VLAN Trunking Protocol - Building a Campus Network - CCNP Routing and Switching SWITCH 300-115 Official Cert Guide (2015)

CCNP Routing and Switching SWITCH 300-115 Official Cert Guide (2015)

Part II. Building a Campus Network

Chapter 5. VLAN Trunking Protocol

This chapter covers the following topics that you need to master for the CCNP SWITCH exam:

Image VLAN Trunking Protocol: This section presents Cisco VLAN Trunking Protocol (VTP) for VLAN management in a campus network.

Image VTP Configuration: This section covers the Catalyst switch commands used to configure VTP.

Image VTP Pruning: This section details traffic management by pruning within VTP domains, along with the commands needed for configuration.

Image Troubleshooting VTP: This section gives a brief summary of things to consider and commands to use when VTP is not operating properly.

When VLANs are defined and used on switches throughout an enterprise or campus network, the administrative overhead can easily increase. Using the VLAN Trunking Protocol (VTP) can make VLAN administration more organized and manageable. This chapter covers VTP and its configuration. A similar standards-based VLAN-management protocol for IEEE 802.1Q trunks is called GARP VLAN Registration Protocol (GVRP). The GARP and GVRP protocols are defined in the IEEE 802.1D and 802.1Q (clause 11) standards, respectively. At the time of this writing, GVRP was not supported in any of the Cisco Catalyst switches. Therefore, it is not covered in this text or in the SWITCH course.

“Do I Know This Already?” Quiz

The “Do I Know This Already?” quiz allows you to assess whether you should read this entire chapter thoroughly or jump to the “Exam Preparation Tasks” section. If you are in doubt based on your answers to these questions or your own assessment of your knowledge of the topics, read the entire chapter. Table 5-1 outlines the major headings in this chapter and the “Do I Know This Already?” quiz questions that go with them. You can find the answers in Appendix A, “Answers to the ‘Do I Know This Already?’ Quizzes.”

Image

Table 5-1 “Do I Know This Already?” Foundation Topics Section-to-Question Mapping

1. Which of the following is not a Catalyst switch VTP mode?

a. Server

b. Client

c. Designated

d. Transparent

2. A switch in VTP transparent mode can do which one of the following?

a. Create a new VLAN

b. Only listen to VTP advertisements

c. Send its own VTP advertisements

d. Cannot make VLAN configuration changes

3. Which one of the following is a valid VTP advertisement?

a. Triggered update

b. VLAN database

c. Subset

d. Domain

4. Which one of the following is needed for VTP communication?

a. A Management VLAN

b. A trunk link

c. An access VLAN

d. An IP address

5. Which one of the following VTP modes does not allow any manual VLAN configuration changes?

a. Server

b. Client

c. Designated

d. Transparent

6. Select all the parameters that decide whether to accept new VTP information.

a. VTP priority

b. VTP domain name

c. Configuration revision number

d. VTP server name

7. How many VTP management domains can a Catalyst switch participate in?

a. 1

b. 2

c. Unlimited

d. 4096

8. Which command configures a Catalyst switch for VTP client mode?

a. set vtp mode client

b. vtp client

c. vtp mode client

d. vtp client mode

9. If a VTP server is configured for VTP Version 2, what else must happen for successful VTP communication in a domain?

a. A VTP version 2 password must be set.

b. All other switches in the domain must be version 2 capable.

c. All other switches must be configured for VTP version 2.

d. The VTP configuration revision number must be reset.

10. What is the purpose of VTP pruning?

a. Limit the number of VLANs in a domain

b. Stop unnecessary VTP advertisements

c. Limit the extent of broadcast traffic

d. Limit the size of the virtual tree

11. Which VLAN number is never eligible for VTP pruning?

a. 0

b. 1

c. 1000

d. 1001

12. Which of the following might present a VTP problem?

a. Two or more VTP servers in a domain

b. Two servers with the same configuration revision number

c. A server in two domains

d. A new server with a higher configuration revision number

Foundation Topics

VLAN Trunking Protocol

As the previous chapter demonstrated, VLAN configuration and trunking on a switch or a small group of switches is fairly intuitive. Campus network environments, however, usually consist of many interconnected switches. Configuring and managing a large number of switches, VLANs, and VLAN trunks quickly can get out of control.

Cisco has developed a method to manage VLANs across the campus network. The VLAN Trunking Protocol (VTP) uses Layer 2 trunk frames to communicate VLAN information among a group of switches. VTP manages the addition, deletion, and renaming of VLANs across the network from a central point of control. Any switch participating in a VTP exchange is aware of and can use any VLAN that VTP manages.

VTP Domains

VTP is organized into management domains, or areas with common VLAN requirements. A switch can belong to only one VTP domain, sharing VLAN information with other switches in the domain. Switches in different VTP domains, however, do not share VTP information.

Switches in a VTP domain advertise several attributes to their domain neighbors. Each advertisement contains information about the VTP management domain, VTP revision number, known VLANs, and specific VLAN parameters. When a VLAN is added to a switch in a management domain, other switches are notified of the new VLAN through VTP advertisements. In this way, all switches in a domain can prepare to receive traffic on their trunk ports using the new VLAN.

VTP Modes

Image

To participate in a VTP management domain, each switch must be configured to operate in one of several modes. The VTP mode determines how the switch processes and advertises VTP information. You can use the following modes:

Image Server mode: VTP servers have full control over VLAN creation and modification for their domains. All VTP information is advertised to other switches in the domain, while all received VTP information is synchronized with the other switches. By default, a switch is in VTP server mode. Note that each VTP domain must have at least one server so that VLANs can be created, modified, or deleted, and VLAN information can be propagated.

Image Client mode: VTP clients do not allow the administrator to create, change, or delete any VLANs. Instead, they listen to VTP advertisements from other switches and modify their VLAN configurations accordingly. In effect, this is a passive listening mode. Received VTP information is forwarded out trunk links to neighboring switches in the domain, so the switch also acts as a VTP relay.

Image Transparent mode: VTP transparent switches do not participate in VTP. While in transparent mode, a switch does not advertise its own VLAN configuration, and it does not synchronize its VLAN database with received advertisements. In VTP version 1, a transparent mode switch does not even relay VTP information it receives to other switches unless its VTP domain names and VTP version numbers match those of the other switches. In VTP version 2, transparent switches do forward received VTP advertisements out of their trunk ports, acting as VTP relays. This occurs regardless of the VTP domain name setting.

Image Off mode: Like transparent mode, switches in VTP off mode do not participate in VTP; however, VTP advertisements are not relayed at all. You can use VTP off mode to disable all VTP activity on or through a switch.


Tip

While a switch is in VTP transparent mode, it can create and delete VLANs that are local only to itself. These VLAN changes, however, are not propagated to any other switch.


VTP Advertisements

VTP has evolved over time to include three different versions. Cisco switches can support all three versions, but the versions are not fully backward compatible with each other. If a network contains switches that are running different VTP versions, you should consider how the switches will interact with their VTP information. By default, Cisco switches use VTP Version 1.

Each Cisco switch participating in VTP advertises VLANs, revision numbers, and VLAN parameters on its trunk ports to notify other switches in the management domain. VTP Versions 1 and 2 support VLAN numbers 1 to 1005, whereas only VTP Version 3 supports the full extended VLAN range 1 to 4094.

VTP advertisements are sent as multicast frames. A switch intercepts frames sent to the VTP multicast address and processes them locally. The advertisements can also be relayed or forwarded out trunk links toward neighboring switches in all VTP modes except off mode. Because all switches in a management domain learn of new VLAN configuration changes, a VLAN must be created and configured on only one VTP server switch in the domain.

By default, management domains are set to use nonsecure advertisements without a password. You can add a password to set the domain to secure mode. The same password must be configured on every switch in the domain so that all switches exchanging VTP information use identical encryption methods.

Image

VTP switches use an index called the VTP configuration revision number to keep track of the most recent information. Every switch in a VTP domain stores the configuration revision number that it last heard from a VTP advertisement. The VTP advertisement process always starts with configuration revision number 0.

When subsequent changes are made on a VTP server, the revision number is incremented before the advertisements are sent. When listening switches (configured as members of the same VTP domain as the advertising switch) receive an advertisement with a greater revision number than is stored locally, they assume that the advertisement contains new and updated information. The advertisement is stored and overwrites any previously stored VLAN information.

VTP advertisements usually originate from server mode switches as VLAN configuration changes occur and are announced. Advertisements can also originate as requests from client mode switches that want to learn about the VTP database as they boot.

VTP advertisements can occur in three forms:

Image Summary advertisements: VTP domain servers send summary advertisements every 300 seconds and every time a VLAN database change occurs. The summary advertisement lists information about the management domain, including VTP version, domain name, configuration revision number, time stamp, MD5 encryption hash code, and the number of subset advertisements to follow. For VLAN configuration changes, summary advertisements are followed by one or more subset advertisements with more specific VLAN configuration data. Figure 5-1shows the summary advertisement format.

Image

Figure 5-1 VTP Summary Advertisement Format

Image Subset advertisements: VTP domain servers send subset advertisements after a VLAN configuration change occurs. These advertisements list the specific changes that have been performed, such as creating or deleting a VLAN, suspending or activating a VLAN, changing the name of a VLAN, and changing a VLAN’s maximum transmission unit (MTU). Subset advertisements can list the following VLAN parameters: status of the VLAN, VLAN type (such as Ethernet or Token Ring), MTU, length of the VLAN name, VLAN number, security association identifier (SAID) value, and VLAN name. VLANs are listed individually in sequential subset advertisements. Figure 5-2 shows the VTP subset advertisement format.

Image

Figure 5-2 VTP Subset Advertisement and VLAN Info Field Formats

Image Advertisement requests from clients: A VTP client can request any VLAN information it lacks. For example, a client switch might be reset and have its VLAN database cleared, and its VTP domain membership might be changed, or it might hear a VTP summary advertisement with a higher revision number than it currently has. After a client advertisement request, the VTP domain servers respond with summary and subset advertisements to bring it up to date. Figure 5-3 shows the advertisement request format.

Image

Figure 5-3 VTP Advertisement Request Format

Catalyst switches in server mode store VTP information separately from the switch configuration in NVRAM. VLAN and VTP data are saved in the vlan.dat file on the switch’s flash memory file system. All VTP information, including the VTP configuration revision number, is retained even when the switch power is off. In this manner, a switch can recover the last known VLAN configuration from its VTP database after it reboots.

VTP Synchronization

Image

Whenever a switch receives a VTP advertisement with a configuration revision number that is greater than the value stored locally, it considers the advertisement to contain newer information. The switch will overwrite its own VLAN data with the newer version—even if the newer version contains irrelevant information. Because of this, it is very important to always force any newly added network switches to have revision number 0 before being attached to the network. Otherwise, a switch might have stored a revision number that is greater than the value currently in use in the domain.

The VTP revision number is stored in NVRAM and is not altered by a power cycle of the switch; therefore, the revision number can be initialized to 0 only by using one of the following methods:

Image Change the switch’s VTP mode to transparent and then change the mode back to server.

Image Change the switch’s VTP domain to a bogus name (a nonexistent VTP domain), and then change the VTP domain back to the original name.

If the VTP revision number is not reset to 0, the switch might enter the network as a VTP server and have a preexisting revision number (from a previous life) that is higher than in previous legitimate advertisements. The new switch’s VTP information would be seen as more recent, so all other switches in the VTP domain would gladly accept its database of VLANs and overwrite their good VLAN database entries with null or deleted VLAN status information.

Image

In other words, a new server switch might inadvertently cause every other working switch to flush all records of every VLAN in production. The VLANs would be deleted from the VTP database and from the switches, causing any switch port assigned to them to be returned to the default VLAN 1. This is referred to as a VTP synchronization problem. For critical portions of your network, you should consider using VTP transparent or off mode to prevent the synchronization problem from ever becoming an issue.


Tip

It might seem intuitive that a switch acting as a VTP server could come online with a higher configuration revision number and wreak havoc on the whole domain. You should also be aware that this same thing can happen if a VTP client comes online with a higher revision, too!

Even though it seems as if a client should strictly listen to advertisements from servers, a client can and does send out its own advertisements. When it first powers up, a client sends a summary advertisement from its own stored database. It realizes that it has a greater revision number if it receives an inferior advertisement from a server. Therefore, it sends out a subset advertisement with the greater revision number, which VTP servers will accept as more up-to-date information. Even in VTP client mode, a switch will store the last known VTP information—including the configuration revision number. Do not assume that a VTP client will start with a clean slate when it powers up.


In the days when networks were flat and VLANs stretched end to end, VTP was a convenient administrative tool. VLANs could be created or deleted on all switches in a VTP domain very easily. In this book, you have learned that end-to-end VLANs are not a good idea. Instead, VLANs should be contained within a single switch block or a single access switch.

In such small areas, VTP is not really necessary at all. In fact, Cisco recommends a best practice of configuring all switches in VTP transparent or off mode. You should understand VTP because you might encounter it in an existing network and you should know how to maintain and disable it.

VTP Configuration

By default, every switch operates in VTP server mode for the management domain NULL (a blank string), with no password or secure mode. If the switch hears a VTP summary advertisement on a trunk port from any other switch, it automatically learns the VTP domain name, VLANs, and the configuration revision number it hears. This makes it easy to bring up a new switch in an existing VTP domain. However, be aware that the new switch stays in VTP server mode, something that might not be desirable.


Tip

You should get into the habit of double-checking the VTP configuration of any switch before you add it into your network. Make sure that the VTP configuration revision number is set to 0. You can do this by isolating the switch from the network, powering it up, and using the show vtp status command, as demonstrated in the following output:

Switch# show vtp status
VTP Version capable : 1 to 3
VTP version running : 1
VTP Domain Name :
VTP Pruning Mode : Disabled
VTP Traps Generation : Disabled
Device ID : aca0.164f.3f80
Configuration last modified by 0.0.0.0 at 0-0-00 00:00:00
Local updater ID is 0.0.0.0 (no valid interface found)
Feature VLAN:
--------------
VTP Operating Mode : Server
Maximum VLANs supported locally : 1005
Number of existing VLANs : 5
Configuration Revision : 0
MD5 digest : 0x57 0xCD 0x40 0x65 0x63 0x59 0x47 0xBD
0x56 0x9D 0x4A 0x3E 0xA5 0x69 0x35 0xBC
Switch#

Here, the switch has a configuration revision number of 0, and is in the default state of VTP server mode with an undefined VTP domain name. This switch would be safe to add to a network.


The following sections discuss the commands and considerations that you should use to configure a switch for VTP operation.

Configuring the VTP Version

Three versions of VTP are available for use in a management domain. Catalyst switches can run either VTP Version 1, 2, or 3. Within a management domain, the versions are not fully interoperable. Therefore, the same VTP version should be configured on every switch in a domain. Switches use VTP Version 1 by default.

However, a switch can make some adjustments to be more compatible with neighbors using different VTP versions. For example, a switch running VTPv1 will attempt to change to VTPv2 if it hears a switch running Version 2 or 3 in the domain and it is capable of running Version 2. A switch running VTPv3 will begin sending scaled-down advertisements if it hears a VTPv1 switch. One exception is if extended range VLANs (1006 to 4094) are in use; the extended range is supported only on switches capable of VTPv3.

Image

The VTP versions differ in the features they support. VTP Versions 2 and 3 offer additional features over Version 1, as listed in Tables 5-2 and 5-3, respectively.

Image

Table 5-2 Additional Features Supported by VTP Version 2

Image

Table 5-3 Additional Features Supported by VTP Version 3

The VTP version number is configured using the following global configuration command:

Switch(config)# vtp version {1 | 2 | 3}

By default, a switch uses VTP Version 1.

Configuring a VTP Management Domain

Image

Before a switch is added into a network, the VTP management domain should be identified. If this switch is the first one on the network, the management domain must be created. Otherwise, the switch might have to join an existing management domain with other existing switches.

You can use the following global configuration command to assign a switch to a management domain, where the domain-name is a text string up to 32 characters long:

Switch(config)# vtp domain domain-name

Configuring the VTP Mode

Next, you need to choose the VTP mode for the new switch. The VTP modes of operation and their guidelines for use are as follows:

Image

Image Server mode: Server mode can be used on any switch in a management domain, even if other server and client switches are already in use. This mode provides some redundancy in case of a server failure in the domain. Each VTP management domain should have at least one server. The first server defined in a network also defines the management domain that will be used by future VTP servers and clients. Server mode is the default VTP mode and allows VLANs to be created and deleted.


Note

Multiple VTP servers can coexist in a domain. This is usually recommended for redundancy. The servers do not elect a primary or secondary server; they all simply function as servers. If one server is configured with a new VLAN or VTP parameter, it advertises the changes to the rest of the domain. All other servers synchronize their VTP databases to this advertisement, just as any VTP client would.


Image Client mode: If other switches are in the management domain, you should configure a new switch for client mode operation. In this way, the switch is forced to learn any existing VTP information from a reliable existing server. After the switch has learned the current VTP information, you can reconfigure it for server mode if it will be used as a redundant server.

Image Transparent mode: This mode is used if a switch will not share VLAN information with any other switch in the network. VLANs still can be manually created, deleted, and modified on the transparent switch (and on every other transparent switch that the VLANs touch). However, they are not advertised to other neighboring switches. VTP advertisements received by a transparent switch, however, are forwarded to other switches on trunk links.

Keeping switches in transparent mode can eliminate the chance for duplicate, overlapping VLANs in a large network with many network administrators. For example, two administrators might configure VLANs on switches in their respective areas but use the same VLAN identification or VLAN number. Even though the two VLANs have different meanings and purposes, they could overlap if both administrators advertised them using VTP servers.

Image Off mode: You can use off mode to disable all VTP activity on a switch. No VTP advertisements are sent, none will be received and processed, and none will be relayed to other neighboring switches.

Image

You can configure the VTP mode with the following sequence of global configuration commands:

Switch(config)# vtp mode {server | client | transparent | off}
Switch(config)# vtp password password [hidden | secret]

If the domain is operating in secure mode, a password also can be defined. The password can be configured only on VTP servers and clients. The password itself is not sent; instead, a message digest 5 (MD5) authentication or hash code is computed and sent in VTP advertisements (servers) and is used to validate received advertisements (clients). The password is a string of 1 to 32 characters (case sensitive). For VTP Version 3, the password can be hidden (only a hash of the password is saved in the running configuration) or secret (the password is saved in the running configuration).

If secure VTP is implemented using passwords, begin by configuring a password on the VTP servers. The client switches retain the last-known VTP information but cannot process received advertisements until the same password is configured on them, too.

Table 5-4 shows a summary of the VTP modes. You can use this table for quick review as you study VTP operation.

Image

Table 5-4 Catalyst VTP Modes

VTP Configuration Example

As an example, a switch is configured as a VTP Version 1 server in a domain named MyCompany. The domain uses secure VTP with the password bigsecret. You can use the following configuration commands to accomplish this:

Switch(config)# vtp version 1
Switch(config)# vtp domain MyCompany
Switch(config)# vtp mode server
Switch(config)# vtp password bigsecret

To follow the best practice and put a switch into VTP transparent mode, you can use the following command:

Switch(config)# vtp mode transparent

VTP Status

The current VTP parameters for a management domain can be displayed using the show vtp status command. Example 5-1 demonstrates some sample output of this command from a switch acting as a VTP client in the VTP domain called CampusDomain.

Image

Example 5-1 show vtp status Reveals VTP Parameters for a Management Domain


Switch# show vtp status
VTP Version capable : 1 to 3
VTP version running : 1
VTP Domain Name : CampusDomain
VTP Pruning Mode : Disabled
VTP Traps Generation : Disabled
Device ID : aca0.164f.3f80
Configuration last modified by 0.0.0.0 at 3-30-11 04:42:25

Feature VLAN:
--------------
VTP Operating Mode : Client
Maximum VLANs supported locally : 1005
Number of existing VLANs : 17
Configuration Revision : 25
MD5 digest : 0x6E 0x21 0x14 0x12 0x56 0x0E 0x0A 0x21
0x4A 0x32 0x6C 0xB7 0xA8 0xA5 0x28 0x08
Switch#


You can also use the show vtp status command to verify that a switch is operating in the VTP transparent mode, as shown in Example 5-2.

Example 5-2 show vtp status Verifies VTP Transparent Mode


Switch# show vtp status
VTP Version capable : 1 to 3
VTP version running : 1
VTP Domain Name :
VTP Pruning Mode : Disabled
VTP Traps Generation : Disabled
Device ID : aca0.164f.3f80
Configuration last modified by 0.0.0.0 at 0-0-00 00:00:00

Feature VLAN:
--------------
VTP Operating Mode : Transparent
Maximum VLANs supported locally : 1005
Number of existing VLANs : 5
Configuration Revision : 0
MD5 digest : 0x5E 0x0E 0xA7 0x4E 0xC7 0x4C 0x6F 0x3B
0x9E 0x17 0x1F 0x31 0xE0 0x05 0x91 0xCE
Switch#


VTP Pruning

Recall that, by definition, a switch must forward broadcast frames out all available ports in the broadcast domain because broadcasts are destined everywhere there is a listener. Unless forwarded by more intelligent means, multicast frames follow the same pattern.

In addition, frames destined for an address that the switch has not yet learned or has forgotten (the MAC address has aged out of the address table) must be forwarded out all ports in an attempt to find the destination. These frames are referred to as unknown unicast.

When forwarding frames out all ports in a broadcast domain or VLAN, trunk ports are included if they transport that VLAN. By default, a trunk link transports traffic from all VLANs, unless specific VLANs are removed from the trunk. Generally, in a network with several switches, trunk links are enabled between switches, and VTP might be used to manage the propagation of VLAN information. This scenario causes the trunk links between switches to carry traffic from all VLANs, not just from the specific VLANs created. Consider the network shown in Figure 5-4. When end user Host PC in VLAN 3 sends a broadcast, Catalyst switch C forwards the frame out all VLAN 3 ports, including the trunk link to Catalyst A. Catalyst A, in turn, forwards the broadcast on to Catalysts B and D over those trunk links. Catalysts B and D forward the broadcast out only their access links that have been configured for VLAN 3. If Catalysts B and D do not have any active users in VLAN 3, forwarding that broadcast frame to them would consume bandwidth on the trunk links and processor resources in both switches, only to have switches B and D discard the frames.

Image

Figure 5-4 Flooding in a Catalyst Switch Network

Image

VTP pruning makes more efficient use of trunk bandwidth by reducing unnecessary flooded traffic. Broadcast, multicast, and unknown unicast frames on a VLAN are forwarded over a trunk link only if the switch on the receiving end of the trunk has ports in that VLAN.

VTP pruning occurs as an extension to VTP version 1, using an additional VTP message type. When a Catalyst switch has a port associated with a VLAN, the switch sends an advertisement to its neighbor switches that it has active ports on that VLAN. The neighbors keep this information, enabling them to decide whether flooded traffic from a VLAN should be allowed on the trunk links.

Figure 5-5 shows the network from Figure 5-4 with VTP pruning enabled. Because Catalyst B has not advertised its use of VLAN 3, Catalyst A will prune VLAN 3 from the trunk to B and will choose not to flood VLAN 3 traffic to Catalyst B over the trunk link. Catalyst D has advertised the need for VLAN 3, so traffic will be flooded to it.

Image

Figure 5-5 Flooding in a Catalyst Switch Network Using VTP Pruning


Tip

Even when VTP pruning has determined that a VLAN is not needed on a trunk, an instance of the Spanning Tree Protocol (STP) will run for every VLAN that is allowed on the trunk link. To reduce the number of STP instances, you should manually “prune” unneeded VLANs from the trunk and allow only the needed ones. Use the switchport trunk allowed vlan command to identify the VLANs that should be added or removed from a trunk.


Enabling VTP Pruning

By default, VTP pruning is disabled. To enable pruning, use the following global configuration command:

Switch(config)# vtp pruning

If you use this command on a VTP server, it also advertises that pruning needs to be enabled for the entire management domain. All other switches listening to that advertisement will also enable pruning.

When pruning is enabled, all general-purpose VLANs become eligible for pruning on all trunk links, if needed. However, you can modify the default list of pruning eligibility with the following interface-configuration command:

Switch(config)# interface type member/module/number
Switch(config-if)# switchport trunk pruning vlan {{{add | except | remove}
vlan-list} | none}

By default, VLANs 2 through 1001 are eligible, or “enabled,” for potential pruning on every trunk. Use one of the following keywords with the command to tailor the list:

Image vlan-list: An explicit list of eligible VLAN numbers (anything from 2 to 1001), separated by commas or by dashes, but no spaces.

Image add vlan-list: A list of VLAN numbers (anything from 2 to 1001) is added to the already configured list; this is a shortcut to keep from typing a long list of numbers.

Image except vlan-list: All VLANs are eligible except for the VLAN numbers listed (anything from 2 to 1001); this is a shortcut to keep from typing a long list of numbers.

Image remove vlan-list: A list of VLAN numbers (anything from 2 to 1001) is removed from the already configured list; this is a shortcut to keep from typing a long list of numbers.

Image None: No VLAN will be eligible for pruning.


Tip

Be aware that VTP pruning has no effect on switches in the VTP transparent mode. Instead, those switches must be configured manually to “prune” VLANs from trunk links. By default, VLANs 2 to 1001 are eligible for pruning. VLAN 1 has a special meaning because it is sometimes used for control traffic and is the default access VLAN on switch ports. Because of these historical reasons, VLAN 1 is never eligible for pruning. In addition, VLANs 1002 through 1005 are reserved for Token Ring and FDDI VLANs and are never eligible for pruning.


Troubleshooting VTP

If a switch does not seem to be receiving updated information from a VTP server, consider these possible causes:

Image The switch is configured for VTP transparent mode. In this mode, incoming VTP advertisements are not processed; they are relayed only to other switches in the domain.

Image If the switch is configured as a VTP client, there might not be another switch functioning as a VTP server. In this case, configure the local switch to become a VTP server itself.

Image The link toward the VTP server is not in trunking mode. VTP advertisements are sent only over trunks. Use the show interface type member/module/number switchport to verify the operational mode as a trunk.

Image Make sure that the VTP domain name is configured correctly to match that of the VTP server.

Image Make sure that the VTP version is compatible with other switches in the VTP domain.

Image Make sure that the VTP password matches others in the VTP domain. If the server does not use a password, make sure the password is disabled or cleared on the local switch.


Tip

Above all else, verify a switch’s VTP configuration before connecting it to a production network. If the switch has been configured previously or used elsewhere, it might already be in VTP server mode and have a VTP configuration revision number that is higher than that of other switches in the production VTP domain. In that case, other switches will listen and learn from the new switch because it has a higher revision number and must know more recent information. This could cause the new switch to introduce bogus VLANs into the domain or, worse yet, to cause all other switches in the domain to delete all their active VLANs.

To prevent this from happening, reset the configuration revision number of every new switch before it is added to a production network. Even better, avoid using VTP completely!


Table 5-5 lists and describes the commands that are useful for verifying or troubleshooting VTP configuration.

Image

Table 5-5 VTP Configuration Troubleshooting Commands

Exam Preparation Tasks

Review All Key Topics

Review the most important topics in the chapter, noted with the Key Topic icon in the outer margin of the page. Table 5-6 lists a reference of these key topics and the page numbers on which each is found.

Image

Image

Table 5-6 Key Topics for Chapter 5

Complete Tables and Lists from Memory

Print a copy of Appendix C, “Memory Tables,” (found on the CD), or at least the section for this chapter, and complete the tables and lists from memory. Appendix D, “Memory Table Answer Key,” also on the CD, includes completed tables and lists to check your work.

Define Key Terms

Define the following key terms from this chapter, and check your answers in the glossary:

VTP

VTP domain

VTP configuration revision number

VTP synchronization problem

VTP pruning

Use Command Reference to Check Your Memory

This section includes the most important configuration and EXEC commands covered in this chapter. It might not be necessary to memorize the complete syntax of every command, but you should remember the basic keywords that are needed.

To test your memory of the VTP-related commands, cover the right side of Table 5-7 with a piece of paper, read the description on the left side, and then see how much of the command you can remember.

Image

Table 5-7 VTP Configuration Commands

Remember that the CCNP exam focuses on practical or hands-on skills that are used by a networking professional. For the skills covered in this chapter, remember that the commands always involve the vtp keyword.