Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Community Member

Stay away from VTP?

I am new to VLANs and trunks. I had a conversation with an "expert" who told me that "no one uses VTP" and that if a switch gets replaced, that "it could take the whole network down". That seems absurd to me. Seems like if I had to replace a switch - even if it was the primary VTP server then I can promote the secondary server to the primary.  We have a total of 12 switches. I was going to set up 2 VLANs and trunk ports for ESXi hosts in a VSA cluster.  So I am trying to decide whether or not to use VTP.  Am I better off staying away from VTP?

Everyone's tags (2)
1 ACCEPTED SOLUTION

Accepted Solutions
Purple

    If you know the dangers

    If you know the dangers of vtp and you  have "control" over who is plugging things into the network then there is nothing wrong with it.  If you have a large network and you need to have the same vlans across  many different switches or you make many vlan changes on the switches it can be handy. We had a setup with 80 vlans that fed probably 60-80 client switches and we never had any issue .  Also as the network has been in awhile and there have been a number of changes then it becomes less likely that someone is going to stick a switch  in if your revision number is like 200 .   If you have a small network and you don't make many changes then you don't really need  it and transparent is safer.

7 REPLIES
Community Member

A lot of networks still use

A lot of networks still use VTP. Sure it's scary if you don't know what you're doing. But as long as you always check to make sure the VTP revision # isn't greater than the one you are replacing, you're good. But that can be said for anything on a network. Experts should know better than not to check to make sure a device isn't incorrectly configured. 

 

I wouldn't call anyone an expert if they can't figure out how to not destroy their vlans when replacing a switch. Experts always know how a change is going to affect their network.

 

 

Community Member

I ended up putting all the

I ended up putting all the switches in transparent mode.  Being new to VLANs, I possessed a very minimal understanding of the different types, and trunking, etc.  So after learning a little bit about it, I still am no expert at all, but I understand enough to know that I did not need to use VTP at all.  We have a small network with about 15 total switches - the most that are in any one data room is 5.  Thanks again for all the helpful replies.  This is a great forum. smiley

Hall of Fame Super Blue

SamFirstly we need to

Sam

Firstly we need to distinguish between a VTP server/client setup and VTP transparent.

VTP server and client switches use VTP updates to modify their vlan database.

VTP transparent does not use VTP updates although it does pass them on to other switches. If you want to modify the vlan database on a VTP transparent switch you have to do it locally on each switch.

When your guy says no one uses VTP he was referring to the VTP server and client setup because a lot of switches do not allow you to actually turn off VTP. The closest you can come to that is to run VTP transparent.

In terms of taking down the network again this only applies to where you have VTP server(s) and clients. With VTP updates there is a revision number. If a switch receives an update with a higher revision number than the one it currently has it uses that update to modify it's vlan database. So when you add a new switch to the VTP domain you need to be careful that it does not have a higher revision number than the one in use (note it shouldn't do but you never know).

If it does it would then send an update with the highest revision number and all the other switches would then modify their vlan databases. Considering the new switch would not have the correct vlan information this would mean all your switches lose the correct vlan information which clearly means your network stops working.

The simplest solution to make sure this doesnt happen is before you connect the new switch to the domain first change it to VTP transparent and then back to VTP client and this resets the revision number.

That aside it is also worth bearing in mind that it is still possible to impact the network by simply making a mistake when modifying the vlan database on the VTP server because that mistake is then passed to all other switches and they modify their own databases.

And once you create a vlan that vlan is then created on all your switches.

This is the reason some people prefer to run either VTP transparent or, where possible, turn off VTP altogether because it gives far more control in terms of which vlans are on which switches.

But to say "no one uses VTP" is a bit of a sweeping statement in my opinion. I have used both and neither have ever given me any problems.

It really is your choice in the end.

Jon

Community Member

Good explanation. 

Good explanation. 

Purple

    If you know the dangers

    If you know the dangers of vtp and you  have "control" over who is plugging things into the network then there is nothing wrong with it.  If you have a large network and you need to have the same vlans across  many different switches or you make many vlan changes on the switches it can be handy. We had a setup with 80 vlans that fed probably 60-80 client switches and we never had any issue .  Also as the network has been in awhile and there have been a number of changes then it becomes less likely that someone is going to stick a switch  in if your revision number is like 200 .   If you have a small network and you don't make many changes then you don't really need  it and transparent is safer.

Community Member

Thanks for the replies. No

Thanks for the replies. No one will be plugging any switches in but me. Unless I get run over by a truck or something, and if I do then there is documentation for the switches. We have a dozen switches and 2 VLANs. This so called expert works for a consulting co. we use and I haven't worked with him before (and I don't want to again). Lots of other good network guys work there. Thanks again everyone!
Super Bronze

DisclaimerThe Author of this

Disclaimer

The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.

Liability Disclaimer

In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.

Posting

Yea, not too long ago, a new senior network engineer was able to require VTP not be used as part of our standards.  In his opinion, VTP is a "virus".   (In theory, we're moving to all L3, so no VLAN trunks and so there's no need to share a common VLAN database.  Of course, we're years from that, and in the meantime, I have some active multiple switch L2 topologies, with VTP now deactivated.  So, I'm now often changing VLANs databases on multiple switches and doing manual pruning, what fun!)

 

Personally, I think VTP is great.  The horror stories, of erasing large VLAN topologies with it are true.  (I've seen it happen.)  Generally such happens when you just leave VTP (v1 or v2) with its default settings (especially with a null domain) and drop a switch on the network that someone has been using to experiment with, like in lab.

 

Besides the obvious, that devices shouldn't just be dropped on production networks without some change management, you can make it a bit harder for accidents to happen if you set an explicit VTP domain name and use VTP passwords.  (Both to help insure there's an explicit "agreed" configuration before sharing VLAN information.)

 

BTW, one common misunderstood feature with VTP v1 or v2, "clients" also replicate.  I.e. a VTP "client" can overwrite a VTP "server".

 

I've haven't use it, but I understand VTP v3 has features to make "accidents" much, much harder.

2554
Views
20
Helpful
7
Replies
CreatePlease to create content