Internetworks offers a comprehensive collection of articles and tutorials on computer networks, covering basic to advanced concepts such as data link layer, network layer, network security, and more. It’s a great starting point for beginners and a useful reference for advanced learners. A+ N+ CCNA CCNP CCIE
by Edgar C Francis
VTP pruning is used to improve the allocation and use of network bandwidth by reducing unnecessary traffic flood for example broadcast, multicast, and flooded unicast. Pruning makes more efficient use of trunk bandwidth.
by default, VTP pruning is disabled, when you enable VTP pruning switch still forwards VLAN unknown unicast and broadcast frames over a trunk port but only forwards if the switch on the receiving end of the trunk has ports in the same VLAN.
when you enable VTP Pruning on the VTP server all the clients in the VTP domain will automatically enable VTP Pruning. once you enable the VTP pruning by default all the VLANs are prune-eligible except VLAN 1 because it is an administrative VLAN and extended range of VLANs. which means VLAN 2 through VLAN 1005 are eligible for pruning.
How does VTP pruning work?
as you can see in the topology here, we have 5 VTP pruned enable switches. a broadcast traffic is generated on switch 2 port which is in VLAN 10. switch 2 forwards it to the trunk and switch-1 receives the traffic and forwards this traffic to switch-4 because the VLAN 10 is only configured on switch 4 and switch 1. The rest of the switches' flooded traffic is pruned.
let's see the configuration: -
Topology: -
configure the topology as per the diagram
configure IP addresses on PCs
configure the 802.1q between switches
configure VTP server on a core switch and switch-1 and 2 clients
configure version 2, password cisco123 and the password must be hidden
configure VLAN 50,60,70,80 on the VTP server and make sure clients synced this information.
VLAN Trunking Protocol (VTP) is a Cisco proprietary protocol, as I already said VTP is used to share the VLAN configuration with other switches and maintain consistency throughout that network but information will be passed only if the switch is connected with fast Ethernet or higher ports and also it must be trunk links.7
if you are not familiar with VTP versions 1 and 2 please click the link
VTP version 3 has features of the VTP primary server the primary server is able to create, delete, and modify VLANs. The secondary server can relay process and save only. VTP version 3 supports the Extended VLANs range (1006 – 4094). And also supports Private VLANs, RSPAN VLANs, and MST. VTP version 3 is compatible with version 2, but not with version 1. VTP version 3 is protected against data overwrites its ability to fix the configuration revision number higher updating. VTP version 3 has more secure methods for authentication of clear text or hidden password protection.
Let’s understand VTP with an example when you have a network
with 30 switches and 50 VLANs. Normally you have to configure each and every
switch separately and create VLANs on each and every switch in your network.
Yes, it’s a time-consuming task so here comes VTP (VLAN Trunking Protocol)
to help us. VTP will help us to create VLANs on one switch and all the other
remaining switches will synchronize themselves. VTP manages the addition,
deletion, and renaming of VLAN across the
network from a focal point of control.
VLAN Trunking Protocol (VTP) is a Cisco proprietary
protocol, as I already said VTP is used to share the VLAN configuration with
other switches and maintain consistency throughout that network but information
will be passed only if the switch is connected with fast Ethernet or higher
ports and also it must be trunk links.
VTP modes:
Server mode is the default mode and has full control over VLAN, it can create,
delete, and modify VLANs configuration and synchronize VLAN configurations,
server mode which is by default mode it can send and forward advertisements
Client mode This mode doesn’t store its VLAN configuration
information in the NVRAM. Instead, it learns from the server each time when it
boots up. VTP client mode does not allow the administrator to create, delete, and modify any VLAN configurations, client
mode is able to forward advertisements and synchronize VLAN configurations
but as I said, client mode does not save VLAN configuration in NVRAM.
Transparent mode can add VLAN, modify, and as well it’s
delete also VLAN configuration locally transparent mode does not synchronize VLAN
configurations. It forwards advertisements and this mode save its VLAN
configuration in NVRAM.
Revision number
VTP switch uses an index called the VTP configuration
revision number to keep track of the most recent information. The VTP
advertisement process always starts with configuration revision number 0. When
subsequent change is made on the VTP server, the revision number is incremented
before the advertisements are sent.
Note: before adding a switch to an existing VTP domain, make
sure your switch has a VTP Revision number set to 0 before adding to the network.
For best practice change the switch VTP transparent mode and then back to server
mode, change the switch VTP domain name to a non-exist VTP domain, and then
change it back to the original name.
VTP version: -
There are three VTP versions are available: -
VTP version 1 supports only one VTP domain. VTP version 1 checks
for domain name, if the VTP domain matches then only its forwards VTP messages. It does not support token ring VLAN.
VTP version 2 support multiple VTP domain, it checks for consistency,
every time when new information is added but the major difference between version
1 and 2 is version 2 support Token ring VLAN.
VTP version 3 is having features of the VTP primary server the
primary server is able to create, delete, and modify VLANs. The secondary server
can relay and process and save only. VTP version 3 supports the Extended VLANs range
(1006 – 4094). And also support Private VLANs, RSPAN VLANs, and Support MST.
VTP version 3 is compatible with version 2, but not with version 1. VTP version
3 is protected against data overwrites its ability to fix the configuration revision
number higher updating. VTP version 3 has more secure methods for
authentication of clear text or hidden password protection.
Let's see the configuration.
Topology: -
Goal:
configure the topology as per the diagram.
configure trunk links as per the diagram.
configure VTP version 2 as per the topology and verify it
create VLANs on the server and verify it on the client and transparent.
(we have configured trunk links between the switches)
sw-1client#show interfaces trunk
Port Mode Encapsulation Status Native vlan
Gig1/0/1 on 802.1q trunking 1
Port Vlans allowed on trunk
Gig1/0/1 1-1005
Port Vlans allowed and active in management domain
Gig1/0/1 1
Port Vlans in spanning tree forwarding state and not pruned
Gig1/0/1 1
sw-2server#show interfaces trunk
Port Mode Encapsulation Status Native vlan
Gig1/0/1 on 802.1q trunking 1
Gig1/0/2 on 802.1q trunking 1
Port Vlans allowed on trunk
Gig1/0/1 1-1005
Gig1/0/2 1-1005
Port Vlans allowed and active in management domain
Gig1/0/1 1
Gig1/0/2 1
Port Vlans in spanning tree forwarding state and not pruned
Gig1/0/1 1
Gig1/0/2 1
sw-3transparent#show interfaces trunk
Port Mode Encapsulation Status Native vlan
Gig1/0/1 on 802.1q trunking 1
Gig1/0/2 on 802.1q trunking 1
Port Vlans allowed on trunk
Gig1/0/1 1-1005
Gig1/0/2 1-1005
Port Vlans allowed and active in management domain
Gig1/0/1 1
Gig1/0/2 1
Port Vlans in spanning tree forwarding state and not pruned
Gig1/0/1 1
Gig1/0/2 1
sw-4client#show interfaces trunk
Port Mode Encapsulation Status Native vlan
Gig1/0/1 on 802.1q trunking 1
Port Vlans allowed on trunk
Gig1/0/1 1-1005
Port Vlans allowed and active in management domain
Gig1/0/1 1
Port Vlans in spanning tree forwarding state and not pruned
Gig1/0/1 1
sw-1client(config)#vtp domain internet Changing VTP domain name from NULL to internet
sw-1client(config)#vtp password internetworks Setting device VLAN database password to internetworks
sw-1client(config)#vtp version 2
sw-1client(config)#vtp mode client Setting device to VTP CLIENT mode.
sw-1client(config)#exit
sw-2server(config)#vtp domain internet
sw-2server(config)#vtp password internetworks
Setting device VLAN database password to internetworks
sw-2server(config)#vtp version 2
sw-2server(config)#vtp mode server Device mode already VTP SERVER.
(Server mode is the default mode)
sw-2server(config)#exit sw-3transparent(config)#vtp domain internet
.sw-3transparent(config)#vtp password internetworks
sw-3transparent(config)#vtp version 2
sw-3transparent(config)#vtp mode transparent Setting device to VTP TRANSPARENT mode.
sw-3transparent(config)#exit
sw-1client#show vtp status
VTP Version capable : 1 to 3 VTP version running : 2 VTP Domain Name : internet
VTP Pruning Mode : Disabled
VTP Traps Generation : Disabled
Device ID : 0001.9602.DC00
Configuration last modified by 0.0.0.0 at 3-1-93 01:31:37
sw-2server#show vtp status
VTP Version capable : 1 to 3 VTP version running : 2 VTP Domain Name : internet
VTP Pruning Mode : Disabled
VTP Traps Generation : Disabled
Device ID : 0009.7C30.9B00
Configuration last modified by 0.0.0.0 at 3-1-93 01:31:37
Local updater ID is 0.0.0.0 (no valid interface found)
Feature VLAN :
-------------- VTP Operating Mode : Server
Maximum VLANs supported locally : 1005
Number of existing VLANs : 5 Configuration Revision : 3
MD5 digest : 0x60 0x44 0x82 0xBB 0xDF 0x2A 0x50 0x67
0xC5 0x9E 0x78 0x39 0x55 0x44 0x65 0x58
sw-3transparent#show vtp status
VTP Version capable : 1 to 3 VTP version running : 2 VTP Domain Name : internet
VTP Pruning Mode : Disabled
VTP Traps Generation : Disabled
Device ID : 0001.C7D1.B600
Configuration last modified by 0.0.0.0 at 3-1-93 01:31:37
( you can see the revision number is 0 the reason is the switch is VTP transparent mode)
sw-4client#show vtp status
VTP Version capable : 1 to 3 VTP version running : 2 VTP Domain Name : internet
VTP Pruning Mode : Disabled
VTP Traps Generation : Disabled
Device ID : 00D0.BAA6.DA00
Configuration last modified by 0.0.0.0 at 3-1-93 00:07:21
{from the above output you can see there is no synchronization the reason is this switch is configured in transparent mode. but the transparent mode switch can forward the VLAN information. in our case, it's forward the VLAN information to our switch 4 (sw-4 client). you can configure VLAN on a transparent mode switch locally.}
.png)
