VTP Best Practices

Unanswered Question
Nov 14th, 2008

I have a pretty good size network. A MDF and 6 IDF's. In the past I configured all my IDF's as their own VLAN. All ports going out to the IDF's were configured for particular VLAN's and this worked pretty well. Due to some internal changes I am going to reconfigure my connection ports as trunks, so I will have the ability to put a specific VLAN on any port in the company. As part of this I will be using VTP. I have a few questions regarding the configuration of VTP. Here they are:

1. I have several offices where I will be deploying VTP. Should I use a separate VTP domain in each office?

2. Should I enable VTP pruning?

3. Should I use a VTP password?

4. Is there any way to configure a second VTP server for redundancy?

5. Any best practices anyone can recommend?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Edison Ortiz Fri, 11/14/2008 - 08:47

I have several offices where I will be deploying VTP. Should I use a separate VTP domain in each office?

If the offices are inter-connected via a routed WAN Link, you can use the same VTP domain in each office as the Layer2 information won't be forwarded over the WAN.

If the offices are inter-connected via a Metro-E or any other Layer2 WAN service, then having an unique VTP domain in each office is highly recommended.

Should I enable VTP pruning?

Yes.

Should I use a VTP password?

Yes.

. Is there any way to configure a second VTP server for redundancy?

Of course, you can have multiple switches serving as VTP server. Just set the mode to VTP server on more than one switch and they will share the VTP DB.

Any best practices anyone can recommend?

If you want to go with VTP for ease of Vlan management, VTP pruning and VTP password are the 2 most important aspect to address.

However, VTP Server/Client configuration is frown upon many organizations. One mistake made on the VTP server Vlan DB can cause disruption in the whole VTP domain. Often, it's recommended to go with VTP transparent all around but this means you will have to manage each switch's Vlan database independently.

HTH,

__

Edison.

Please rate helpful posts

milan.kulik Sun, 11/16/2008 - 11:01

Hi,

just one note:

Using the same VTP domain (and password) in more sites can be a little dangerous.

Moving a switch (even a VTP client) from one office to another can bring a "VTP bomb" there.

BR,

Milan

Actions

This Discussion