Practical purpose of VTP Transparent Mode

Unanswered Question
Aug 19th, 2007
User Badges:

Everytime I read about VTP I wonder


"Why use VTP Transparent"?


It seems like having servers and clients is enough if you plan on using VTP in your network.


What is the purpose of having VTP transparent mode?


Why does VTP transparent mode allow creation, deletion, and configuring of VTP information but not propogate this information? Something doesn't add up.

Also, I read VTP transparent supports extendeds VLANs but the other modes don't.


I don't understand the purpose of VTP transparent mode other then forwarding VTP advertisements without keeping information for that domain.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (1 ratings)
Loading.
flashsplash Sun, 08/19/2007 - 08:45
User Badges:

These are reason for setting up an switch with transparent mode.


>You can hide vlan's which u don't want other networks to know off.


>If al the switches in the network run vtp version 2 then a switch in transparant mode will forward vtp advertisements without looking into the domain name.


>vtp transparent mode allows for creation, deletion, and configuring but these are locally significant only.


I might have forgotten other issue's related to vtp transparant mode, but just wanted to add that there must be some advantages for vtp transparant mode otherwise cisco would have let this option out.


bye flash....

Edison Ortiz Sun, 08/19/2007 - 09:15
User Badges:
  • Super Bronze, 10000 points or more
  • Hall of Fame,

    Founding Member

One of the main advantages for VTP Transparent is securing your VTP database from another switch.


Let's say you have a Core switch running VTP server and another switch is inserted into the network with a higher configuration revision. Your production VTP database will be erased.


There are ways to prevent this on a VTP server/client environment, implementing VTP passwords. However, they aren't as fool-proof as the VTP Transparent approach.



Jon Marshall Sun, 08/19/2007 - 10:44
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Hi


VTP transparent is very useful in secure data centre environments. As Edison says, you can implement VTP server/client with passwords but this is still not as secure as VTP transparent mode.


Using transparent mode gives you very precise control of which vlans are available on which switch and makes the network administrator think very caerfully about where he wants his vlans to be available. VTP server/client is very handy in a large switched infrastructure but even with VTP pruning and allowing/denying specific vlans on trunk links it is still not as precise.


And as you say there are some things you might want to do such as extended vlans etc. that require the switch to be in transparent mode.


HTH


Jon

2pparish Sun, 08/19/2007 - 14:59
User Badges:

Thanks for clearing this up.


I can see how running transparent mode would help propogate VLAN information without interfering with any local VLAN's configured on your switch.


This seems like it would help for "stub" areas where the switch only needs to know about VLANs created locally. I never thought about that scenario but it makes sense.

Francois Tallet Mon, 08/20/2007 - 13:31
User Badges:
  • Gold, 750 points or more

The practical purpose of VTP transparent was originally to simply disable VTP. When you run VTP, you configure a vlan database (that is distributed over the network by VTP) and then, this vlan database is applied to your local device. By running VTP transparent, you are just allowed to control your local device directly. As you are not running VTP any more, you are relaying VTP messages as if they were user traffic (exactly what a third party bridge that does not run VTP would do).

Before VTP3, you needed to go to transparent mode to configure extended vlans or private vlans for instance. This is because the VTP database has no support for them. By disabling VTP, you have direct access to your device and are short-circuiting the vlan database.

Now, an additional "VTP off" mode was created to satisfy customers who were paranoid of running any kind of VTP. That's in my opinion a mis-understanding of the VTP transparent mode. Anyway, off mode not only allows you to configure directly your switch, but also prevents VTP messages from being flooded transparently. In fact, the switch is off mode is actively filtering VTP messages... (imo, transparent should be called off, and off should be called "filtering mode" or something like that).

Regards,

Francois

Pavel Bykov Mon, 08/20/2007 - 13:48
User Badges:
  • Silver, 250 points or more

I can say from practical point of view why we use it:

We can have VLAN 700, 701, 702 on ALL switches. Although it's same VLAN, it's routed by SVI with a different subnet on every L3 switch. Therefore it simplifies administration (no need to think of numbers for hundreds of VLANs, and to think which is which - 700 can be users, 701 voice and 702 can be servers) and all hosts are still in different broadcast domains. When you have 300 switches with 900 subnets, that's a real time saver.

Actions

This Discussion