Configuring VTP

Configuring VTP

This section includes guidelines and procedures for configuring VTP. These sections are included:

•Default VTP Configuration

•VTP Configuration Options

•VTP Configuration Guidelines

•Configuring a VTP Server

•Configuring a VTP Client

•Disabling VTP (VTP Transparent Mode)

•Enabling VTP Version 2

•Enabling VTP Pruning

•Adding a VTP Client Switch to a VTP Domain

Default VTP Configuration

Table 14-2 shows the default VTP configuration.

Table 14-2 Default VTP Configuration 

Feature	Default Setting
VTP domain name	Null.
VTP mode	Server.
VTP version 2 enable state	Version 2 is disabled.
VTP password	None.
VTP pruning	Disabled.

VTP Configuration Options

You can configure VTP by using these configuration modes.

•VTP Configuration in Privileged EXEC and Global Configuration Modes

•VTP Configuration in VLAN Configuration Mode

You access VLAN configuration mode by entering the vlan database privileged EXEC command.

For detailed information about vtp commands, refer to the Catalyst 2950 Desktop Switch Command Reference for this release.

VTP Configuration in Privileged EXEC and Global Configuration Modes

You can use the vtp privileged EXEC command to configure the VTP password and version (version 1 or version 2) and to enable or disable pruning. You can use the vtp global configuration command to set the VTP file name, the interface providing updated VTP information, the domain name, and the mode. For more information about available keywords, refer to the command descriptions in the Catalyst 2950 Desktop Switch Command Reference for this release. The VTP information is saved in the VLAN database. When VTP mode is transparent, the VTP global configuration information is also saved in the switch running configuration file, and you can save it in the switch startup configuration file by entering the copy running-config startup-config privileged EXEC command. You must use this command if you want to save VTP mode as transparent, even if the switch resets.

When you save VTP information in the switch startup configuration file and reboot the switch, the switch configuration is determined as follows:

•If the VTP mode is transparent in the startup configuration and the VLAN database and the VTP domain name from the VLAN database matches that in the startup configuration file, the VLAN database is ignored (cleared), and the VTP and VLAN configurations in the startup configuration file are used. The VLAN database revision number remains unchanged in the VLAN database.

•If the VTP mode or domain name in the startup configuration do not match the VLAN database, the domain name and VTP mode and configuration for the first 1005 VLANs use the VLAN database information.

•If the switch is running IOS release 12.1(9)EA1 or later and you use an older configuration file to boot up the switch, the configuration file does not contain VTP or VLAN information, and the switch uses the VLAN database configurations.

•If the switch is running an IOS release earlier than 12.1(9)EA1 on the switch and you use a configuration file from IOS release 12.1(9)EA1 or later to boot up the switch, the image on the switch does not recognize VLAN and VTP configurations in the configuration file, so the switch uses the VLAN database configuration.

VTP Configuration in VLAN Configuration Mode

You can configure all VTP parameters in VLAN configuration mode, which you access by entering the vlan database privileged EXEC command. For more information about available keywords, refer to the vtp VLAN configuration command description in the Catalyst 2950 Desktop Switch Command Reference for this release. When you enter the exit command in VLAN configuration mode, it applies all the commands that you entered and updates the VLAN database. VTP messages are sent to other switches in the VTP domain, and the privileged EXEC mode prompt appears.

If VTP mode is transparent, the domain name and the mode (transparent) are saved in the switch running configuration, and you can save this information in the switch startup configuration file by entering the copy running-config startup-config privileged EXEC command.

VTP Configuration Guidelines

These sections describe guidelines you should follow when implementing VTP in your network.

Domain Names

When configuring VTP for the first time, you must always assign a domain name. You must configure all switches in the VTP domain with the same domain name. Switches in VTP transparent mode do not exchange VTP messages with other switches, and you do not need to configure a VTP domain name for them.

         If NVRAM and DRAM storage is sufficient, all switches in a VTP domain should be in VTP server mode.

         Do not configure a VTP domain if all switches are operating in VTP client mode. If you configure the domain, it is impossible to make changes to the VLAN configuration of that domain. Make sure that you configure at least one switch in the VTP domain for VTP server mode. 

                Passwords

You can configure a password for the VTP domain, but it is not required. If you do configure a domain password, all domain switches must share the same password and you must configure the password on each switch in the management domain. Switches without a password or with the wrong password reject VTP advertisements.

If you configure a VTP password for a domain, a switch that is booted without a VTP configuration does not accept VTP advertisements until you configure it with the correct password. After the configuration, the switch accepts the next VTP advertisement that uses the same password and domain name in the advertisement.

If you are adding a new switch to an existing network with VTP capability, the new switch learns the domain name only after the applicable password has been configured on it.

When you configure a VTP domain password, the management domain does not function properly if you do not assign a management domain password to each switch in the domain.

                

            Upgrading from Previous Software Releases

When you upgrade from an IOS software version that supports VLANs but does not support VTP, such as Release 12.0(5.1)WC, to a version that does support VTP, ports that belong to a VLAN retain their VLAN membership, and VTP enters transparent mode. The domain name becomes UPGRADE, and VTP does not propagate the VLAN configuration to other switches.

If you want the switch to propagate VLAN configuration information to other switches and to learn the VLANs enabled on the network, you must configure the switch with the correct domain name and domain password and change the VTP mode to VTP server.

VTP Version

Follow these guidelines when deciding which VTP version to implement:

•All switches in a VTP domain must run the same VTP version.

•A VTP version 2-capable switch can operate in the same VTP domain as a switch running VTP version 1 if version 2 is disabled on the version 2-capable switch (version 2 is disabled by default).

•Do not enable VTP version 2 on a switch unless all of the switches in the same VTP domain are version-2-capable. When you enable version 2 on a switch, all of the version-2-capable switches in the domain enable version 2. If there is a version 1-only switch, it does not exchange VTP information with switches with version 2 enabled.

•If there are TrBRF and TrCRF Token Ring networks in your environment, you must enable VTP version 2 for Token Ring VLAN switching to function properly. To run Token Ring and Token Ring-Net, disable VTP version 2.

Configuration Requirements

When you configure VTP, you must configure a trunk port so that the switch can send and receive VTP advertisements. For more information,.

If you are configuring VTP on a cluster member switch to a VLAN, use the rcommand privileged EXEC command to log into the member switch. For more information about the command, refer to the Catalyst 2950 Desktop Switch Command Reference for this release.

If you are configuring extended-range VLANs on the switch, the switch must be in VTP transparent mode.

Configuring a VTP Server

When a switch is in VTP server mode, you can change the VLAN configuration and have it propagated throughout the network.

     If extended-range VLANs are configured on the switch, you cannot change VTP mode to server. You receive an error message, and the configuration is not allowed.

    Beginning in privileged EXEC mode, follow these steps to configure the switch as a VTP server:

	Command	Purpose
Step 1	configure terminal	Enter global configuration mode.
Step 2	vtp mode server	Configure the switch for VTP server mode (the default).
Step 3	vtp domaindomain-name	Configure the VTP administrative-domain name. The name can be from 1 to 32 characters. All switches operating in VTP server or client mode under the same administrative responsibility must be configured with the same domain name.
Step 4	end	Return to privileged EXEC mode.
Step 5	vtp passwordpassword	(Optional) Set the password for the VTP domain. The password can be from 8 to 64 characters. If you configure a VTP password, the VTP domain does not function properly if you do not assign the same password to each switch in the domain.
Step 6	show vtp status	Verify your entries in the VTP Operating Mode and the VTP Domain Name fields of the display.
Step 7	copy running-config startup-config	(Optional) Save the configuration in the startup configuration file. Note The VTP password is not saved in the switch startup configuration file.

When you configure a domain name, it cannot be removed; you can only reassign a switch to a different domain.

To return the switch to a no-password state, use the no vtp password privileged EXEC command.

This example shows how to use global configuration mode to configure the switch as a VTP server with the domain name eng_group:

Switch# config terminal

Switch(config)# vtp mode server

Switch(config)# vtp domain eng_group

Switch(config)# end

Switch# 

You can also use VLAN configuration mode to configure VTP parameters. Beginning in privileged EXEC mode, follow these steps to use VLAN configuration mode to configure the switch as a VTP server:

	Command	Purpose
Step 1	vlan database	Enter VLAN configuration mode.
Step 2	vtp server	Configure the switch for VTP server mode (the default).
Step 3	vtp domaindomain-name	Configure a VTP administrative-domain name. The name can be from 1 to 32 characters. All switches operating in VTP server or client mode under the same administrative responsibility must be configured with the same domain name.
Step 4	vtp passwordpassword	(Optional) Set a password for the VTP domain. The password can be from 8 to 64 characters. If you configure a VTP password, the VTP domain does not function properly if you do not assign the same password to each switch in the domain.
Step 5	exit	Update the VLAN database, propagate it throughout the administrative domain, and return to privileged EXEC mode.
Step 6	show vtp status	Verify your entries in the VTP Operating Mode and the VTP Domain Name fields of the display.
Step 7	copy running-config startup-config	(Optional) Save the VTP mode in the startup configuration file.

When you configure a domain name, it cannot be removed; you can only reassign a switch to a different domain.

To return the switch to a no-password state, use the no vtp password VLAN configuration command.

This example shows how to use VLAN configuration mode to configure the switch as a VTP server with the domain name eng_group:

Switch# vlan database

Switch(vlan)# vtp server

Switch(vlan)# vtp domain eng_group

Switch(vlan)# exit

APPLY completed.

Exiting....

Switch# 

Configuring a VTP Client

When a switch is in VTP client mode, you cannot change its VLAN configuration. The client switch receives VTP updates from a VTP server in the VTP domain and then modifies its configuration accordingly.

     If extended-range VLANs are configured on the switch, you cannot change VTP mode to client. You receive an error message, and the configuration is not allowed.

    Beginning in privileged EXEC mode, follow these steps to configure the switch as a VTP client:

	Command	Purpose
Step 1	configure terminal	Enter global configuration mode.
Step 2	vtp mode client	Configure the switch for VTP client mode. The default setting is VTP server.
Step 3	vtp domaindomain-name	(Optional) Enter the VTP administrative-domain name. The name can be from 1 to 32 characters. This should be the same domain name as the VTP server. All switches operating in VTP server or client mode under the same administrative responsibility must be configured with the same domain name.
Step 4	end	Return to privileged EXEC mode.
Step 5	vtp passwordpassword	(Optional) Enter the password for the VTP domain.
Step 6	show vtp status	Verify your entries in the VTP Operating Mode and the VTP Domain Name fields of the display.
Step 7	copy running-config startup-config	(Optional) Save the VTP mode in the startup configuration file.

Use the no vtp mode global configuration command to return the switch to VTP server mode. To return the switch to a no-password state, use the no vtp password privileged EXEC command. When you configure a domain name, it cannot be removed; you can only reassign a switch to a different domain.

      You can also configure a VTP client by using the vlan database privileged EXEC command to enter VLAN configuration mode and entering the vtp client command, Use the no vtp client VLAN configuration command to return the switch to VTP server mode or the no vtp password VLAN configuration command to return the switch to a no-password state. When you configure a domain name, it cannot be removed; you can only reassign a switch to a different domain.

       Disabling VTP (VTP Transparent Mode)

When you configure the switch for VTP transparent mode, you disable VTP on the switch. The switch does not send VTP updates and does not act on VTP updates received from other switches. However, a VTP transparent switch running VTP version 2 does forward received VTP advertisements on all of its trunk links.

     Before you create extended-range VLANs (VLAN IDs 1006 to 4094), you must set VTP mode to transparent by using the vtp mode transparent global configuration command. Save this configuration to the startup configuration so that the switch boots up in VTP transparent mode. Otherwise, you lose the extended-range VLAN configuration if the switch resets and boots up in VTP server mode (the default).

         Beginning in privileged EXEC mode, follow these steps to configure VTP transparent mode and save the VTP configuration in the switch startup configuration file:

	Command	Purpose
Step 1	configure terminal	Enter global configuration mode.
Step 2	vtp mode transparent	Configure the switch for VTP transparent mode (disable VTP).
Step 3	end	Return to privileged EXEC mode.
Step 4	show vtp status	Verify your entries in the VTP Operating Mode and the VTP Domain Namefields of the display.
Step 5	copy running-config startup-config	(Optional) Save the configuration in the startup configuration file.

To return the switch to VTP server mode, use the no vtp mode global configuration command.

     If extended-range VLANs are configured on the switch, you cannot change VTP mode to server. You receive an error message, and the configuration is not allowed.  

       You can also configure VTP transparent mode by using the vlan database privileged EXEC command to enter VLAN configuration mode and by entering the vtp transparent command, similar to the second procedure unde rthe "Configuring a VTP Server" section. Use the no vtp transparent VLAN configuration command to return the switch to VTP server mode. If extended-range VLANs are configured on the switch, you cannot change VTP mode to server. You receive an error message, and the configuration is not allowed.

Enabling VTP Version 2

VTP version 2 is disabled by default on VTP version 2-capable switches. When you enable VTP version 2 on a switch, every VTP version 2-capable switch in the VTP domain enables version 2. You can only configure the version on switches in VTP server or transparent mode.

For more information on VTP version configuration guidelines, 

Beginning in privileged EXEC mode, follow these steps to enable VTP version 2:

	Command	Purpose
Step 1	vtp version 2	Enable VTP version 2 on the switch. VTP version 2 is disabled by default on VTP version 2-capable switches.
Step 2	show vtp status	Verify that VTP version 2 is enabled in the VTP V2 Mode field of the display.

To disable VTP version 2, use the no vtp version privileged EXEC command.

Enabling VTP Pruning

Pruning increases available bandwidth by restricting flooded traffic to those trunk links that the traffic must use to access the destination devices. You can only enable VTP pruning on a switch in VTP server mode.

Beginning in privileged EXEC mode, follow these steps to enable VTP pruning in the VTP domain:

	Command	Purpose
Step 1	vtp pruning	Enable pruning in the VTP administrative domain. By default, pruning is disabled. You need to enable pruning on only one switch in VTP server mode.
Step 2	show vtp status	Verify your entries in the VTP Pruning Mode field of the display.

To disable VTP pruning, use the no vtp pruning privileged EXEC command.

      You can also enable VTP pruning by using the vlan database privileged EXEC command to enter VLAN configuration mode and entering the vtp pruningVLAN configuration command. To disable VTP pruning, use the no vtp pruning VLAN configuration command.

     Pruning is supported with VTP version 1 and version 2. If you enable pruning on the VTP server, it is enabled for the entire VTP domain.

Only VLANs included in the pruning-eligible list can be pruned. By default, VLANs 2 through 1001 are pruning eligible on trunk ports. Reserved VLANs and extended-range VLANs cannot be pruned. To change the pruning-eligible VLANs.

Adding a VTP Client Switch to a VTP Domain

Before adding a VTP client to a VTP domain, always verify that its VTP configuration revision number is lower than the configuration revision number of the other switches in the VTP domain. Switches in a VTP domain always use the VLAN configuration of the switch with the highest VTP configuration revision number. If you add a switch that has a revision number higher than the revision number in the VTP domain, it can erase all VLAN information from the VTP server and VTP domain.

Beginning in privileged EXEC mode, follow these steps to verify and reset the VTP configuration revision number on a switch before adding it to a VTP domain:

	Command	Purpose
Step 1	show vtp status	Check the VTP configuration revision number. If the number is 0, add the switch to the VTP domain. If the number is greater than 0, follow these steps: a. Write down the domain name. b. Write down the configuration revision number. c. Continue with the next steps to reset the configuration revision number on the switch.
Step 2	configure terminal	Enter global configuration mode.
Step 3	vtp domaindomain-name	Change the domain name from the original one displayed in Step 1 to a new name.
Step 4	end	The VLAN information on the switch is updated and the configuration revision number is reset to 0. You return to privileged EXEC mode.
Step 5	show vtp status	Verify that the configuration revision number has been reset to 0.
Step 6	configure terminal	Enter global configuration mode.
Step 7	vtp domaindomain-name	Enter the original domain name on the switch.
Step 8	end	The VLAN information on the switch is updated, and you return to privileged EXEC mode.
Step 9	show vtp status	(Optional) Verify that the domain name is the same as in Step 1 and that the configuration revision number is 0.

You can also change the VTP domain name by entering the vlan database privileged EXEC command to enter VLAN configuration mode and by entering the vtp domain domain-name command. In this mode, you must enter the exit command to update VLAN information and return to privileged EXEC mode.

After resetting the configuration revision number, add the switch to the VTP domain.