Wednesday 19 December 2018

What is VLAN Trunking Protocol (VTP)? How to configure VTP?




Let’s understand VTP with an example when you have a network with 30 switches and 50 VLANs. Normally you have to configure each and every switch separately and create VLANs on each and every switch in your network. Yes, it’s a time-consuming task so here comes VTP (VLAN Trunking Protocol) to help us. VTP will help us to create VLANs on one switch and all the other remaining switches will synchronize themselves. VTP manages the addition, deletion, and renaming of VLAN across the network from a focal point of control.







VLAN Trunking Protocol (VTP) is a Cisco proprietary protocol, as I already said VTP is used to share the VLAN configuration with other switches and maintain consistency throughout that network but information will be passed only if the switch is connected with fast Ethernet or higher ports and also it must be trunk links.

VTP modes:

Server mode is the default mode and has full control over VLAN, it can create, delete, and modifies VLANs configuration and synchronizes VLAN configurations, server mode which is by default mode it can send and forwards advertisements

Client mode This mode doesn’t store its VLAN configuration information in the NVRAM. Instead, it learns from the server each time when it boots up.  VTP client mode does not allow the administrator to create, delete, and modify any VLAN configurations, client mode is able to forward advertisements and synchronize VLAN configurations but as I said, client mode does not save VLAN configuration in NVRAM.


Transparent mode can add VLAN, modify, and as well it’s deleted also VLAN configuration locally transparent mode does not synchronize VLAN configurations. Its forward advertisements and this mode save its VLAN configuration in NVRAM.

Revision number

VTP switch uses an index called the VTP configuration revision number to keep track of the most recent information. The VTP advertisement process always starts with configuration revision number 0. When subsequent change is made on the VTP server, the revision number is incremented before the advertisements are sent.


Note: before adding a switch to an existing VTP domain, make sure your switch has a VTP Revision number set to 0 before adding to the network. For best practice change the switch VTP transparent mode and then back to server mode, change the switch VTP domain name to a non-exist VTP domain, and then change it back to the original name.

VTP version: -

There are three VTP versions are available: -

VTP version 1 supports only one VTP domain. VTP version 1 checks for domain name, if the VTP domain matches then only its forwards VTP messages. It does not support token ring VLAN.


VTP version 2 support multiple VTP domain, it checks for consistency, every time when new information is added but the major difference between version 1 and 2 is version 2 support Token ring VLAN.

VTP version 3 is having features of the VTP primary server the primary server is able to create, delete, and modify VLANs. The secondary server can relay and process and save only. VTP version 3 supports the Extended VLANs range (1006 – 4094). And also support Private VLANs, RSPAN VLANs, and Support MST. VTP version 3 is compatible with version 2, but not with version 1. VTP version 3 is protected against data overwrites its ability to fix the configuration revision number higher updating. VTP version 3 has more secure methods for authentication of clear text or hidden password protection.


Let's see the configuration.


Topology: -




Goal:
  • configure the topology as per the diagram. 
  • configure trunk links as per the diagram.
  • configure VTP version 2 as per the topology and verify it 
  • create VLANs on the server and verify it on the client and transparent.




sw-1client(config)#interface gigabitEthernet 1/0/1
sw-1client(config-if)#switchport trunk encapsulation dot1q
sw-1client(config-if)#switchport mode trunk
sw-1client(config-if)#exit

sw-2server(config)#interface gigabitEthernet 1/0/1
sw-2server(config-if)#switchport trunk encapsulation dot1q
sw-2server(config-if)#switchport mode trunk
sw-2server(config-if)#exit


sw-2server(config)#interface gigabitEthernet 1/0/2
sw-2server(config-if)#switchport trunk encapsulation dot1q
sw-2server(config-if)#switchport mode trunk

sw-2server(config-if)#exit

sw-3transparent(config)#interface gigabitEthernet 1/0/1
sw-3transparent(config-if)#switchport trunk encapsulation dot1q
sw-3transparent(config-if)#switchport mode trunk
sw-3transparent(config-if)#exit

sw-3transparent(config)#interface gigabitEthernet 1/0/2
sw-3transparent(config-if)#switchport trunk encapsulation dot1q
sw-3transparent(config-if)#switchport mode trunk
sw-3transparent(config-if)#exit


sw-4client(config)#interface gigabitEthernet 1/0/1
sw-4client(config-if)#switchport trunk encapsulation dot1q
sw-4client(config-if)#switchport mode trunk

sw-4client(config-if)#exit

(we have configured trunk links between the switches)

 sw-1client#show interfaces trunk
Port          Mode          Encapsulation   Status         Native vlan
Gig1/0/1    on             802.1q               trunking           1

Port Vlans allowed on trunk
Gig1/0/1 1-1005

Port Vlans allowed and active in management domain
Gig1/0/1 1

Port Vlans in spanning tree forwarding state and not pruned
Gig1/0/1 1



sw-2server#show interfaces trunk
Port             Mode          Encapsulation    Status   Native vlan
Gig1/0/1       on                  802.1q          trunking     1
Gig1/0/2       on                  802.1q          trunking     1

Port Vlans allowed on trunk
Gig1/0/1 1-1005
Gig1/0/2 1-1005

Port Vlans allowed and active in management domain
Gig1/0/1 1
Gig1/0/2 1

Port Vlans in spanning tree forwarding state and not pruned
Gig1/0/1 1


Gig1/0/2 1

sw-3transparent#show interfaces trunk
Port         Mode           Encapsulation     Status         Native vlan
Gig1/0/1  on                    802.1q            trunking           1
Gig1/0/2  on                    802.1q            trunking           1

Port Vlans allowed on trunk
Gig1/0/1 1-1005
Gig1/0/2 1-1005

Port Vlans allowed and active in management domain
Gig1/0/1 1
Gig1/0/2 1

Port Vlans in spanning tree forwarding state and not pruned
Gig1/0/1 1
Gig1/0/2 1


sw-4client#show interfaces trunk
Port         Mode           Encapsulation  Status    Native vlan
Gig1/0/1   on                 802.1q          trunking       1


Port Vlans allowed on trunk
Gig1/0/1 1-1005

Port Vlans allowed and active in management domain
Gig1/0/1 1

Port Vlans in spanning tree forwarding state and not pruned

Gig1/0/1 1
sw-1client(config)#vtp domain internet
Changing VTP domain name from NULL to internet

sw-1client(config)#vtp password internetworks
Setting device VLAN database password to internetworks

sw-1client(config)#vtp version 2
sw-1client(config)#vtp mode client
Setting device to VTP CLIENT mode.


sw-1client(config)#exit

sw-2server(config)#vtp domain internet
sw-2server(config)#vtp password internetworks
Setting device VLAN database password to internetworks

sw-2server(config)#vtp version 2
sw-2server(config)#vtp mode server
Device mode already VTP SERVER.

                                                   

   (Server mode is the default mode)


sw-2server(config)#exit
sw-3transparent(config)#vtp domain internet
.sw-3transparent(config)#vtp password internetworks
sw-3transparent(config)#vtp version 2
sw-3transparent(config)#vtp mode transparent
Setting device to VTP TRANSPARENT mode.


sw-3transparent(config)#exit


sw-1client#show vtp status
VTP Version capable : 1 to 3
VTP version running : 2
VTP Domain Name : internet
VTP Pruning Mode : Disabled
VTP Traps Generation : Disabled
Device ID : 0001.9602.DC00
Configuration last modified by 0.0.0.0 at 3-1-93 01:31:37

Feature VLAN :
--------------
VTP Operating Mode : Client
Maximum VLANs supported locally : 1005
Number of existing VLANs : 5
Configuration Revision : 3
MD5 digest : 0x60 0x44 0x82 0xBB 0xDF 0x2A 0x50 0x67

0xC5 0x9E 0x78 0x39 0x55 0x44 0x65 0x58


sw-2server#show vtp status
VTP Version capable : 1 to 3
VTP version running : 2
VTP Domain Name : internet
VTP Pruning Mode : Disabled
VTP Traps Generation : Disabled
Device ID : 0009.7C30.9B00
Configuration last modified by 0.0.0.0 at 3-1-93 01:31:37
Local updater ID is 0.0.0.0 (no valid interface found)

Feature VLAN :
--------------
VTP Operating Mode : Server
Maximum VLANs supported locally : 1005
Number of existing VLANs : 5
Configuration Revision : 3
MD5 digest : 0x60 0x44 0x82 0xBB 0xDF 0x2A 0x50 0x67

0xC5 0x9E 0x78 0x39 0x55 0x44 0x65 0x58


sw-3transparent#show vtp status
VTP Version capable : 1 to 3
VTP version running : 2
VTP Domain Name : internet
VTP Pruning Mode : Disabled
VTP Traps Generation : Disabled
Device ID : 0001.C7D1.B600
Configuration last modified by 0.0.0.0 at 3-1-93 01:31:37

Feature VLAN :
--------------
VTP Operating Mode : Transparent
Maximum VLANs supported locally : 1005
Number of existing VLANs : 5
Configuration Revision : 0
MD5 digest : 0x36 0xD0 0x36 0xEB 0x4C 0xC4 0x8D 0x2E

0xAB 0xA6 0xDA 0xAD 0x97 0x37 0x4A 0xB9

( you can see the revision number is 0 the reason is the switch is  VTP transparent mode)

sw-4client#show vtp status
VTP Version capable : 1 to 3
VTP version running : 2
VTP Domain Name : internet
VTP Pruning Mode : Disabled
VTP Traps Generation : Disabled
Device ID : 00D0.BAA6.DA00
Configuration last modified by 0.0.0.0 at 3-1-93 00:07:21


Feature VLAN :
--------------
VTP Operating Mode : Client
Maximum VLANs supported locally : 1005
Number of existing VLANs : 5
Configuration Revision : 2
MD5 digest : 0x0F 0x76 0x3F 0x32 0xAB 0x02 0x87 0x25

0x4C 0x4A 0xB4 0xF2 0x10 0xBB 0x14 0x69

(lets create vlans on server and verify it)

sw-2server(config)#vlan 10
sw-2server(config-vlan)#name HR
sw-2server(config-vlan)#exit

sw-2server(config)#vlan 20
sw-2server(config-vlan)#name SALES
sw-2server(config-vlan)#exit


sw-2server(config)#vlan 30
sw-2server(config-vlan)#name MARKETING
sw-2server(config-vlan)#exit

sw-2server(config)#VLAN 40
sw-2server(config-vlan)#name INFO-TECH

sw-2server(config-vlan)#exit

from switch 1 (VTP client mode)





from switch 2 (VTP mode server)



from switch 3 (VTP mode transparent)
{from the above output you can see there is no synchronization the reason is this switch is configured in transparent mode. but the transparent mode switch can forward the VLAN information. in our case, it's forward the VLAN information to our switch 4 (sw-4 client). you can configure VLAN on a transparent mode switch locally.}



from switch 4 (VTP mode client)

(lets configure VLAN on transparent mode switch)

sw-3transparent(config)#vlan 10
sw-3transparent(config-vlan)#name SALES
sw-3transparent(config-vlan)#exit

sw-3transparent(config)#vlan 20
sw-3transparent(config-vlan)#name HR
sw-3transparent(config-vlan)#exit

sw-3transparent(config)#vlan 30
sw-3transparent(config-vlan)#name MARKETING
sw-3transparent(config-vlan)#exit


sw-3transparent(config)#vlan 40
sw-3transparent(config-vlan)#name INFO-TECH

sw-3transparent(config-vlan)#exit

from switch 3 (VTP  transparent mode)


(in the next section we will see the configuration of VTP version 3)

 


 


Instagram

Facebook


Twitter



LINKEDIN








at
Labels:

3 comments:

Glenn M Tembo said...

Thank you very much this has helped me a lot. I am trying to do self study and you are helpful. I want to do cisco and still familiarising myself

3 March 2019 at 22:44
Unknown said...

Thank you this is very helpfull.

8 March 2019 at 08:27
Mario said...

Thank you very much

18 April 2019 at 17:31

Post a Comment

Subscribe to: Post Comments (Atom)

What is DAI (Dynamic ARP Inspection)? | How to configure Dynamic ARP Inspection DAI? | cyber-attack prevention | ARP Poisoning prevention.

 Dynamic ARP Inspection  ARP (Address Resolution Protocol) it’s a communication protocol. Networking devices are used for discovering MAC ...