• Skip to main content
  • Skip to footer

NetworkJutsu

Networking & Security Services | San Francisco Bay Area

  • Blog
  • Services
  • Testimonials
  • About
    • About Us
    • Terms of Use
    • Privacy Policy
  • Contact Us

VLAN Trunking Protocol (VTP)

02/09/2014 By Andrew Roderos Leave a Comment

  • Share on Twitter Share on Twitter
  • Share on Facebook Share on Facebook
  • Share on LinkedIn Share on LinkedIn
  • Share on Reddit Share on Reddit
  • Share via Email Share via Email

VLAN Trunking Protocol is a Cisco proprietary protocol that allows the switch to propagate VLANs. Some may argue that it is poorly named protocol since the name implies that it has to do something with trunking VLANs. Maybe the name should’ve been VLAN Propagation Protocol (VPP)? I may have taken the name and the thought that the protocol is poorly named from Jeremy Cioara. It’s hard to tell now since I’ve watched a lot of videos and read a lot of books, blogs, and discussion forums.

As I was reading the CCNP SWITCH OCG book, a way for me to refresh my BCMSN knowledge, I was curious about what the book says regarding VTP v1 and v2 transparent mode.

In VTP version 1, a transparent mode switch does not even relay VTP information it receives to other switches unless its VTP domain names and VTP version numbers match those of the other switches. In VTP version 2, transparent switches do forward received VTP advertisements out of their trunk ports, acting as VTP relays. This occurs regardless of the VTP domain name setting.

On Cisco’s documentation page, it says something different than the book.

Version-Dependent Transparent Mode—In VTP version 1, a VTP transparent switch inspects VTP messages for the domain name and version and forwards a message only if the version and domain name match. Although VTP version 2 supports only one domain, a VTP version 2 transparent switch forwards a message only when the domain name matches.

Since the book and the documentation page conflicts with each other, it’s time to put this to the test to end this confusion once and for all.

Switch Topology

Just a simple three-switch topology to test if VLANs will propagate when VTP Transparent mode is in the middle.

VTP

Configuration

Our first test is configured the same for all the necessary interfaces of the switches. The configuration is shown below for reference. Since we’re going to play with different VTP domain names, we’ll need to turn off the DTP as shown below.

interface FastEthernet0/1
 switchport trunk encapsulation dot1q
 switchport mode trunk
 switchport nonegotiate

Switches that are in factory default settings have NULL domain or a blank domain name and as soon as they hear the first VTP advertisement from another switch who has VTP configured then it will inherit that name and start updating its database.

SW1#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
SW1(config)#vtp mode server
Device mode already VTP SERVER.
SW1(config)#vtp domain networkjutsu
Changing VTP domain name from NULL to networkjutsu
SW1(config)#vtp version 1
VTP mode already in V1.
SW1#sh vtp
VTP Version capable             : 1 to 3
VTP version running             : 1
VTP Domain Name                 : networkjutsu
VTP Pruning Mode                : Disabled
VTP Traps Generation            : Disabled
Device ID                       : 0015.6264.3300
Configuration last modified by 0.0.0.0 at 0-0-00 00:00:00
Local updater ID is 0.0.0.0 (no valid interface found)
Feature VLAN:
--------------
VTP Operating Mode                : Server
Maximum VLANs supported locally   : 1005
Number of existing VLANs          : 5
Configuration Revision            : 0
MD5 digest                        : 0xBC 0xB8 0xA3 0xEE 0x7E 0xDE 0x5A 0xDE
                                    0xBE 0xB3 0xDC 0xCE 0xE8 0xB8 0x5A 0x82
SW2#sh vtp statu
VTP Version capable             : 1 to 3
VTP version running             : 1
VTP Domain Name                 : networkjutsu
VTP Pruning Mode                : Disabled
VTP Traps Generation            : Disabled
Device ID                       : 001c.5823.6480
Configuration last modified by 0.0.0.0 at 0-0-00 00:00:00
Local updater ID is 0.0.0.0 (no valid interface found)
Feature VLAN:
--------------
VTP Operating Mode                : Server
Maximum VLANs supported locally   : 1005
Number of existing VLANs          : 5
Configuration Revision            : 0
MD5 digest                        : 0xBC 0xB8 0xA3 0xEE 0x7E 0xDE 0x5A 0xDE
                                    0xBE 0xB3 0xDC 0xCE 0xE8 0xB8 0x5A 0x82
SW3#sh vtp statu
VTP Version                     : running VTP1 (VTP2 capable)
Configuration Revision          : 0
Maximum VLANs supported locally : 1005
Number of existing VLANs        : 5
VTP Operating Mode              : Server
VTP Domain Name                 : networkjutsu
VTP Pruning Mode                : Disabled
VTP V2 Mode                     : Disabled
VTP Traps Generation            : Disabled
MD5 digest                      : 0x57 0xCD 0x40 0x65 0x63 0x59 0x47 0xBD
Configuration last modified by 0.0.0.0 at 0-0-00 00:00:00
Local updater ID is 0.0.0.0 (no valid interface found)

Once every switch are in the same VTP domain mode, we are now ready to test. Let’s create a VLAN on SW1 to verify that VTP is actually working. Before I issue the command below, I enabled the debugging of VTP on SW2 and SW3 by issuing debug sw-vlan vtp events.

SW1(config)#vlan 10
SW1(config-vlan)#end
SW1#

Once the command was issued in SW1, both SW2 and SW3 received the VTP advertisements – this is expected in VTP Server mode.

SW2# debug sw-vlan vtp events
VTP LOG RUNTIME: Summary packet received, domain = networkjutsu, rev = 1, followers = 1
VTP LOG RUNTIME: Summary packet rev 1 greater than domain networkjutsu rev 0
VTP LOG RUNTIME: Domain networkjutsu currently not in updating state
VTP LOG RUNTIME: Subset packet received, domain = networkjutsu, rev = 1, seq = 1, length = 165
VTP LOG RUNTIME: Transmit vtp summary, domain networkjutsu, rev 1, followers 1
   MD5 digest calculated = BF 22 27 B3 02 83 26 97 D2 70 B1 33 21 96 DA 12
VTP LOG RUNTIME: Summary packet received, domain = networkjutsu, rev = 1, followers = 1
VTP LOG RUNTIME: Summary packet rev 1 equal to domain networkjutsu rev 1
VTP LOG RUNTIME: Subset packet received, domain = networkjutsu, rev = 1, seq = 1, length = 165
SW2#sh vlan id 10
VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
10   VLAN0010                         active    
SW3#sh vlan id 10
VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
10   VLAN0010                         active

VTP v1 Transparent Mode

Now, let’s try changing the VTP mode on SW2 to see if the SWITCH OCG book is correct and create another VLAN on SW1.

SW2(config)#vtp mode trans
Setting device to VTP TRANSPARENT mode.
SW2# sh vtp statu
VTP Version capable             : 1 to 3
VTP version running             : 1
VTP Domain Name                 : networkjutsu
VTP Pruning Mode                : Disabled
VTP Traps Generation            : Disabled
Device ID                       : 001c.5823.6480
Configuration last modified by 0.0.0.0 at 3-1-93 00:36:47
Feature VLAN:
--------------
VTP Operating Mode                : Transparent
Maximum VLANs supported locally   : 1005
Number of existing VLANs          : 6
Configuration Revision            : 0
MD5 digest                        : 0xCF 0xCE 0x8A 0x4E 0x4F 0xFA 0x6E 0x4D
                                    0x4F 0xA4 0xA7 0xA2 0xE3 0xD9 0xB2 0x15
SW1(config)#vlan 20
SW1(config-vlan)#end
SW1#

Upon creating VLAN 20 on SW1, SW2 relayed the VTP advertisements and SW3 updated its database. As expected, switch on transparent mode would not update it’s database.

SW2#
VTP LOG RUNTIME: Relaying packet received on trunk Fa0/1 - in TRANSPARENT MODE (nc = false)
VTP LOG RUNTIME: Relaying packet received on trunk Fa0/1 - in TRANSPARENT MODE (nc = false)
VTP LOG RUNTIME: Relaying packet received on trunk Fa0/2 - in TRANSPARENT MODE (nc = false)
VTP LOG RUNTIME: Relaying packet received on trunk Fa0/2 - in TRANSPARENT MODE (nc = false)
VTP LOG RUNTIME: Relaying packet received on trunk Fa0/2 - in TRANSPARENT MODE (nc = false)
VTP LOG RUNTIME: Relaying packet received on trunk Fa0/1 - in TRANSPARENT MODE (nc = false)
SW2# sh vlan id 20
VLAN id 20 not found in current VLAN database
SW3#
VTP LOG RUNTIME: Summary packet received, domain = networkjutsu, rev = 2, followers = 1
VTP LOG RUNTIME: Summary packet rev 2 greater than domain networkjutsu rev 1
VTP LOG RUNTIME: Domain networkjutsu currently not in updating state
VTP LOG RUNTIME: Subset packet received, domain = networkjutsu, rev = 2, seq = 1, length = 185
VTP LOG RUNTIME: Transmit vtp summary, domain networkjutsu, rev 2, followers 1
   MD5 digest calculated = 1B 2E 5F 19 49 46 C4 E6 B7 D2 3C 7A DD 86 D6 42
SW3#sh vlan id 20
VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
20   VLAN0020                         active

Different VTP Domain, VTP v1 Transparent

Now, how about we change the domain name. According to SWITCH OCG book, the switch with VTP1 Transparent mode will not forward VTP advertisements if it doesn’t match the domain name and version number.

SW2(config)#vtp domain NetworkJutsu
Changing VTP domain name from networkjutsu to NetworkJutsu
SW2(config)#end
SW2#sh vtp statu
VTP Version capable             : 1 to 3
VTP version running             : 1
VTP Domain Name                 : NetworkJutsu
VTP Pruning Mode                : Disabled
VTP Traps Generation            : Disabled
Device ID                       : 001c.5823.6480
Configuration last modified by 0.0.0.0 at 3-1-93 00:36:47
Feature VLAN:
--------------
VTP Operating Mode                : Transparent
Maximum VLANs supported locally   : 1005
Number of existing VLANs          : 6
Configuration Revision            : 0
MD5 digest                        : 0x2A 0xE8 0x6D 0xF7 0x91 0x0A 0x62 0xC4
                                    0x03 0xD0 0x07 0x07 0x7C 0xE2 0x23 0xED
SW1(config)#vlan 30
SW1(config-vlan)#end
SW1#

Upon creating VLAN 30 on SW1, SW2 dropped the VTP advertisement and SW3 never received it.

SW2#
*Mar  1 00:42:56.963: VTP LOG RUNTIME: Dropping packet received on trunk Fa0/1 - not in domain networkjutsu
*Mar  1 00:42:56.963: VTP LOG RUNTIME: Dropping packet received on trunk Fa0/1 - not in domain networkjutsu
SW3#sh vl id 30
VLAN id 30 not found in current VLAN database

Different Domain, VTP v2 Transparent

Let’s change SW2’s VTP version and leave the VTP domain name unchanged.

SW2(config)#vtp ver 2
SW2(config)#end
SW2#sh vtp statu
VTP Version capable             : 1 to 3
VTP version running             : 2
VTP Domain Name                 : NetworkJutsu
VTP Pruning Mode                : Disabled
VTP Traps Generation            : Disabled
Device ID                       : 001c.5823.6480
Configuration last modified by 0.0.0.0 at 3-1-93 00:36:47
Feature VLAN:
--------------
VTP Operating Mode                : Transparent
Maximum VLANs supported locally   : 1005
Number of existing VLANs          : 6
Configuration Revision            : 0
MD5 digest                        : 0x1B 0xF8 0xD3 0x9D 0xD2 0x06 0xC7 0xD7
                                    0x33 0x4B 0x66 0x50 0xC5 0x77 0xF5 0xE1

Now, let’s create another VLAN on SW1 and see if the SWITCH OCG book is correct.

SW1(config)#vlan 40
SW1(config-vlan)#end
SW1#
SW3#
VTP LOG RUNTIME: Dropping packet received on trunk Fa0/1 - not in domain networkjutsu
VTP LOG RUNTIME: Dropping packet received on trunk Fa0/2 - not in domain networkjutsu
SW3#sh vlan id 40
VLAN id 40 not found in current VLAN database

We now know that VTP v2 transparent mode does not relay traffic if the domain does not match. This means that the book is incorrect and the Cisco’s documentation page is spot on. Let’s prove it by changing the domain back to its previous name.

SW2(config)#vtp domain networkjutsu
Changing VTP domain name from NetworkJutsu to networkjutsu
SW2#sh vtp statu
VTP Version capable             : 1 to 3
VTP version running             : 2
VTP Domain Name                 : networkjutsu
VTP Pruning Mode                : Disabled
VTP Traps Generation            : Disabled
Device ID                       : 001c.5823.6480
Configuration last modified by 0.0.0.0 at 3-1-93 00:36:47
Feature VLAN:
--------------
VTP Operating Mode                : Transparent
Maximum VLANs supported locally   : 1005
Number of existing VLANs          : 6
Configuration Revision            : 0
MD5 digest                        : 0xF1 0x29 0x4F 0xB3 0x73 0x0A 0x3A 0xE7
                                    0xF9 0x38 0x1B 0x1A 0xD1 0xAC 0xA6 0x19
SW2#
*Mar  1 01:10:35.944: VTP LOG RUNTIME: Relaying packet received on trunk Fa0/1 - in TRANSPARENT MODE (nc = false)
*Mar  1 01:10:35.953: VTP LOG RUNTIME: Relaying packet received on trunk Fa0/2 - in TRANSPARENT MODE (nc = false)
*Mar  1 01:10:36.532: VTP LOG RUNTIME: Relaying packet received on trunk Fa0/1 - in TRANSPARENT MODE (nc = false)
*Mar  1 01:10:36.532: VTP LOG RUNTIME: Relaying packet received on trunk Fa0/1 - in TRANSPARENT MODE (nc = false)
*Mar  1 01:10:36.574: VTP LOG RUNTIME: Relaying packet received on trunk Fa0/2 - in TRANSPARENT MODE (nc = false)
*Mar  1 01:10:36.574: VTP LOG RUNTIME: Relaying packet received on trunk Fa0/2 - in TRANSPARENT MODE (nc = false)
SW3#sh vlan id 40
VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
40   VLAN0040                         active    Fa0/1

So far, the book did get the information correctly for the VTP Transparent mode version 1 but wrong for version 2.

All VTP version 2

Now, let’s try to change SW1 and SW3 to version 2 and see the effects. Let’s see if the book has more errors in its statement.

SW3(config)#vtp ver 2
SW3(config)#end
SW1(config)#vtp ver 2
SW1(config)#end
SW1(config)#vlan 50
SW1(config-vlan)#end
SW2#
*Mar 1 01:15:36.810: VTP LOG RUNTIME: Relaying packet received on trunk Fa0/1 - in TRANSPARENT MODE (nc = false)
*Mar 1 01:15:36.810: VTP LOG RUNTIME: Relaying packet received on trunk Fa0/1 - in TRANSPARENT MODE (nc = false)
*Mar 1 01:15:36.852: VTP LOG RUNTIME: Relaying packet received on trunk Fa0/2 - in TRANSPARENT MODE (nc = false)
*Mar 1 01:15:36.852: VTP LOG RUNTIME: Relaying packet received on trunk Fa0/2 - in TRANSPARENT MODE (nc = false)
SW3#sh vlan id 50
VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
50   VLAN0050                         active    Fa0/1

As the book says, in version 2 transparent mode the VTP advertisements are forwarded out to the trunks. Great, the book is correct.

Different Domain, VTP v2 Transparent and Servers

Now, how about testing what the book says on the last sentence? The book says “this occurs regardless of the VTP domain name setting.”

SW2(config)#vtp domain NetworkJutsu
Changing VTP domain name from networkjutsu to NetworkJutsu
*Mar  1 01:17:27.196: %SW_VLAN-6-VTP_DOMAIN_NAME_CHG: VTP domain name changed to NetworkJutsu.
SW2(config)#end
SW1(config)#vlan 60
SW1(config-vlan)#exit
SW1(config)#
SW2#
*Mar  1 01:18:08.057: VTP LOG RUNTIME: Dropping packet received on trunk Fa0/1 - not in domain networkjutsu
*Mar  1 01:18:08.057: VTP LOG RUNTIME: Dropping packet received on trunk Fa0/1 - not in domain networkjutsu
SW3#sh vlan id 60
VLAN id 60 not found in current VLAN database

It looks like the book got it wrong again. Let’s continue with our testing.

Different Domain, VTP v1 Transparent, VTP v2 Servers

For our penultimate test, let’s try to change SW2’s VTP version to 1 and domain name unchanged, and let SW1 and SW3 remain in version 2. According to the book, with VTP v1 Transparent the domain name and version must match. Let’s see if our gears agree with that.

SW1(config)#vlan 70
SW1(config-vlan)#exit
SW2#
*Mar  1 01:19:19.377: VTP LOG RUNTIME: Dropping packet received on trunk Fa0/1 - not in domain networkjutsu
*Mar  1 01:19:19.377: VTP LOG RUNTIME: Dropping packet received on trunk Fa0/1 - not in domain networkjutsu
SW3#sh vlan id 70
VLAN id 70 not found in current VLAN database

It looks like the book is wrong again.

Same Domain, VTP v1 Transparent, VTP v2 Servers

Now for our last test, let’s change it back to the original domain name and leave other settings unchanged.

SW2(config)#vtp domain networkjutsu
Changing VTP domain name from NetworkJutsu to networkjutsu
*Mar  1 01:20:26.500: %SW_VLAN-6-VTP_DOMAIN_NAME_CHG: VTP domain name changed to networkjutsu.
SW1(config)#vlan 80
SW1(config-vlan)#exit
SW2
*Mar  1 01:20:26.645: VTP LOG RUNTIME: Relaying packet received on trunk Fa0/1 - in TRANSPARENT MODE (nc = false)
*Mar  1 01:20:26.645: VTP LOG RUNTIME: Relaying packet received on trunk Fa0/1 - in TRANSPARENT MODE (nc = false)
*Mar  1 01:20:26.687: VTP LOG RUNTIME: Relaying packet received on trunk Fa0/2 - in TRANSPARENT MODE (nc = false)
*Mar  1 01:20:26.687: VTP LOG RUNTIME: Relaying packet received on trunk Fa0/2 - in TRANSPARENT MODE (nc = false)
SW3#sh vlan |  i active
1    default                          active    Fa0/2, Fa0/3, Fa0/4, Fa0/5
10   VLAN0010                         active
20   VLAN0020                         active
30   VLAN0030                         active
40   VLAN0040                         active
50   VLAN0050                         active
60   VLAN0060                         active
70   VLAN0070                         active
80   VLAN0080                         active

Summary

In theory, theory and practice are the same. In practice, they are not. – Albert Einstein

We’ve just witnessed that it doesn’t matter what the switch’s VTP version is set to so long as the VTP domain name match then the advertisement will be forwarded. Please note that the behavior of VTP version 3 may not be the same as shown here. Unfortunately, I only have two switches capable of running VTP version 3 so it was not tested this time. Maybe when I get a hands on three switches capable of VTP version 3 then I will revisit this blog and update it.

Want to learn more about VTP or switching?

CCNP SWITCH 642-813 Official Certification Guide (Official Cert Guide)
CCNP Routing and Switching SWITCH 300-115 Official Cert Guide
CCIE Routing and Switching v5.0 Official Cert Guide, Volume 1 (5th Edition)

Disclosure

NetworkJutsu.com is a participant in the Amazon Services LLC Associates Program, an affiliate advertising program designed to provide a means for sites to earn advertising fees by advertising and linking to Amazon.com.

  • Share on Twitter Share on Twitter
  • Share on Facebook Share on Facebook
  • Share on LinkedIn Share on LinkedIn
  • Share on Reddit Share on Reddit
  • Share via Email Share via Email

Filed Under: Switching Tagged With: Cisco, IOS, Switch

About Andrew Roderos

I am a network security engineer with a passion for networking and security. Follow me on Twitter, LinkedIn, and Instagram.

Footer

WORK WITH US

Schedule a free consultation now!

LET’S TALK

Copyright © 2011–2023 · NetworkJutsu · All Rights Reserved · Privacy Policy · Terms of Use