vtp and vlans

Unanswered Question
Feb 4th, 2009
User Badges:

Hi all

I have a quick few questions

With vtp, is the default mode server? if so If I plug another switch in the network will it have any effect or do they need to be in the same domain before anything happens? I have heard that its best to just use transparent everywhere.

Also with vlan trunking, is it best to manually prune vlans on the uplinks?



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (2 ratings)
Roberto Salazar Wed, 02/04/2009 - 08:55
User Badges:
  • Gold, 750 points or more

With vtp, is the default mode server?


if so If I plug another switch in the network will it have any effect or do they need to be in the same domain before anything happens?

>>The switches have to exchange VTP, they need to be in same domain to exchange VTP. And trunk have to be formed between them to exchange VTP.

I have heard that its best to just use transparent everywhere.

>>What you heard is true.

Also with vlan trunking, is it best to manually prune vlans on the uplinks?

>>IT is better to clear the vlans that does not need to propagate to the other switch across the trunk.

carl_townshend Wed, 02/04/2009 - 09:02
User Badges:

are they in a domain by default? if they are in a null domain by default, does this mean the switches will see each others vtp info or does a domain need to be set before they advertise vtp ?

Yudong Wu Wed, 02/04/2009 - 09:49
User Badges:
  • Gold, 750 points or more

By default, no damin name is set.

Domain name must be set in order to pass vtp info.

jedavis Mon, 02/16/2009 - 09:30
User Badges:

True, by default no domain name is set. However, if you connect a switch with a null domain to an active VTP domain via a trunk, the new switch will inherit the domain name and configuration from the active VTP domain. If you connect a switch with a different VTP domain name configured, VTP information (Vlans) will not be propagated.

Mohamed Sobair Wed, 02/04/2009 - 09:59
User Badges:
  • Gold, 750 points or more


1- With VTP the default mode is Server.

2- If u plug another Switch to the Network, its recommended to change the VTP mode to transparent mode to prevent merging all Switches config by the new switch. a Switch with Higher Revision number becomes the update VTP Server.

3- The prunning doesnt happen per uplink or port, the Prunning has to be set in by the VTP domain to eleminate unnecessary broadcast traffic.



justbailey Mon, 02/09/2009 - 06:32
User Badges:

Routing really has no effect on pruning. Pruning is strictly to minimize your layer two traffic between layer two devices over trunk ports.

So even if you are not routing your vlans, it could still be possible to pass on broadcast storms on your switches from unneeded vlans.

justbailey Mon, 02/09/2009 - 06:48
User Badges:

I would say yes, especially if you have a large number of vlans or vlans that need to be protected, e.g. sensitive data vlans. The question, and this is a matter of preference, is how you want to prune.

1) As Mohammed stated:

"switch(config)#vtp pruning"

This must be done on the vtp server and the switch itself controls what vlan broadcast traffic is passed on. This should be enabled. Make sure your switches meet the requirements as stated by Cisco, there are a few caveats.

2) On top of the above method, you can also deploy the method i suggested. Pruning on the uplinks is a way of manually making it impossible for the vlans to be passed on. This is done with the "switchport trunk allowed vlan vlanxxx" command. An example of when you may want to do this is if you have a user and a server vlan in the same vtp domain and you never want server vlan traffic to reach the switches that users plug into.



Thanks again

I don't quite have a handle on the vtp domain name and reversions to attempt any changes along those lines.

As it stands right now I have one switch that is the server and all others are clients. And I use one domain name.

I always create vlans on the server switch and allow vtp to take care of business.

However the manual method for pruing that you advocate makes perfect sense. I was already using the allow paramenter on trunks connected to AP's but I did not realize that this was "manual pruning." Thanks

justbailey Mon, 02/09/2009 - 09:01
User Badges:

My recommendation for you is do a "show vtp status" on your switches. Make sure the vtp version is the same on all of them and make sure pruning is enabled. This gives you a good start if these are the same.

Do some research on "switchport trunk allowed" and see if it is something that you can benefit from. It may not be worth the administrative overhead to deal with it for your organization.

I am not familiar with "allow parameter". Is this setup in a GUI? I dont think this has anything to do with VTP.

I checked a sample number of switches and they have the following:

KBCOH1RD4SW3#sh vtp st

VTP Version : 2

Configuration Revision : 28

Maximum VLANs supported locally : 1005

Number of existing VLANs : 24

VTP Operating Mode : Client

VTP Domain Name : jergens

VTP Pruning Mode : Disabled

VTP V2 Mode : Disabled

VTP Traps Generation : Enabled

MD5 digest : 0xB9 0x0E 0x32 0x29 0x93 0x0D 0x25 0x58

Configuration last modified by at 1-21-09 20:25:22

As you can see I do not have pruning enabled nor V2 enabled.

What is the effect of enabling pruning on the server switch? And enabling V2?

Is it disruptive?

justbailey Mon, 02/09/2009 - 10:13
User Badges:


Both of these changes SHOULD not be disruptive, but I personally would not make a configuration change like this during production hours, but rather in a maintenance window, unless broadcast storms are slamming your switches and affecting network performance or something like that.

Do you have any monitoring tools to check bandwidth usage on your switches? If so, check them out and see how they look. If you have plenty of bandwidth on your trunk lines, this should be a low priority and done during non-peak hours, in my opinion.

justbailey Mon, 02/09/2009 - 10:34
User Badges:

No problem, John.

I will definitely be in Cincy for the Redlegs opening day!!

One good way to chase these storms is by checking the bandwidth of your access ports. If you have graphs, great, if not, do a show int F0/xx, look for low reliability (low/255), or really high tx and rxloads (high/255), especially rx (255/255). If you find access ports that seem to be universally spiking, remove that vlan from the switch while you are troubleshooting the root cause.

reliability 255/255, txload 1/255, rxload 1/255

Received 43552 broadcasts, 0 runts, 0 giants, 0 throttles

"Clear counters" and then see if some ports are getting way more broadcasts than others can also help. good luck! Storms can be a pain.

justbailey Wed, 02/04/2009 - 13:07
User Badges:

2) I put change the mode to transparent, verify the revision # is at 0 with a "show vtp status", then put the switch on the network. Then I change the mode to client. If you leave it in transparent mode it will not get the vtp updates from the server.

3) We "manually prune" our uplinks on the switches. Do this by "switchport trunk allowed vlan3,vlan5,vlan10".

This way you can maintain administrative control of your vlans.


This Discussion