05-28-2010 11:28 AM - edited 03-06-2019 11:19 AM
I was doing some reading in my Cisco Academy Training - Chapter 4 of the Switching Fundamentals and they are going over VTP.
It showed an example where 3 VTP Server's existed. All 3 switches connected - and that all three are VTP Servers (not clients) - -The S1 VTP Server was able to send out the VTP Domain name (Cisco) to replace "null" entries on other VTP Domain Servers.
I was just trying to understand how that is possible? I thought that only Clients could be sent information and instructions.
Why would there be 3 VTP Servers on one network? The example did not make sense....
Of course I am sure I might have overlooked something -- hope to hear from anyone who can help. Thank you in advance - your knowledge is appreciated.
-Joe
Solved! Go to Solution.
05-28-2010 12:03 PM
Hi Joe,
The VTP server is the one that makes the changes to the VTP domain. By default, all switches are VTP servers in the (null) VTP domain. Once a VTP server has been configured with a VTP domain, it starts sending out VTP advertisements with that domain name, and other switches that have a (null) domain join it.
VTP clients can't make updates to their local VLAN database. VTP Servers accept updates from other VTP servers in the same VTP domain. VTP clients accept updates from the VTP servers in the same VTP domain.
There is one gotcha with VTP that would allow a VTP Client to make changes to the VLAN database of the VTP Server and it has to do with the Revision number.
When there's a change to the VLAN information, the VTP revision number is incremented by one and an update is sent out. If a switch recieves an update with a higher revision number, it processes the update. If the recieved update is lower than its revision number, it will simply ignore the message. The gotcha is that if a VTP domain has a revision number of X, if any switch is joined to the network that is configured with the same VTP domain name and its revision is higher even if if it's a VTP client, and that VTP client starts sending VTP messages... The VTP server will see the higher revision number coming from the VTP client switch and update its VLAN database. This could result in all the "Good" VLANs being replaced with junk information. It's important to ensure there is not any "linger" VTP data on a switch that you're adding to the network.
HTH
Ryan.
05-28-2010 12:15 PM
Joe
Just to add to Ryan's post. In production network you will often find that at least 2 switches are assigned to be VTP servers. This does not create a problem for the reasons Ryan has covered but it does mean if one of the switches fails you still have an active VTP server to make your vlan updates on.
Jon
05-28-2010 01:19 PM
Joseph,
If having multiple VTP servers, they will synchronize to the one that has the latest revision number (no DR/BDR concept).
Federico.
05-28-2010 01:26 PM
Joe
As Federico says it is the highest revision number. In practice this means you can update the vlan info on either VTP server because once the switches have all been updated they should have the same VTP revision number. So if both VTP servers have the same revision number it doesn't matter which one you update because it will then have the higher revision number so all the other switches will synchronise to that one including the other VTP server.
Jon
05-28-2010 03:29 PM
joealbergo wrote:
Alright -
1 VTP Domain has how many servers?
Joe
As a general rule in production networks you have 2 VTP servers per VTP domain.
Jon
05-28-2010 03:29 PM
Joseph,
As Jon said.... usually 1 VTP server per domain, however you can have two (or more) for redundancy.
Federico.
05-28-2010 03:39 PM
Joe
You generally wouldn't split up your VTP domain. You could end up with multiple VTP domains in the same company if your company merges with another one and you have to integrate 2 VTP domains into one.
But it's important to realise that a VTP domain is only relevant at L2. So at the last place i worked we had multiple sites and all the sites were connected by L3 routed links. Each site had it's own VTP domain so we had multiple VTP domains within the network but each VTP domain was independant of any of the other and separated by a L3 link.
However there may be times when you would want separate VTP domains within the same L2 network for security reasons ie. you don't want the same vlans on all switches but if you need that you may as well use VTP transparent mode and explicitly configure each switch with the vlans you want.
Jon
05-28-2010 04:24 PM
joealbergo wrote:
Jon
So getting back to VLAN's -
Once I reach my first L3 Router - that is my boundry?
Basically outside of that router VLAN's are different.
S1>------S2>------S3>-------R1>-------
---S3>----S2>-----S1> VLAN1-VLAN2-VLAN3-------------|---------VLAN4-VLAN5-VLAN6
These VLAN's are not going to be able to communicate outside the R1 boundry?
Joe
Correct. In your example R1 & R2 form a limit to vlans. So even if it was vlan1-vlan2-vlan3 on both sides they would not be the same vlans.
Bear in mind when you say they can't communicate with each other over a L3 boundary, that is they can't communicate at L2. Obviously devices in vlan 2 for example could communicate with devices in vlan 5 from your above example by routing between the sites.
Jon
05-28-2010 12:03 PM
Hi Joe,
The VTP server is the one that makes the changes to the VTP domain. By default, all switches are VTP servers in the (null) VTP domain. Once a VTP server has been configured with a VTP domain, it starts sending out VTP advertisements with that domain name, and other switches that have a (null) domain join it.
VTP clients can't make updates to their local VLAN database. VTP Servers accept updates from other VTP servers in the same VTP domain. VTP clients accept updates from the VTP servers in the same VTP domain.
There is one gotcha with VTP that would allow a VTP Client to make changes to the VLAN database of the VTP Server and it has to do with the Revision number.
When there's a change to the VLAN information, the VTP revision number is incremented by one and an update is sent out. If a switch recieves an update with a higher revision number, it processes the update. If the recieved update is lower than its revision number, it will simply ignore the message. The gotcha is that if a VTP domain has a revision number of X, if any switch is joined to the network that is configured with the same VTP domain name and its revision is higher even if if it's a VTP client, and that VTP client starts sending VTP messages... The VTP server will see the higher revision number coming from the VTP client switch and update its VLAN database. This could result in all the "Good" VLANs being replaced with junk information. It's important to ensure there is not any "linger" VTP data on a switch that you're adding to the network.
HTH
Ryan.
05-28-2010 12:15 PM
Joe
Just to add to Ryan's post. In production network you will often find that at least 2 switches are assigned to be VTP servers. This does not create a problem for the reasons Ryan has covered but it does mean if one of the switches fails you still have an active VTP server to make your vlan updates on.
Jon
05-28-2010 01:17 PM
Jon
How do the servers know which information to propogate from? One or the other? Does one take presidence over the other? like BR/BDR type deal?
Joe
05-28-2010 01:19 PM
Joseph,
If having multiple VTP servers, they will synchronize to the one that has the latest revision number (no DR/BDR concept).
Federico.
05-28-2010 01:26 PM
Joe
As Federico says it is the highest revision number. In practice this means you can update the vlan info on either VTP server because once the switches have all been updated they should have the same VTP revision number. So if both VTP servers have the same revision number it doesn't matter which one you update because it will then have the higher revision number so all the other switches will synchronise to that one including the other VTP server.
Jon
05-28-2010 02:49 PM
Everyone,
Forgive me however, I was taught to only use one VTP Domain Server and that you could only have one. I am fully understanding the VTP and really appreciate your replies to my post. Your time is valuable and I thank you for explaining it to me.
I want to run over just quickly and ask another question....
If I have a network, where would I want to use more then just 1 VTP Domain? Thanks again...
05-28-2010 03:03 PM
Joe
I think there is a misunderstanding. We are talking about 2 VTP servers for the same domain. Not 2 different domains. You are right that generally speaking you only want one VTP domain per L2 switched network.
Jon
05-28-2010 03:27 PM
Alright -
1 VTP Domain has how many servers?
05-28-2010 03:29 PM
joealbergo wrote:
Alright -
1 VTP Domain has how many servers?
Joe
As a general rule in production networks you have 2 VTP servers per VTP domain.
Jon
05-28-2010 03:29 PM
Joseph,
As Jon said.... usually 1 VTP server per domain, however you can have two (or more) for redundancy.
Federico.
05-28-2010 03:32 PM
Okay so two servers or more for redundancy - got it.
Then how about splitting up the Domain, what situation would cause for more then one Domain?
05-28-2010 03:39 PM
Joe
You generally wouldn't split up your VTP domain. You could end up with multiple VTP domains in the same company if your company merges with another one and you have to integrate 2 VTP domains into one.
But it's important to realise that a VTP domain is only relevant at L2. So at the last place i worked we had multiple sites and all the sites were connected by L3 routed links. Each site had it's own VTP domain so we had multiple VTP domains within the network but each VTP domain was independant of any of the other and separated by a L3 link.
However there may be times when you would want separate VTP domains within the same L2 network for security reasons ie. you don't want the same vlans on all switches but if you need that you may as well use VTP transparent mode and explicitly configure each switch with the vlans you want.
Jon
05-28-2010 03:59 PM
I understand the placement of VTP Domains and when I can seperate them.
Your example really made a lot of sense to me.
--If I am trying to be extra secure with my VLAN setup I can:
1. Setup VLAN's (xx) and (xxx) on one group of switches
2. This group of switches will be seperate and have their own VTP Domain.
-and-
3. Setup VLAN's (aa) and (aaa) on another group of switches
4. These will have their own VTP Domain as well.
Complete seperation of VLAN's - easier to manage perhaps in case of an outage.
-------------------------------------------------------------------------------------------------------
If I was working with different sites, each site will have different cable and equipment setups so I would have to maintain VTP Domains at each site.
If seperated at Level 3 Router at each site - I can still communicate through the VLAN's - just my VTP Domains will be controlled by the Server dedicated to each site.
I think Im following...
05-28-2010 04:10 PM
Joe
If I was working with different sites, each site will have different cable and equipment setups so I would have to maintain VTP Domains at each site.
Whether you need to run different VTP domains at each site depends on the connectivity between sites ie. if they are L2 connections then yes you could run a common VTP domain. If L3 you can't.
If seperated at Level 3 Router at each site - I can still communicate through the VLAN's - just my VTP Domains will be controlled by the Server dedicated to each site.
If 2 sites are separated by a L3 link you can't have the same vlan in both places. You can use the same vlan number but they won't be the same L2 vlan.
If you really want to be secure you are better looking to use VTP transparent which gives you ultimate control over which vlans are on which switch.
Jon
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide