version 2-capable network devices in the domain enable VTP version
2.
In a Token Ring environment, you must enable VTP version 2 for VLAN switching to function properly.
Enabling or disabling VTP pruning on a VTP server enables or disables VTP pruning for the entire management domain.
Configuring VLANs as pruning eligible or pruning ineligible on an applicable device affects pruning eligibility for those
VLANs on that switch only; it does not affect pruning eligibility on all network devices in the VTP domain.
The
vtppassword ,
vtppruning , and
vtpversion commands are not placed in startup memory but are included in the VTP transparent-mode startup configuration file.
Extended-range VLANs are not supported by VTP.
You can configure the
pruning keyword in VTP-server mode; the
version keyword is configurable in VTP-server mode or VTP transparent mode.
The password- value argument is an ASCII string from 8 to 64 characters identifying the administrative domain for the device.
VTP pruning causes information about each pruning-eligible VLAN to be removed from VTP updates if there are no stations belonging
to that VLAN.
All applicable devices in a VTP domain must run the same version of VTP. VTP version 1 and VTP version 2 do not operate on
applicable devices in the same VTP domain.
If all applicable devices in a domain are VTP version 2-capable, you need only to enable VTP version 2 on one applicable
devices; the version number is then propagated to the other version 2-capable applicable devices in the VTP domain.
If you toggle the version 2 mode, certain default VLAN parameters are modified.
If you enter the
vtpmodeoff command, it sets the device to off. If you enter the
novtpmodeoff command, it resets the device to the VTP server mode.
Catalyst 6500 Series Switch
VTP version 3 supports all the features in version 1 and version 2. VTP version 3 also supports the following features not
supported in version 1 and version 2:
-
Enhanced authentication--In VTP version 3, you can configure the authentication password to be hidden using the
vtppassword command. When you configure the authentication password to be hidden, it does not appear in plain text in the configuration.
Instead, the secret associated with the password is saved in hexadecimal format in the running configuration. The password- string argument is an ASCII string from 8 to 64 characters identifying the administrative domain for the device. The following
syntax is available:
password
password-string
[hidden |
secret ]
password
password-string
--Specifies the administrative domain password.
hidden
--(Optional) Configures the password with a secret key saved in hexadecimal format in the running configuration.
secret
--(Optional) Allows the password secret key to be directly configured in hexadecimal format.
The
hidden keyword for the VTP password is supported only in VTP version 3. If converting to VTP version 2 from VTP version 3, you must
remove the
hidden keyword prior to the conversion.
-
Support for extended-range VLAN database propagation--VTP version 1 and version 2 support VLANs 1 to 1000 only. In VTP version
3, the entire VLAN range is supported (VLANs 1 to 4096). The pruning of VLANs still applies to VLANs 1 to 1000 only. Extended-range
VLANs are supported in VTP version 3 only. If converting from VTP version 3 to VTP version 2, VLANs in the range 1006 to 4094
are removed from VTP control.
-
Support for propagation of any database in a domain--In VTP version 1 and version 2, a VTP server is used to backup the database
to the NVRAM and allows you to change the database information. In VTP version 3, there is a VTP-primary server and a VTP-secondary
server. A primary server allows you to alter the database information, and the database updates sent out are honored by all
the devices in the system. A secondary server can only back up the updated VTP configuration received from the primary server
in the NVRAMs. The status of the primary and secondary servers is a runtime status and is not configurable.
By default, all devices come up as secondary servers. You can enter the
vtpprimary privileged EXEC mode command to specify a primary server. The following syntax is available:
vtp
primary
[vlan |
mst ] [force
vlan
--(Optional) Specifies this device as the primary server for the VTP VLAN feature.
mst--
(Optional) Specifies this device as the primary server for the VTP MST feature.
force--
(Optional) Forces this device to become the primary server.
The primary-server status is needed only when database changes have to be performed and is obtained when the administrator
issues a takeover message in the domain. The primary-server status is lost when you reload, switch over, or the domain parameters
change. The secondary servers back up the configuration and continue to propagate the database. You can have a working VTP
domain without any primary servers.
In VTP version 3, there is no longer a restriction to propagate only VLAN database information. You can use VTP version 3
to propagate any database information across the VTP domain. A separate instance of the protocol is running for each application
that uses VTP.
-
CLI to turn off/on VTP on a per-trunk basis--You can disable VTP on a per-trunk basis using the
novtp command in interface configuration mode . When you disable VTP on the trunking port, all the VTP instances for that port are
disabled. You will not be provided with the option of setting VTP to OFF for the MST database and ON for the VLAN database.
You can enable VTP on a per-trunk basis using the
vtp command in interface configuration mode .
VTP on a global basis--When you set VTP mode to OFF globally, this applies to all the trunking ports in the system. Unlike
the per-port configuration, you can specify the OFF option on a per-VTP instance basis. For example, the system could be configured
as VTP-server for the VLAN database and as VTP-off for the MST database. In this case, VLAN databases are propagated by VTP,
MST updates are sent out on the trunk ports in the system, and the MST updates received by the system are discarded.
Examples
The following example shows how to set the device’s management domain:
Router(config)#
vtp domain DomainName1
The following example shows how to specify the file in the IFS-file system where the VTP configuration is stored:
Router(config)#
vtp file vtpconfig
Setting device to store VLAN database at filename vtpconfig.
The following example shows how to set the VTP mode to client:
Router(config)#
vtp mode client
Setting device to VTP CLIENT mode.
The following example shows how to disable VTP mode globally:
Router(config)# vtp mode off
Setting device to VTP OFF mode.
The following example shows how to reset the device to the VTP server mode:
Router(config)# no vtp mode off
Setting device to VTP OFF mode.