Multiple VTP servers on Single domain

Unanswered Question
Jun 16th, 2008

What is the rule of thumb here? I must have at least 6 of these. My Dell BladeServers were config'ed as "server" as is my Core 6513 switch.

I know that need at least 1 backup.

Would love to make my Dell's "Client" but that might make Mgt uneasy, but changing to Transparent is painless.

Is there any harm in leaving 6+ Vtp Servers in my domain that is served by my 6513?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
royalblues Mon, 06/16/2008 - 11:23

There is no rule of them but it is generally preferred to have 2 VTP servers.

Cisco VTP implementation is proprietory and will not share vtp information with dell. You might need to use GVRP

So if your topology is sort of discontigous (cisco and dell switches in between), you might need 6 servers in your domain without GVRP


dmooreami Mon, 06/16/2008 - 11:29

Nah, these dell will do VTP. They are Cisco OEM'ed out to dell. They run Cisco IOS optimized for the Dell BladeServer products. no need to run GVRP. Sho ver give "Cisco" all over it.

michaelchoo Mon, 06/16/2008 - 17:27

There is no real harm in having 6 VTP servers, other than making your environment looks a bit.... disorganized. :-P

Personally, I prefer using Transparent across the network. I don't trust VTP Client/Server mode. My reasons are:

1. Historically, there's been some bugs and security alerts associated to VTP Client/Server, but not with Transparent.

2. VTP Transparent may encourage more disciplined change control being followed because you'd have to explicitly make VLAN config changes on the affected switches.

3. VLAN pruning is easier - You only create VLANs on the switches that require them. With Client/Server, when you create a VLAN, it gets propagated to all switches regardless of whether or not those switches need the VLAN.

4. Less chance of human error affecting the whole network - accidents happen. In Client/Server mode, if you make the slightest mistake in VLAN config change, the result will be propagated across all switches, which may be catastrophic (depending on the nature of the change)

5. Less prone to Denial-of-Service - in the past, some security auditors (which can be overly paranoid, as we know) raised an issue that it is easy to perform DoS attack on VTP Client/Server. An attacker only needs the VTP domain name and the database version number, which can presumably be obtained easily using any network "sniffer". It's kinda true, but.... there's a whole swag of "requirements" that need to be met for this type of eventuality to occur. I can go on and on about this. :-)

As far as changing from Server to Client vs Server to Transparent... Admittedly I haven't done that for the longest time (last time I did was close to 10 years ago!), but from what little I remember, I think changing to Client is more painless than to Transparent.


This Discussion