The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
Your software release may not support all the features documented in this module. For the latest feature information and caveats, see the release notes for your platform and software release.
Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. An account on Cisco.com is not required.
Before you create VLANs, you must decide whether to use the VLAN Trunking Protocol (VTP) in your network. Using VTP, you can make configuration changes centrally on one or more switches and have those changes automatically communicated to all the other switches in the network. Without VTP, you cannot send information about VLANs to other switches.
VTP is designed to work in an environment where updates are made on a single switch and are sent through VTP to other switches in the domain. It does not work well in a situation where multiple updates to the VLAN database occur simultaneously on switches in the same domain, which would result in an inconsistency in the VLAN database.
The switch supports a total of 4094 VLANs. However, the number of routed ports, SVIs, and other configured features affects the usage of the switch hardware. If the switch is notified by VTP of a new VLAN and the switch is already using the maximum available hardware resources, it sends a message that there are not enough hardware resources available and shuts down the VLAN. The output of the show vlan user EXEC command shows the VLAN in a suspended state.
Because trunk ports send and receive VTP advertisements, you must ensure that at least one trunk port is configured on the switch or switch stack and that this trunk port is connected to the trunk port of another switch. Otherwise, the switch cannot receive any VTP advertisements.
The following are restrictions for a VTP:
Information About VTP
VTP is a Layer 2 messaging protocol that maintains VLAN configuration consistency by managing the addition, deletion, and renaming of VLANs on a network-wide basis. VTP minimizes misconfigurations and configuration inconsistencies that can cause several problems, such as duplicate VLAN names, incorrect VLAN-type specifications, and security violations.
VTP functionality is supported across the stack, and all switches in the stack maintain the same VLAN and VTP configuration inherited from the active switch. When a switch learns of a new VLAN through VTP messages or when a new VLAN is configured by the user, the new VLAN information is communicated to all switches in the stack.
When a switch joins the stack or when stacks merge, the new switches get VTP information from the active switch.
A VTP domain (also called a VLAN management domain) consists of one switch or several interconnected switches or switch stacks under the same administrative responsibility sharing the same VTP domain name. A switch can be in only one VTP domain. You make global VLAN configuration changes for the domain.
By default, the switch is in the VTP no-management-domain state until it receives an advertisement for a domain over a trunk link (a link that carries the traffic of multiple VLANs) or until you configure a domain name. Until the management domain name is specified or learned, you cannot create or modify VLANs on a VTP server, and VLAN information is not propagated over the network.
If the switch receives a VTP advertisement over a trunk link, it inherits the management domain name and the VTP configuration revision number. The switch then ignores advertisements with a different domain name or an earlier configuration revision number.
When you make a change to the VLAN configuration on a VTP server, the change is propagated to all switches in the VTP domain. VTP advertisements are sent over all IEEE trunk connections, including IEEE 802.1Q. VTP dynamically maps VLANs with unique names and internal index associates across multiple LAN types. Mapping eliminates excessive device administration required from network administrators.
If you configure a switch for VTP transparent mode, you can create and modify VLANs, but the changes are not sent to other switches in the domain, and they affect only the individual switch. However, configuration changes made when the switch is in this mode are saved in the switch running configuration and can be saved to the switch startup configuration file.
Each switch in the VTP domain sends periodic global configuration advertisements from each trunk port to a reserved multicast address. Neighboring switches receive these advertisements and update their VTP and VLAN configurations as necessary.
VTP advertisements distribute this global domain information:
VTP advertisements distribute this VLAN information for each configured VLAN:
In VTP version 3, VTP advertisements also include the primary server ID, an instance number, and a start index.
If you use VTP in your network, you must decide which version of VTP to use. By default, VTP operates in version 1.
VTP version 2 supports these features that are not supported in version 1:
VTP version 3 supports these features that are not supported in version 1 or version 2:
Note |
VTP pruning still applies only to VLANs 1 to 1005, and VLANs 1002 to 1005 are still reserved and cannot be modified. |
VTP pruning increases network available bandwidth by restricting flooded traffic to those trunk links that the traffic must use to reach the destination devices. Without VTP pruning, a switch floods broadcast, multicast, and unknown unicast traffic across all trunk links within a VTP domain even though receiving switches might discard them. VTP pruning is disabled by default.
VTP pruning blocks unneeded flooded traffic to VLANs on trunk ports that are included in the pruning-eligible list. Only VLANs included in the pruning-eligible list can be pruned. By default, VLANs 2 through 1001 are pruning eligible switch trunk ports. If the VLANs are configured as pruning-ineligible, the flooding continues. VTP pruning is supported in all VTP versions.
Enabling VTP pruning on a VTP server enables pruning for the entire management domain. Making VLANs pruning-eligible or pruning-ineligible affects pruning eligibility for those VLANs on that trunk only (not on all switches in the VTP domain).
VTP pruning takes effect several seconds after you enable it. VTP pruning does not prune traffic from VLANs that are pruning-ineligible. VLAN 1 and VLANs 1002 to 1005 are always pruning-ineligible; traffic from these VLANs cannot be pruned. Extended-range VLANs (VLAN IDs higher than 1005) are also pruning-ineligible.
VTP configuration is the same in all members of a switch stack. When the switch stack is in VTP server, client, or transparent mode, all switches in the stack carry the same VTP configuration.
VTP version 3 functions the same on a standalone switch or a stack except when the switch stack is the primary server for the VTP database. In this case, the MAC address of the active switch is used as the primary server ID. If the active switch reloads or is powered off, a new active switch is elected.
VTP Configuration Guidelines
When you configure VTP, you must configure a trunk port so that the switch can send and receive VTP advertisements to and from other switches in the domain.
The VTP information is saved in the VTP VLAN database. When VTP mode is transparent, the VTP domain name and mode are also saved in the switch running configuration file, and you can save it in the switch startup configuration file by entering the copy running-config startup-config privileged EXEC command. You must use this command if you want to save VTP mode as transparent, even if the switch resets.
When you save VTP information in the switch startup configuration file and reboot the switch, the switch configuration is selected as follows:
When configuring VTP for the first time, you must always assign a domain name. You must configure all switches in the VTP domain with the same domain name. Switches in VTP transparent mode do not exchange VTP messages with other switches, and you do not need to configure a VTP domain name for them.
Note |
If the NVRAM and DRAM storage is sufficient, all switches in a VTP domain should be in VTP server mode. |
You can configure a password for the VTP domain, but it is not required. If you do configure a domain password, all domain switches must share the same password and you must configure the password on each switch in the management domain. Switches without a password or with the wrong password reject VTP advertisements.
If you configure a VTP password for a domain, a switch that is booted without a VTP configuration does not accept VTP advertisements until you configure it with the correct password. After the configuration, the switch accepts the next VTP advertisement that uses the same password and domain name in the advertisement.
If you are adding a new switch to an existing network with VTP capability, the new switch learns the domain name only after the applicable password has been configured on it.
Caution |
When you configure a VTP domain password, the management domain does not function properly if you do not assign a management domain password to each switch in the domain. |
Follow these guidelines when deciding which VTP version to implement:
How to Configure VTP
You can configure VTP mode as one of these:
When you configure a domain name, it cannot be removed; you can only reassign a switch to a different domain.
You can configure a VTP version 3 password on the switch.
Command or Action | Purpose | |
---|---|---|
Step 1 |
configure terminal Example: Switch# configure terminal |
|
Step 2 |
vtp password
password [
hidden |
secret] Example: Switch(config)# vtp password mypassword hidden |
(Optional) Sets the password for the VTP domain. The password can be 8 to 64 characters.
|
Step 3 |
end Example: Switch(config)# end |
|
Step 4 |
show vtp password Example: Switch# show vtp password |
|
Step 5 |
copy running-config startup-config Example: Switch# copy running-config startup-config |
(Optional) Saves the configuration in the startup configuration file. |
When you configure a VTP server as a VTP primary server, the takeover operation starts.
Command or Action | Purpose | |
---|---|---|
Step 1 |
vtp primary [
vlan |
mst] [
force] Example: Switch# vtp primary vlan force |
Changes the operational state of a switch from a secondary server (the default) to a primary server and advertises the configuration to the domain. If the switch password is configured as hidden, you are prompted to reenter the password.
|
VTP version 2 and version 3 are disabled by default.
Caution |
VTP version 1 and VTP version 2 are not interoperable on switches in the same VTP domain. Do not enable VTP version 2 unless every switch in the VTP domain supports version 2. |
Caution |
In VTP version 3, both the primary and secondary servers can exist on an instance in the domain. |
Command or Action | Purpose | |
---|---|---|
Step 1 |
configure terminal Example: Switch# configure terminal |
|
Step 2 |
vtp version {
1 |
2 |
3} Example: Switch(config)# vtp version 2 |
Enables the VTP version on the switch. The default is VTP version 1. |
Step 3 |
end Example: Switch(config)# end |
|
Step 4 |
show vtp status Example: Switch# show vtp status |
|
Step 5 |
copy running-config startup-config Example: Switch# copy running-config startup-config |
(Optional) Saves the configuration in the startup configuration file. |
Pruning increases available bandwidth by restricting flooded traffic to those trunk links that the traffic must use to access the destination devices. You can only enable VTP pruning on a switch in VTP server mode.
With VTP versions 1 and 2, when you enable pruning on the VTP server, it is enabled for the entire VTP domain. In VTP version 3, you must manually enable pruning on each switch in the domain.
Only VLANs included in the pruning-eligible list can be pruned. By default, VLANs 2 through 1001 are pruning-eligible on trunk ports. Reserved VLANs and extended-range VLANs cannot be pruned.
VTP pruning is not designed to function in VTP transparent mode. If one or more switches in the network are in VTP transparent mode, you should do one of these actions:
To configure VTP pruning on an interface, use the switchport trunk pruning vlan interface configuration command. VTP pruning operates when an interface is trunking. You can set VLAN pruning-eligibility, whether or not VTP pruning is enabled for the VTP domain, whether or not any given VLAN exists, and whether or not the interface is currently trunking.
Command or Action | Purpose | |
---|---|---|
Step 1 |
configure terminal Example: Switch# configure terminal |
|
Step 2 |
vtp pruning Example: Switch(config)# vtp pruning |
Enables pruning in the VTP administrative domain. By default, pruning is disabled. You need to enable pruning on only one switch in VTP server mode. |
Step 3 |
end Example: Switch(config)# end |
|
Step 4 |
show vtp status Example: Switch# show vtp status |
Verifies your entries in the VTP Pruning Mode field of the display. |
With VTP version 3, you can enable or disable VTP on a per-port basis. You can enable VTP only on ports that are in trunk mode. Incoming and outgoing VTP traffic are blocked, not forwarded.
Command or Action | Purpose | |
---|---|---|
Step 1 |
configure terminal Example: Switch# configure terminal |
|
Step 2 |
interface
interface-id Example: Switch(config)# interface gigabitethernet1/0/1 |
Identifies an interface, and enters interface configuration mode. |
Step 3 |
vtp Example: Switch(config)# vtp |
|
Step 4 |
end Example: Switch(config)# end |
|
Step 5 |
show running-config interface
interface-id Example: Switch# show running-config interface gigabitethernet1/0/1 |
|
Step 6 |
show vtp status Example: Switch# show vtp status |
Follow these steps to verify and reset the VTP configuration revision number on a switch before adding it to a VTP domain.
Before adding a VTP client to a VTP domain, always verify that its VTP configuration revision number is lower than the configuration revision number of the other switches in the VTP domain. Switches in a VTP domain always use the VLAN configuration of the switch with the highest VTP configuration revision number. With VTP versions 1 and 2, adding a switch that has a revision number higher than the revision number in the VTP domain can erase all VLAN information from the VTP server and VTP domain. With VTP version 3, the VLAN information is not erased.
You can use the vtp mode transparent global configuration command to disable VTP on the switch and then to change its VLAN information without affecting the other switches in the VTP domain.
Command or Action | Purpose | |
---|---|---|
Step 1 |
show vtp status Example: Switch# show vtp status |
Checks the VTP configuration revision number. |
Step 2 |
configure terminal Example: Switch# configure terminal |
|
Step 3 |
vtp domain
domain-name Example: Switch(config)# vtp domain domain123 |
Changes the domain name from the original one displayed in Step 1 to a new name. |
Step 4 |
end Example: Switch(config)# end |
Returns to privileged EXEC mode. The VLAN information on the switch is updated and the configuration revision number is reset to 0. |
Step 5 |
show vtp status Example: Switch# show vtp status |
Verifies that the configuration revision number has been reset to 0. |
Step 6 |
configure terminal Example: Switch# configure terminal |
|
Step 7 |
vtp domain
domain-name Example: Switch(config)# vtp domain domain012 |
|
Step 8 |
end Example: Switch(config)# end |
Returns to privileged EXEC mode. The VLAN information on the switch is updated. |
Step 9 |
show vtp status Example: Switch# show vtp status |
(Optional) Verifies that the domain name is the same as in Step 1 and that the configuration revision number is 0. |
This section describes commands used to display and monitor the VTP configuration.
Command |
Purpose |
---|---|
Displays counters about VTP messages that have been sent and received. |
|
Displays information about all VTP version 3 devices in the domain. Conflicts are VTP version 3 devices with conflicting primary servers. The show vtp devices command does not display information when the switch is in transparent or off mode. |
|
Displays VTP status and configuration for all interfaces or the specified interface. |
|
Displays the VTP password. The form of the password displayed depends on whether or not the hidden keyword was entered and if encryption is enabled on the switch. |
|
Configuration Examples for VTP
This example shows how to configure a switch as the primary server for the VLAN database (the default) when a hidden or secret password was configured:
Switch# vtp primary vlan Enter VTP password: mypassword This switch is becoming Primary server for vlan feature in the VTP domain VTP Database Conf Switch ID Primary Server Revision System Name ------------ ---- -------------- -------------- -------- -------------------- VLANDB Yes 00d0.00b8.1400=00d0.00b8.1400 1 stp7 Do you want to continue (y/n) [n]? y
After configuring VTP, you can configure the following:
Related Topic | Document Title |
---|---|
For complete syntax and usage information for the commands used in this chapter. |
|
Additional configuration commands and procedures. |
LAN Switching Configuration Guide, Cisco IOS XE Release 3SE (Catalyst 3850 Switches) |
Description | Link |
---|---|
To help you research and resolve system error messages in this release, use the Error Message Decoder tool. |
https://www.cisco.com/cgi-bin/Support/Errordecoder/index.cgi |
Standard/RFC | Title |
---|---|
RFC 1573 |
Evolution of the Interfaces Group of MIB-II |
RFC 1757 |
Remote Network Monitoring Management |
RFC 2021 |
SNMPv2 Management Information Base for the Transmission Control Protocol using SMIv2 |
MIB | MIBs Link |
---|---|
All supported MIBs for this release. |
To locate and download MIBs for selected platforms, Cisco IOS releases, and feature sets, use Cisco MIB Locator found at the following URL: |
Description | Link |
---|---|
The Cisco Support website provides extensive online resources, including documentation and tools for troubleshooting and resolving technical issues with Cisco products and technologies. To receive security and technical information about your products, you can subscribe to various services, such as the Product Alert Tool (accessed from Field Notices), the Cisco Technical Services Newsletter, and Really Simple Syndication (RSS) Feeds. Access to most tools on the Cisco Support website requires a Cisco.com user ID and password. |
Release |
Modification |
---|---|
Cisco IOS XE 3.2SE |
This feature was introduced. |