VTP transparent is very useful in secure data centre environments. As Edison says, you can implement VTP server/client with passwords but this is still not as secure as VTP transparent mode.
Using transparent mode gives you very precise control of which vlans are available on which switch and makes the network administrator think very caerfully about where he wants his vlans to be available. VTP server/client is very handy in a large switched infrastructure but even with VTP pruning and allowing/denying specific vlans on trunk links it is still not as precise.
And as you say there are some things you might want to do such as extended vlans etc. that require the switch to be in transparent mode.
The practical purpose of VTP transparent was originally to simply disable VTP. When you run VTP, you configure a vlan database (that is distributed over the network by VTP) and then, this vlan database is applied to your local device. By running VTP transparent, you are just allowed to control your local device directly. As you are not running VTP any more, you are relaying VTP messages as if they were user traffic (exactly what a third party bridge that does not run VTP would do).
Before VTP3, you needed to go to transparent mode to configure extended vlans or private vlans for instance. This is because the VTP database has no support for them. By disabling VTP, you have direct access to your device and are short-circuiting the vlan database.
Now, an additional "VTP off" mode was created to satisfy customers who were paranoid of running any kind of VTP. That's in my opinion a mis-understanding of the VTP transparent mode. Anyway, off mode not only allows you to configure directly your switch, but also prevents VTP messages from being flooded transparently. In fact, the switch is off mode is actively filtering VTP messages... (imo, transparent should be called off, and off should be called "filtering mode" or something like that).
I can say from practical point of view why we use it:
We can have VLAN 700, 701, 702 on ALL switches. Although it's same VLAN, it's routed by SVI with a different subnet on every L3 switch. Therefore it simplifies administration (no need to think of numbers for hundreds of VLANs, and to think which is which - 700 can be users, 701 voice and 702 can be servers) and all hosts are still in different broadcast domains. When you have 300 switches with 900 subnets, that's a real time saver.
We are pleased to announce availability of Beta software for 16.6.3.
16.6.3 will be the second rebuild on the 16.6 release train targeted
towards Catalyst 9500/9400/9300/3850/3650 switching platforms. We are
looking for early feedback from customers befor...
Introduction Featured Speakers Luis Espejel is the Telecommunications
Manager of IENova, an Oil & Gas company. Currently he works with Cisco
IOS® and Cisco IOS XE platforms, and NX to some extent. He has also
worked as a Senior Engineer with the Routing P...
In this session you can learn more about Layer 3 multicast and the best
practices to identify possible threats and take security measures. It
provides an overview of basic multicast, the best security practices for
use of this technology, and recommendati...