Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

to VTP or not to VTP

this may sound funny but I am in an environment that does NOT have a vtp domain. I have 2 6509's and multiple stacked 3750 at the edge. Why would my predecessor not design or implement a VTP domain? Are there pros and cons? I've alway had VTP running in the enterprises I manage. Thanks for your input.-

3 REPLIES
Blue

Re: to VTP or not to VTP

Hi:

I don't know why your predecessor did not configure a VTP domain, but I can share with you my own thoughts about VTP.

My personal preference is to effectively disable VTP by using Transparent mode. A VTP transparent mode switch does not require a VTP domain name.

For a management tool that is supposed to facilitate things, I think it adds an unnecessary layer of complexity whose benefits are outweighed by its disadvantages and potential for disaster.

I know this opinion can stir a broadcast storm of responses and indignation, especially from Ciscophiles (lol), but I just thought I would share my honest opinion given my experience and exposure.

But if you're interested in the official Cisco viewpoint regarding a best practice, read the following from their website.

Recommendation

There is no specific recommendation on whether to use VTP client/server modes or VTP transparent mode. Some customers prefer the ease of management of VTP client/server mode despite some considerations noted later. The recommendation is to have two server mode switches in each domain for redundancy, typically the two distribution-layer switches. The rest of the switches in the domain must be set to client mode. When you implement client/server mode with the use of VTPv2, be mindful that a higher revision number is always accepted in the same VTP domain. If a switch that is configured in either VTP client or server mode is introduced into the VTP domain and has a higher revision number than the existing VTP servers, this overwrites the VLAN database within the VTP domain. If the configuration change is unintentional and VLANs are deleted, the overwrite can cause a major outage in the network. In order to ensure that client or server switches always have a configuration revision number that is lower than that of the server, change the client VTP domain name to something other than the standard name. Then revert back to the standard. This action sets the configuration revision on the client to 0.

There are pros and cons to the VTP ability to make changes easily on a network. Many enterprises prefer the cautious approach of VTP transparent mode for these reasons:

It encourages good change control practice, as the requirement in order to modify a VLAN on a switch or trunk port has to be considered one switch at a time.

It limits the risk of an administrator error that impacts the entire domain, such as the deletion of a VLAN by accident..

There is no risk that a new switch introduced into the network with a higher VTP revision number can overwrite the entire domain VLAN configuration.

It encourages VLANs to be pruned from trunks running to switches that do not have ports in that VLAN. This makes frame flooding more bandwidth-efficient. Manual pruning is also beneficial because it reduces the spanning tree diameter (see the DTP section of this document). Before pruning unused VLANs on port channel trunks, ensure that any ports connected to IP phones are configured as access ports with voice VLAN.

The extended VLAN range in CatOS 6.x and CatOS 7.x, numbers 1025 through 4094, can only be configured in this way. For more information, see the Extended VLAN and MAC Address Reduction section of this document.

VTP transparent mode is supported in Campus Manager 3.1, part of Cisco Works 2000. The old restriction that required at least one server in a VTP domain has been removed.

HTH

Victor

Re: to VTP or not to VTP

Hi,

Its good to be aware of Pro's & Con's of technology. But then its the choice of administrator to decide what to put in use & what not to. VTP & CDP are much debated topics in our field. Some can't live without them & some don't want to think of them.

Victor has already share the necessary information.

I have around 50 switches in my network. Everytime user comes up with a new environment, I need to create a separate VLAN for them. if i don't have a VTP, then i'll have to manually create same vlan on all 50 switches in order to have a synch among all switches. VTP helps avoid this rework on multiple switches. For security, you can use md5 authentication with VTP.

Believe me, it saves a lot of work.

New Member

Re: to VTP or not to VTP

Thank you for your lengthy response. I appreciate the point of view and I never really considered the "cons". I just know it's so much easier to use VTP. Thanks again

Cat

1417
Views
9
Helpful
3
Replies