Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
860
Views
0
Helpful
4
Replies

VTP Client or transparent

Go to solution
cdrier
Level 1
Level 1

‎07-15-2014 08:01 AM - edited ‎03-07-2019 08:03 PM

We have a big facility that we are deploying about 25 2960's used for access switches.   We have heard transparent is the best practice.  Is this still true and if it is can someone tell me why?    Throughout our environment, we have a cross of some running transparent and some running client.  It would be nice to stick to some standard.   Thanks!

 

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
lenperez
Cisco Employee
Cisco Employee
In response to cdrier

‎07-15-2014 01:05 PM

Hi,

It is good to know that I could help you. When you take a decision of what type of VTP mode implement in all the switches, please take in consideration:

  • Configuring with VTP transparent means that you should configure manually switch by switch, but it is more secure and it avoids unexpected changes.
  • VTP Client is better if you have to do the same configuration in many switches, but take in mind you must implement it correctly and with the proper security tools (BPD guard, authentication, VTP domain,etc.) to avoid unexpected changes.

Good Luck

 yes

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Joseph W. Doherty
Hall of Fame
Hall of Fame

‎07-15-2014 09:43 AM

Disclaimer

The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.

Liability Disclaimer

In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.

Posting

Transparent is good practice for those afraid of accidentally mucking up their network using VTP V1 or V2.  However, if all your equipment supports VTP V3, I would lean toward using it.

0 Helpful

Go to solution
lenperez
Cisco Employee
Cisco Employee

‎07-15-2014 10:14 AM

VTP is a protocol that should be used carefully because it can lead to nasty effects. In regards to your question, there are some benefits when using transparent mode:

  1. You can create private VLANs (they are not advertised through the trunk links).
  2. You can create VLAN IDs from 1006 to 4094, 1024 limit is not a problem (extended VLANs are not saved in the VLAN database and are not propagated in this mode).
  3. VTP and VLAN configuration are also saved in the switch running configuration file.
  4. When you delete a VLAN from a switch that is in VTP transparent mode, the VLAN is deleted only on that specific switch.

In general, according to your network topology and your needs, the use of VTP is optional. If this switches are access switches, you can configure VTP Client in those you need the same VLANs. For example, if you have 10 switches that must be configured with the same VLAN info, that switches can be VTP Client and the others can be VTP Transparent (in order to forward VLAN info through all switches), but as I told you, this depends on what you need.

I suggest you to configure VTP Transparent in the switches you need to manually create VLANs and do not want to advertise them or configure private VLANs. Besides, for best practices and for security reasons, it is important to avoid sharing all VLAN info between all the switches. So, the switches that have VLANs with servers or do not have end user's VLANs, would be configured as VLAN transparent.

Configure VTP Client in the switches that will have the same VLAN info, then just configure a VTP server with the VLAN info and that is all, well, do not forget to do the proper configuration to share info between the switches (VTP domain, authentication, version, etc).

This link is useful to understand VTP:

http://www.cisco.com/c/en/us/support/docs/lan-switching/vtp/10558-21.html

This link is useful if you need help when configuring VTP:

http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3560/software/release/12-2_52_se/configuration/guide/3560scg/swvtp.html

Best Refards,

smiley

0 Helpful

Go to solution
cdrier
Level 1
Level 1
In response to lenperez

‎07-15-2014 10:50 AM

Thank you for your comment.  I think in our environment, we will either stick with Client or Transparent and not go with a hybrid environment.   I will check out your links and thanks for the information you provided. 

0 Helpful

Go to solution
lenperez
Cisco Employee
Cisco Employee
In response to cdrier

‎07-15-2014 01:05 PM

Hi,

It is good to know that I could help you. When you take a decision of what type of VTP mode implement in all the switches, please take in consideration:

  • Configuring with VTP transparent means that you should configure manually switch by switch, but it is more secure and it avoids unexpected changes.
  • VTP Client is better if you have to do the same configuration in many switches, but take in mind you must implement it correctly and with the proper security tools (BPD guard, authentication, VTP domain,etc.) to avoid unexpected changes.

Good Luck

 yes

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card