understanding and configuring vlan trunk protocol (vtp)

36
Understanding and Configuring VLAN Trunk Protocol (VTP) Document ID: 10558 Interactive: This document offers customized analysis of your Cisco device. This document contains Flash animation. Introduction Prerequisites Requirements Components Used Conventions Understand VTP Flash Animation: VTP VTP Messages in Detail Other VTP Options VTP V2 VTP Password VTP Pruning Use VTP in a Network VTP Configuration Guidelines VTP Configuration on Catalyst Switches Catalyst 6500/6000 Series Cisco IOS Software/Catalyst 4500/4000 Cisco IOS Software (Supervisor Engine III/Supervisor Engine IV), Catalyst 2950, 3550, and 3750 Series Switches Catalyst 4500/4000, 5500/5000, or 6500/6000 Series CatOS Catalyst 2900XL, 3500XL, 2950, and 3550 Catalyst Express 500 Series Switches Practical Examples VTP Troubleshooting and Caveats Unable to See VLAN Details in the show run Command Output Catalyst Switches Do Not Exchange VTP Information Catalyst Switch Automatically Changes VTP Mode from Client to Transparent Data Traffic Blocked between VTP Domains CatOS Switch Changes to VTP Transparent Mode, VTP-4-UNSUPPORTEDCFGRCVD: How a Recently Inserted Switch Can Cause Network Problems Reset the Configuration Revision number All Ports Inactive After Power Cycle Trunk Down, Which Causes VTP Problems VTP and STP (Logical Spanning Tree Port) The Case of VLAN 1 Troubleshoot VTP Configuration Revision Number Errors That Are Seen in the show vtp statistics Command Output Troubleshoot VTP Configuration Digest Errors That Are Seen in the show vtp statistics Command Output Unable to Change the VTP Mode of a Switch from Server / Transparent Cisco - Understanding and Configuring VLAN Trunk Protocol (VTP)

Upload: raj

Post on 12-Nov-2014

2.197 views

Category:

Documents


3 download

TRANSCRIPT

Page 1: Understanding and Configuring VLAN Trunk Protocol (VTP)

Understanding and Configuring VLAN TrunkProtocol (VTP)

Document ID: 10558

Interactive: This document offers customized analysis of your Ciscodevice.

This document contains Flash animation.

IntroductionPrerequisites Requirements Components Used ConventionsUnderstand VTP Flash Animation: VTP VTP Messages in DetailOther VTP Options VTP V2 VTP Password VTP PruningUse VTP in a NetworkVTP Configuration GuidelinesVTP Configuration on Catalyst Switches Catalyst 6500/6000 Series Cisco IOS Software/Catalyst 4500/4000 Cisco IOS Software(Supervisor Engine III/Supervisor Engine IV), Catalyst 2950, 3550, and 3750 Series Switches Catalyst 4500/4000, 5500/5000, or 6500/6000 Series CatOS Catalyst 2900XL, 3500XL, 2950, and 3550 Catalyst Express 500 Series SwitchesPractical ExamplesVTP Troubleshooting and Caveats Unable to See VLAN Details in the show run Command Output Catalyst Switches Do Not Exchange VTP Information Catalyst Switch Automatically Changes VTP Mode from Client to Transparent Data Traffic Blocked between VTP Domains CatOS Switch Changes to VTP Transparent Mode,VTP−4−UNSUPPORTEDCFGRCVD: How a Recently Inserted Switch Can Cause Network Problems Reset the Configuration Revision number All Ports Inactive After Power Cycle Trunk Down, Which Causes VTP Problems VTP and STP (Logical Spanning Tree Port) The Case of VLAN 1 Troubleshoot VTP Configuration Revision Number Errors That Are Seen in the show vtpstatistics Command Output Troubleshoot VTP Configuration Digest Errors That Are Seen in the show vtp statisticsCommand Output Unable to Change the VTP Mode of a Switch from Server / Transparent

Cisco − Understanding and Configuring VLAN Trunk Protocol (VTP)

Page 2: Understanding and Configuring VLAN Trunk Protocol (VTP)

ConclusionNetPro Discussion Forums − Featured ConversationsRelated Information

Introduction

VLAN Trunk Protocol (VTP) reduces administration in a switched network. When you configure a newVLAN on one VTP server, the VLAN is distributed through all switches in the domain. This reduces the needto configure the same VLAN everywhere. VTP is a Cisco−proprietary protocol that is available on most of theCisco Catalyst series products.

Note: This document does not cover VTP Version 3. VTP Version 3 differs from VTP Version 1 (V1) andVersion 2 (V2), and it is only available on Catalyst OS (CatOS) 8.1(1) or later. VTP Version 3 incorporatesmany changes from VTP V1 and V2. Make certain that you understand the differences between VTP Version3 and prior versions before you alter your network configuration. Refer to one of these sections of thedocument Configuring VTP for more information:

Understanding How VTP Version 3 Works• Interaction with VTP Version 1 and VTP Version 2 (VTP Version 3)•

Prerequisites

Requirements

There are no specific requirements for this document.

Components Used

This document is not restricted to specific software or hardware versions.

Conventions

Refer to Cisco Technical Tips Conventions for more information on document conventions.

Understand VTP

Flash Animation: VTP

Refer to the VTP Flash animation , which explains these concepts for VTP V1 and V2:

Introduction to VTP• VTP domain and VTP modes• Common VTP problems and solutions•

Note: This document does not cover VTP Version 3. VTP Version 3 differs from VTP V1 and V2 and is onlyavailable on CatOS 8.1(1) or later. Refer to one of these sections of the document Configuring VTP for moreinformation:

Understanding How VTP Version 3 Works•

Cisco − Understanding and Configuring VLAN Trunk Protocol (VTP)

Page 3: Understanding and Configuring VLAN Trunk Protocol (VTP)

Interaction with VTP Version 1 and VTP Version 2 (VTP Version 3)•

VTP Messages in Detail

VTP packets are sent in either Inter−Switch Link (ISL) frames or in IEEE 802.1Q (dot1q) frames. Thesepackets are sent to the destination MAC address 01−00−0C−CC−CC−CC with a logical link control (LLC)code of Subnetwork Access Protocol (SNAP) (AAAA) and a type of 2003 (in the SNAP header). This is theformat of a VTP packet that is encapsulated in ISL frames:

Of course, you can have a VTP packet inside 802.1Q frames. In that case, the ISL header and cyclicredundancy check (CRC) is replaced by dot1q tagging.

Now consider the detail of a VTP packet. The format of the VTP header can vary, based on the type of VTPmessage. But, all VTP packets contain these fields in the header:

VTP protocol version: 1, 2, or 3• VTP message types:

Summary advertisements♦ Subset advertisement♦ Advertisement requests♦ VTP join messages♦

Management domain length• Management domain name•

Configuration Revision Number

The configuration revision number is a 32−bit number that indicates the level of revision for a VTP packet.Each VTP device tracks the VTP configuration revision number that is assigned to it. Most of the VTPpackets contain the VTP configuration revision number of the sender.

This information is used in order to determine whether the received information is more recent than thecurrent version. Each time that you make a VLAN change in a VTP device, the configuration revision isincremented by one. In order to reset the configuration revision of a switch, change the VTP domain name,and then change the name back to the original name.

Summary Advertisements

By default, Catalyst switches issue summary advertisements in five−minute increments. Summaryadvertisements inform adjacent Catalysts of the current VTP domain name and the configuration revisionnumber.

When the switch receives a summary advertisement packet, the switch compares the VTP domain name to itsown VTP domain name. If the name is different, the switch simply ignores the packet. If the name is the same,

Cisco − Understanding and Configuring VLAN Trunk Protocol (VTP)

Page 4: Understanding and Configuring VLAN Trunk Protocol (VTP)

the switch then compares the configuration revision to its own revision. If its own configuration revision ishigher or equal, the packet is ignored. If it is lower, an advertisement request is sent.

This list clarifies what the fields means in the summary advertisement packet:

The Followers field indicates that this packet is followed by a Subset Advertisement packet.• The Updater Identity is the IP address of the switch that is the last to have incremented theconfiguration revision.

The Update Timestamp is the date and time of the last increment of the configuration revision.• Message Digest 5 (MD5) carries the VTP password, if MD5 is configured and used to authenticatethe validation of a VTP update.

Subset Advertisements

When you add, delete, or change a VLAN in a Catalyst, the server Catalyst where the changes are madeincrements the configuration revision and issues a summary advertisement. One or several subsetadvertisements follow the summary advertisement. A subset advertisement contains a list of VLANinformation. If there are several VLANs, more than one subset advertisement can be required in order toadvertise all the VLANs.

Cisco − Understanding and Configuring VLAN Trunk Protocol (VTP)

Page 5: Understanding and Configuring VLAN Trunk Protocol (VTP)

This formatted example shows that each VLAN information field contains information for a different VLAN.It is ordered so that lowered−valued ISL VLAN IDs occur first:

Most of the fields in this packet are easy to understand. These are two clarifications:

Code�The format for this is 0x02 for subset advertisement.• Sequence number�This is the sequence of the packet in the stream of packets that follow a summaryadvertisement. The sequence starts with 1.

Advertisement Requests

A switch needs a VTP advertisement request in these situations:

The switch has been reset.• The VTP domain name has been changed.• The switch has received a VTP summary advertisement with a higher configuration revision than itsown.

Upon receipt of an advertisement request, a VTP device sends a summary advertisement. One or more subsetadvertisements follow the summary advertisement. This is an example:

Cisco − Understanding and Configuring VLAN Trunk Protocol (VTP)

Page 6: Understanding and Configuring VLAN Trunk Protocol (VTP)

Code�The format for this is 0x03 for an advertisement request.• Start−Value�This is used in cases in which there are several subset advertisements. If the first (n)subset advertisement has been received and the subsequent one (n+1) has not been received, theCatalyst only requests advertisements from the (n+1)th one.

Other VTP Options

VTP V2

VTP V2 is not much different than VTP V1. The major difference is that VTP V2 introduces support forToken Ring VLANs. If you use Token Ring VLANs, you must enable VTP V2. Otherwise, there is no reasonto use VTP V2.

VTP Password

If you configure a password for VTP, you must configure the password on all switches in the VTP domain.And the password must be the same password on all those switches. The VTP password that you configure istranslated by algorithm into a 16−byte word (MD5 value) that is carried in all summary−advertisement VTPpackets.

VTP Pruning

VTP ensures that all switches in the VTP domain are aware of all VLANs. But, there are occasions when VTPcan create unnecessary traffic. All unknown unicasts and broadcasts in a VLAN are flooded over the entireVLAN. All switches in the network receive all broadcasts, even in situations in which few users are connectedin that VLAN. VTP pruning is a feature that you use in order to eliminate or prune this unnecessary traffic.

Use VTP in a Network

By default, all switches are configured to be VTP servers. This configuration is suitable for small−scalenetworks in which the size of the VLAN information is small and the information is easily stored in allswitches (in NVRAM). In a large network, the network administrator must make a judgment call at somepoint, when the NVRAM storage that is necessary is wasteful because it is duplicated on every switch. At thispoint, the network administrator must choose a few well−equipped switches and keep them as VTP servers.Everything else that participates in VTP can be turned into a client. The number of VTP servers should bechosen in order to provide the degree of redundancy that is desired in the network.

Notes:

Cisco − Understanding and Configuring VLAN Trunk Protocol (VTP)

Page 7: Understanding and Configuring VLAN Trunk Protocol (VTP)

If a switch is configured as a VTP server without a VTP domain name, you cannot configure a VLANon the switch.

If a new Catalyst is attached in the border of two VTP domains, the new Catalyst keeps the domainname of the first switch that sends it a summary advertisement. The only way to attach this switch toanother VTP domain is to manually set a different VTP domain name.

Dynamic Trunking Protocol (DTP) sends the VTP domain name in a DTP packet. Therefore, if youhave two ends of a link that belong to different VTP domains, the trunk does not come up if you useDTP. In this special case, you must configure the trunk mode as on or nonegotiate, on both sides,in order to allow the trunk to come up without DTP negotiation agreement.

If the domain has a single VTP server and it crashes, the best and easiest way to restore the operationis to change any of the VTP clients in that domain to a VTP server. The configuration revision is stillthe same in the rest of the clients, even if the server crashes. Therefore, VTP works properly in thedomain.

VTP Configuration Guidelines

This section provides some guidelines for the configuration of VTP in the network.

All switches have the same the VTP domain name, unless the network design insists for differentVTP domains.

Note: Trunk negotiation does not work across VTP domains. See the Data Traffic Blocked betweenVTP Domains section for more information.

All switches in a VTP domain must run the same VTP version.• All switches in a VTP domain has the same VTP password, if there is any.• All VTP Server switch(es) should have the same configuration revision number and it should also bethe highest in the domain.

When you move a VTP mode of a switch from Transparent to Server, VLANs configured on the VTPTransparent switch should exist on the Server switch.

VTP Configuration on Catalyst Switches

This section provides some basic commands in order to configure VTP on the most commonly used Catalystswitches.

Note: The Catalyst 2948G−L3 and Catalyst 4908G−L3 Layer 3 (L3) switches do not support several Layer 2(L2)−oriented protocols that are found on other Catalyst switches. Such protocols include VTP, DTP, and PortAggregation Protocol (PAgP).

Catalyst 6500/6000 Series Cisco IOS Software/Catalyst 4500/4000 CiscoIOS Software (Supervisor Engine III/Supervisor Engine IV), Catalyst 2950,3550, and 3750 Series Switches

There are two methods that you can use in order to configure VTP, as this section shows. Method 2 (theglobal configuration mode method) is not available in earlier software on Catalyst 6500 series switches thatrun Cisco IOS® Software.

In VLAN database mode:

In Cisco IOS Software, you can configure the VTP domain name, the VTP mode, and the VLANs in

1.

Cisco − Understanding and Configuring VLAN Trunk Protocol (VTP)

Page 8: Understanding and Configuring VLAN Trunk Protocol (VTP)

VLAN configuration mode.

In EXEC mode, issue this command in order to enter VLAN configuration mode:

Router#vlan database

!−−− Issue this command in privileged EXEC mode,!−−− not in global configuration mode.

Router(vlan)#

!−−− This is VLAN configuration mode.

a.

Issue this command in order to set the VTP domain name:

Router(vlan)#vtp mode {client | server | transparent}

b.

Issue the exit command in order to exit VLAN configuration mode.

Note: The end command and the Ctrl−Z command do not work in this mode.

Router(vlan)#end

Router(vlan)#^Z

% Invalid input detected at '^' marker.

Router(vlan)#

Router(vlan)#exit

APPLY completed.Exiting....Router#

c.

In global configuration mode:

In Cisco IOS Software global configuration mode, you can configure all VTP parameters with CiscoIOS Software commands. This is the command format:

Router(config)#vtp ?

domain Set the name of the VTP administrative domain.file Configure IFS filesystem file where VTP configuration is stored.interface Configure interface as the preferred source for the VTP IP updater address. mode Configure VTP device modepassword Set the password for the VTP administrative domainpruning Set the administrative domain to permit pruningversion Set the administrative domain to VTP version

2.

In order to monitor VTP operation and status, issue these commands:

Router#show vtp status

Router#show vtp counters

Catalyst 4500/4000, 5500/5000, or 6500/6000 Series CatOS

Issue this command in order to set the domain name:

Cisco − Understanding and Configuring VLAN Trunk Protocol (VTP)

Page 9: Understanding and Configuring VLAN Trunk Protocol (VTP)

set vtp domain name

Issue this command in order to set the mode:

set vtp mode [server | client | transparent]

Issue these commands in order to monitor the VTP operation and status:

show vtp domainshow vtp status

Catalyst 2900XL, 3500XL, 2950, and 3550

Issue these commands from the VLAN database mode:

Note: This is similar to the method for Cisco 6500 series switches that run Cisco IOS Software.

vtp [client | server | transparent]vtp domain name

From enable mode, issue these commands in order to monitor VTP operation:

show vtp countersshow vtp status

Note: The Catalyst 2900XL series switches with Cisco IOS Software Release 11.2(8)SA4 and later supportVTP protocol. The Cisco IOS Software Release 11.2(8)SA3 and earlier code do not support VTP protocol onCatalyst 2900XL series switches.

Catalyst Express 500 Series Switches

Catalyst Express 500 series switches support only VTP transparent mode. There is currently no support forVTP client or VTP server mode. The user must manually configure all VLANs that is used on the switch.

Open the Switch Management, choose Configure > VLAN > Create, and fill out the available fields inorder to configure a VLAN on a Catalyst Express 500 series switch. Refer to the Create, Modify, and DeleteVLANs section of Customization for more information.

Practical Examples

This first example involves two Catalyst 4000 switches that are connected by a Fast Ethernet link:

Bing is a new switch that has no VTP domain name and no VLAN. Clic is a switch that currentlyexists and runs with 12 VLANs in the VTP domain test.

1.

In this sample output from the show vtp domain command, you can see that the VTP version is set at2. This means that the switch is VTP V2−capable. But the switch does not run VTP V2 in this case.The switch only runs VTP V2 if the V2 mode is enabled with the set vtp v2 enable command:

bing (enable) show vtp domain

Domain Name Domain Index VTP Version Local Mode Password−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−− −−−−−−−−−−−− −−−−−−−−−−− −−−−−−−−−−− −−−−−−−−−−

2.

Cisco − Understanding and Configuring VLAN Trunk Protocol (VTP)

Page 10: Understanding and Configuring VLAN Trunk Protocol (VTP)

1 2 server −

Vlan−count Max−vlan−storage Config Revision Notifications−−−−−−−−−− −−−−−−−−−−−−−−−− −−−−−−−−−−−−−−− −−−−−−−−−−−−−5 1023 0 disabled

Last Updater V2 Mode Pruning PruneEligible on Vlans−−−−−−−−−−−−−−− −−−−−−−− −−−−−−−− −−−−−−−−−−−−−−−−−−−−−−−−−0.0.0.0 disabled disabled 2−1000bing (enable)

bing (enable) show vlan

VLAN Name Status IfIndex Mod/Ports, Vlans−−−− −−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−− −−−−−−−−− −−−−−−− −−−−−−−−−−−−−−−−−−−−−−−−1 default active 67 2/1−2,2/4−48 3/1−61002 fddi−default active 681003 token−ring−default active 711004 fddinet−default active 691005 trnet−default active 70

clic (enable) show vtp domain

Domain Name Domain Index VTP Version Local Mode Password−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−− −−−−−−−−−−−− −−−−−−−−−−− −−−−−−−−−−− −−−−−−−−−−test 1 2 server −

Vlan−count Max−vlan−storage Config Revision Notifications−−−−−−−−−− −−−−−−−−−−−−−−−− −−−−−−−−−−−−−−− −−−−−−−−−−−−−12 1023 11 disabled

Last Updater V2 Mode Pruning PruneEligible on Vlans−−−−−−−−−−−−−−− −−−−−−−− −−−−−−−− −−−−−−−−−−−−−−−−−−−−−−−−−0.0.0.0 disabled disabled 2−1000

clic (enable) show vlan

VLAN Name Status IfIndex Mod/Ports, Vlans−−−− −−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−− −−−−−−−−− −−−−−−− −−−−−−−−−−−−−−−−−−−−−−−−1 default active 65 2/1−2,2/4−502 VLAN0002 active 773 VLAN0003 active 78 2/34 VLAN0004 active 795 VLAN0005 active 736 VLAN0006 active 747 VLAN0007 active 7610 VLAN0010 active 801002 fddi−default active 661003 token−ring−default active 691004 fddinet−default active 671005 trnet−default active 68 68

At this stage, a trunk is created between the two switches. Notice how they synchronize and watch theVTP packet exchange:

MAC 005014BB63FD is clic

MAC 003019798CFD is bing

3.

Clic sends a summary advertisement to bing. Bing learns the VTP domain name from this packet, inFRAME 1 in this sample output:

!−−− On bing:

4.

Cisco − Understanding and Configuring VLAN Trunk Protocol (VTP)

Page 11: Understanding and Configuring VLAN Trunk Protocol (VTP)

received vtp packet: mNo = 2 pNo = 1VTP: i summary, domain = test, rev = 11, followers = 0

!−−− This indicates that bing has received its!−−− first summary advertisement.

domain change notification sentVTP: transitioning from null to test domain

!−−− This is where bing gets the VTP domain name.

VTP: summary packet rev 11 greater than domain test rev 0VTP: domain test currently not in updating stateVTP: summary packet with followers field zero

−−−−−−−−−−−−−−−−−−FRAME 1−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−DLC: −−−−− DLC Header −−−−− DLC: DLC: Frame 1988 arrived at 15:01:00.1223; frame size is 99 (0063 hex) bytes. DLC: Destination = Multicast 01000CCCCCCC DLC: Source = Station 005014BB63FD DLC: 802.3 length = 85 DLC:LLC: −−−−− LLC Header −−−−− LLC: LLC: DSAP Address = AA, DSAP IG Bit = 00 (Individual Address) LLC: SSAP Address = AA, SSAP CR Bit = 00 (Command) LLC: Unnumbered frame: UI LLC:SNAP: −−−−− SNAP Header −−−−− SNAP: SNAP: Vendor ID = Cisco1 SNAP: Type = 2003 (VTP) SNAP:VTP: −−−−− Cisco Virtual Trunk Protocol (VTP) Packet −−−−− VTP: VTP: Version = 1 VTP: Message type = 0x01 (Summary−Advert) VTP: Number of Subset−Advert messages = 0 VTP: Length of management domain name = 4 VTP: Management domain name = "test" VTP: Number of Padding bytes = 28 VTP: Configuration revision number = 0x0000000b VTP: Updater Identity IP address = 0.0.0.0 VTP: Update Timestamp = "930525053753" VTP: MD5 Digest value = 0x857610862F3015F0 VTP: 0x220A52427247A7A0−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−

With trace set, bing receives a summary advertisement with no followers. Therefore, bing updates itsdomain name and sends advertisement requests to obtain the VLAN information, in FRAME 2 in thissample output:

!−−− On bing:

VTP: tx vtp request, domain test, start value 0

!−−− This is where the advertisement request is sent.

−−−−−−−−−−−−−−−−−−−−−−FRAME 2−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−DLC: −−−−− DLC Header −−−−− DLC:

5.

Cisco − Understanding and Configuring VLAN Trunk Protocol (VTP)

Page 12: Understanding and Configuring VLAN Trunk Protocol (VTP)

DLC: Frame 1683 arrived at 17:38:55.9383; frame size is 60 (003C hex) bytes. DLC: Destination = Multicast 01000CCCCCCC DLC: Source = Station 003019798CFD DLC: 802.3 length = 46 DLC:LLC: −−−−− LLC Header −−−−− LLC: LLC: DSAP Address = AA, DSAP IG Bit = 00 (Individual Address) LLC: SSAP Address = AA, SSAP CR Bit = 00 (Command) LLC: Unnumbered frame: UI LLC:SNAP: −−−−− SNAP Header −−−−− SNAP: SNAP: Vendor ID = Cisco1 SNAP: Type = 2003 (VTP) SNAP:VTP: −−−−− Cisco Virtual Trunk Protocol (VTP) Packet −−−−− VTP: VTP: Version = 1 VTP: Message type = 0x03 (Advert−Request) VTP: Reserved VTP: Length of management domain name = 4 VTP: Management domain name = "test" VTP: Padding bytes = 28 VTP: Start value = 0 (all VLANs)−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−

Clic sends another summary advertisement with field followers to VLAN 1. The subset advertisementthat contains all VLANs, in FRAME 3 in this output, follows this packet. Then bing configures all theVLANs:

!−−− On bing:

received vtp packet: mNo = 2 pNo = 1VTP: i summary, domain = test, rev = 11, followers = 1

!−−− Bing has received its second summary advertisement.

VTP: domain test, current rev = 0 found for summary pktVTP: summary packet rev 11 greater than domain test rev 0

!−−− This configuration revision is higher than that on bing.

VTP: domain test currently not in updating statereceived vtp packet: mNo = 2 pNo = 1VTP: i subset, domain = test, rev = 11, seq = 1, length = 344

!−−− Bing has received its subset advertisement.

VTP: domain test, current rev = 0 found for subset pktdomain change notification sentvlan 1 unknown tlv change notification sentvlan 2 unknown tlv change notification sentvtp_vlan_change_notification: vlan = 2, mode = 1(ADD,ACTIVE), mNo = 2 pNo = 1 vlan = 2vlan 3 unknown tlv change notification sentvtp_vlan_change_notification: vlan = 3, mode = 1(ADD,ACTIVE), mNo = 2 pNo = 1 vlan = 3vlan 4 unknown tlv change notification sentvtp_vlan_change_notification: vlan = 4, mode = 1(ADD,ACTIVE), mNo = 2 pNo = 1 vlan = 4vlan 5 unknown tlv change notification sentvtp_vlan_change_notification: vlan = 5, mode = 1

6.

Cisco − Understanding and Configuring VLAN Trunk Protocol (VTP)

Page 13: Understanding and Configuring VLAN Trunk Protocol (VTP)

(ADD,ACTIVE), mNo = 2 pNo = 1 vlan = 5vlan 6 unknown tlv change notification sentvtp_vlan_change_notification: vlan = 6, mode = 1(ADD,ACTIVE), mNo = 2 pNo = 1 vlan = 6vlan 7 unknown tlv change notification sentvtp_vlan_change_notification: vlan = 7, mode = 1(ADD,ACTIVE), mNo = 2 pNo = 1 vlan = 7

−−−−−−−−−−−−−−−−−FRAME 3−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−DLC: −−−−− DLC Header −−−−− DLC: DLC: Frame 2008 arrived at 15:01:03.9661; frame size is 99 (0063 hex) bytes. DLC: Destination = Multicast 01000CCCCCCC DLC: Source = Station 003019798CFD DLC: 802.3 length = 85 DLC:LLC: −−−−− LLC Header −−−−− LLC: LLC: DSAP Address = AA, DSAP IG Bit = 00 (Individual Address) LLC: SSAP Address = AA, SSAP CR Bit = 00 (Command) LLC: Unnumbered frame: UI LLC:SNAP: −−−−− SNAP Header −−−−− SNAP: SNAP: Vendor ID = Cisco1 SNAP: Type = 2003 (VTP) SNAP:VTP: −−−−− Cisco Virtual Trunk Protocol (VTP) Packet −−−−− VTP: VTP: Version = 1 VTP: Message type = 0x01 (Summary−Advert) VTP: Number of Subset−Advert messages = 1

!−−− Here are the numbers.

VTP: Length of management domain name = 4 VTP: Management domain name = "test" VTP: Number of Padding bytes = 28 VTP: Configuration revision number = 0x0000000b VTP: Updater Identity IP address = 0.0.0.0 VTP: Update Timestamp = "930525053753" VTP: MD5 Digest value = 0x857610862F3015F0 VTP: 0x220A52427247A7A0

DLC: −−−−− DLC Header −−−−− DLC: DLC: Frame 2009 arrived at 15:01:03.9664; frame size is 366 (016E hex) bytes. DLC: Destination = Multicast 01000CCCCCCC DLC: Source = Station 003019798CFD DLC: 802.3 length = 352 DLC:LLC: −−−−− LLC Header −−−−− LLC: LLC: DSAP Address = AA, DSAP IG Bit = 00 (Individual Address) LLC: SSAP Address = AA, SSAP CR Bit = 00 (Command) LLC: Unnumbered frame: UI LLC:SNAP: −−−−− SNAP Header −−−−− SNAP: SNAP: Vendor ID = Cisco1 SNAP: Type = 2003 (VTP) SNAP:VTP: −−−−− Cisco Virtual Trunk Protocol (VTP) Packet −−−−− VTP:

Cisco − Understanding and Configuring VLAN Trunk Protocol (VTP)

Page 14: Understanding and Configuring VLAN Trunk Protocol (VTP)

VTP: Version = 1 VTP: Message type = 0x02 (Subset−Advert) VTP: Sequence number = 1 VTP: Management Domain Name length = 4 VTP: Management Domain Name = "test" VTP: Number of Padding bytes = 28 VTP: Configuration revision number = 0x0000000b VTP: VTP: VLAN Information Field # 1: VTP: VLAN information field length = 20 VTP: VLAN Status = 00 (Operational) VTP: VLAN type = 1 (Ethernet) VTP: Length of VLAN name = 7 VTP: ISL VLAN−id = 1 VTP: MTU size = 1500 VTP: 802.10 SAID field = 100001 VTP: VLAN Name = "default" VTP: # padding bytes in VLAN Name = 1 VTP: VTP: VLAN Information Field # 2: VTP: VLAN information field length = 20 VTP: VLAN Status = 00 (Operational) VTP: VLAN type = 1 (Ethernet) VTP: Length of VLAN name = 8 VTP: ISL VLAN−id = 2 VTP: MTU size = 1500 VTP: 802.10 SAID field = 100002 VTP: VLAN Name = "VLAN0002" VTP: # padding bytes in VLAN Name = 0 VTP: VTP: VLAN Information Field # 3: VTP: VLAN information field length = 20 VTP: VLAN Status = 00 (Operational) VTP: VLAN type = 1 (Ethernet) VTP: Length of VLAN name = 8 VTP: ISL VLAN−id = 3 VTP: MTU size = 1500 VTP: 802.10 SAID field = 100003 VTP: VLAN Name = "VLAN0003" VTP: # padding bytes in VLAN Name = 0 VTP: VTP: VLAN Information Field # 4: VTP: VLAN information field length = 20 VTP: VLAN Status = 00 (Operational) VTP: VLAN type = 1 (Ethernet) VTP: Length of VLAN name = 8 VTP: ISL VLAN−id = 4 VTP: MTU size = 1500 VTP: 802.10 SAID field = 100004 VTP: VLAN Name = "VLAN0004" VTP: # padding bytes in VLAN Name = 0 VTP: VTP: VLAN Information Field # 5: VTP: VLAN information field length = 20 VTP: VLAN Status = 00 (Operational) VTP: VLAN type = 1 (Ethernet) VTP: Length of VLAN name = 8 VTP: ISL VLAN−id = 5 VTP: MTU size = 1500 VTP: 802.10 SAID field = 100005 VTP: VLAN Name = "VLAN0005" VTP: # padding bytes in VLAN Name = 0 VTP: VTP: VLAN Information Field # 6:

Cisco − Understanding and Configuring VLAN Trunk Protocol (VTP)

Page 15: Understanding and Configuring VLAN Trunk Protocol (VTP)

VTP: VLAN information field length = 20 VTP: VLAN Status = 00 (Operational) VTP: VLAN type = 1 (Ethernet) VTP: Length of VLAN name = 8 VTP: ISL VLAN−id = 6 VTP: MTU size = 1500 VTP: 802.10 SAID field = 100006 VTP: VLAN Name = "VLAN0006" VTP: # padding bytes in VLAN Name = 0 VTP: VTP: VLAN Information Field # 7: VTP: VLAN information field length = 20 VTP: VLAN Status = 00 (Operational) VTP: VLAN type = 1 (Ethernet) VTP: Length of VLAN name = 8 VTP: ISL VLAN−id = 7 VTP: MTU size = 1500 VTP: 802.10 SAID field = 100007 VTP: VLAN Name = "VLAN0007" VTP: # padding bytes in VLAN Name = 0 VTP: VTP: VLAN Information Field # 8: VTP: VLAN information field length = 20 VTP: VLAN Status = 00 (Operational) VTP: VLAN type = 1 (Ethernet) VTP: Length of VLAN name = 8 VTP: ISL VLAN−id = 10 VTP: MTU size = 1500 VTP: 802.10 SAID field = 100010 VTP: VLAN Name = "VLAN0010" VTP: # padding bytes in VLAN Name = 0 VTP: VTP: VLAN Information Field # 9: VTP: VLAN information field length = 32 VTP: VLAN Status = 00 (Operational) VTP: VLAN type = 2 (FDDI) VTP: Length of VLAN name = 12 VTP: ISL VLAN−id = 1002 VTP: MTU size = 1500 VTP: 802.10 SAID field = 101002 VTP: VLAN Name = "fddi−default" VTP: # padding bytes in VLAN Name = 0 VTP: Reserved 8 bytes VTP: VTP: VLAN Information Field # 10: VTP: VLAN information field length = 40 VTP: VLAN Status = 00 (Operational) VTP: VLAN type = 3 (Token−Ring) VTP: Length of VLAN name = 18 VTP: ISL VLAN−id = 1003 VTP: MTU size = 1500 VTP: 802.10 SAID field = 101003 VTP: VLAN Name = "token−ring−default" VTP: # padding bytes in VLAN Name = 2 VTP: Reserved 8 bytes VTP: VTP: VLAN Information Field # 11: VTP: VLAN information field length = 36 VTP: VLAN Status = 00 (Operational) VTP: VLAN type = 4 (FDDI−Net) VTP: Length of VLAN name = 15 VTP: ISL VLAN−id = 1004 VTP: MTU size = 1500 VTP: 802.10 SAID field = 101004

Cisco − Understanding and Configuring VLAN Trunk Protocol (VTP)

Page 16: Understanding and Configuring VLAN Trunk Protocol (VTP)

VTP: VLAN Name = "fddinet−default" VTP: # padding bytes in VLAN Name = 1 VTP: Reserved 8 bytes VTP: VTP: VLAN Information Field # 12: VTP: VLAN information field length = 36 VTP: VLAN Status = 00 (Operational) VTP: VLAN type = 5 (TR−Net) VTP: Length of VLAN name = 13 VTP: ISL VLAN−id = 1005 VTP: MTU size = 1500 VTP: 802.10 SAID field = 101005 VTP: VLAN Name = "trnet−default" VTP: # padding bytes in VLAN Name = 3 VTP: Reserved 8 bytes−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−

At this point, both switches are synchronized:

bing (enable) show vtp domain

Domain Name Domain Index VTP Version Local Mode Password−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−− −−−−−−−−−−−− −−−−−−−−−−− −−−−−−−−−−− −−−−−−−−−−test 1 2 server −

Vlan−count Max−vlan−storage Config Revision Notifications−−−−−−−−−− −−−−−−−−−−−−−−−− −−−−−−−−−−−−−−− −−−−−−−−−−−−−12 1023 11 disabled

Last Updater V2 Mode Pruning PruneEligible on Vlans−−−−−−−−−−−−−−− −−−−−−−− −−−−−−−− −−−−−−−−−−−−−−−−−−−−−−−−−0.0.0.0 disabled disabled 2−1000

bing (enable) show vlan

VLAN Name Status IfIndex Mod/Ports, Vlans−−−− −−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−− −−−−−−−−− −−−−−−− −−−−−−−−−−−−−−−−−−−−−−−−1 default active 127 2/2−48 3/1−62 VLAN0002 active 1323 VLAN0003 active 1334 VLAN0004 active 1345 VLAN0005 active 1356 VLAN0006 active 1367 VLAN0007 active 13710 VLAN0010 active 1381002 fddi−default active 1281003 token−ring−default active 1311004 fddinet−default active 1291005 trnet−default active 130

This example shows how to verify the VTP configuration on a Catalyst 6000 that runs Cisco IOSSoftware:

Router#show vtp status

VTP Version: 2Configuration Revision: 247Maximum VLANs supported locally: 1005Number of existing VLANs: 33VTP Operating Mode: ClientVTP Domain Name: Lab_NetworkVTP Pruning Mode: EnabledVTP V2 Mode: Disabled

7.

Cisco − Understanding and Configuring VLAN Trunk Protocol (VTP)

Page 17: Understanding and Configuring VLAN Trunk Protocol (VTP)

VTP Traps Generation: DisabledMD5 digest: 0x45 0x52 0xB6 0xFD 0x63 0xC8 0x49 0x80Configuration last modified by 0.0.0.0 at 8−12−99 15:04:49Router#

This example shows how to display VTP statistics on a Catalyst 6000 that runs Cisco IOS Software:

Router#show vtp counters

VTP statistics:Summary advertisements received: 7Subset advertisements received: 5Request advertisements received: 0Summary advertisements transmitted: 997Subset advertisements transmitted: 13Request advertisements transmitted: 3Number of config revision errors: 0Number of config digest errors: 0Number of V1 summary errors: 0VTP pruning statistics:

Trunk Join Transmitted Join Received Summary advts received from on−pruning−capable device−−−−−−−−−−−−−−−− −−−−−−−−−−−−−−−− −−−−−−−−−−−−−−−− −−−−−−−−−−−−−−−−−−−−−−−−−−−Fa5/8 43071 42766 5

VTP Troubleshooting and Caveats

This section discusses some common troubleshooting situations for VTP.

Unable to See VLAN Details in the show run Command Output

Configuration changes in CatOS are written to NVRAM immediately after a change is made. In contrast,Cisco IOS Software does not save configuration changes to NVRAM unless you issue the copyrunning−config startup−config command. VTP client and server systems require VTP updates from otherVTP servers to be immediately saved in NVRAM without user intervention. The VTP update requirementsare met by the default CatOS operation, but the Cisco IOS update model requires an alternative updateoperation.

For this alteration, a VLAN database was introduced into Cisco IOS Software as a method to immediatelysave VTP updates for VTP clients and servers. In some versions of software, this VLAN database is in theform of a separate file in NVRAM, called the vlan.dat file. You can view VTP/VLAN information that isstored in the vlan.dat file for the VTP client or VTP server if you issue the show vtp status command.

VTP server/client mode switches do not save the entire VTP/VLAN configuration to the startup config file inthe NVRAM when you issue the copy running−config startup−config command on these systems. It savesthe configuration in the vlan.dat file. This does not apply to systems that run as VTP transparent. VTPtransparent systems save the entire VTP/VLAN configuration to the startup config file in NVRAM when youissue the copy running−config startup−config command. For example, if you delete vlan.dat file after theconfiguration of the VTP in Server or Client mode and reload the switch, it resets the VTP configuration todefault settings. But if you configure VTP in transparent mode, delete the vlan.dat and reload the switch, itretains the VTP configuration. This is an example of default VTP configuration.

Switch#show vtp statusVTP Version : 2Configuration Revision : 0

Cisco − Understanding and Configuring VLAN Trunk Protocol (VTP)

Page 18: Understanding and Configuring VLAN Trunk Protocol (VTP)

Maximum VLANs supported locally : 1005Number of existing VLANs : 5VTP Operating Mode : ClientVTP Domain Name : CISCOVTP Pruning Mode : DisabledVTP V2 Mode : DisabledVTP Traps Generation : DisabledMD5 digest : 0xD3 0x78 0x41 0xC8 0x35 0x56 0x89 0x97Configuration last modified by 0.0.0.0 at 0−0−00 00:00:00

You can configure normal−range VLANs (2 through 1000) when the switch is in either VTP server ortransparent mode. But, you can only configure extended−range VLANs (1025 through 4094) in VTPtransparent switches.

In order to display all the VLAN configurations, the VLAN ID, name, and so forth, that are stored inthe binary file, you must issue the show vlan command.

You can display the VTP information, the mode, domain, and so forth, with use of the show vtpstatus command.

The VLAN information and the VTP information are not displayed in the show running−configcommand output when the switch is in the VTP server/client mode. This is normal behavior of theswitch.

Router#show run | include vlanvlan internal allocation policy ascending

Router#show run | include vtp

Switches that are in VTP transparent mode display the VLAN and VTP configurations in the showrunning−config command output because this information is also stored in the configuration text file.

Router#show run | include vlanvlan internal allocation policy ascendingvlan 1 tb−vlan1 1002 tb−vlan2 1003vlan 20−21,50−51 vlan 1002 tb−vlan1 1 tb−vlan2 1003vlan 1003 tb−vlan1 1 tb−vlan2 1002vlan 1004vlan 1005 Router#show run | include vtpvtp domain ciscovtp mode transparent

Catalyst Switches Do Not Exchange VTP Information

VTP allows switches to advertise VLAN information between other members of the same VTP domain. VTPallows a consistent view of the switched network across all switches. There are several reasons why theVLAN information can fail to be exchanged.

Verify these items if switches that run VTP fail to exchange VLAN information:

VTP information only passes through a trunk port. Make sure that all ports that interconnect switchesare configured as trunks and are actually trunking.

Cisco − Understanding and Configuring VLAN Trunk Protocol (VTP)

Page 19: Understanding and Configuring VLAN Trunk Protocol (VTP)

Make sure that the VLANs are active in all the devices.• One of the switches must be the VTP server in a VTP domain. All VLAN changes must be done onthis switch in order to have them propagated to the VTP clients.

The VTP domain name must match and it is case sensitive. CISCO and cisco are two different domainnames.

Make sure that no password is set between the server and client. If any password is set, make sure thatthe password is the same on both sides.

Every switch in the VTP domain must use the same VTP version. VTP V1 and VTP V2 are notcompatible on switches in the same VTP domain. Do not enable VTP V2 unless every switch in theVTP domain supports V2.

Note: VTP V2 is disabled by default on VTP V2−capable switches. When you enable VTP V2 on aswitch, every VTP V2−capable switch in the VTP domain enables V2. You can only configure theversion on switches in VTP server or transparent mode.

Switches that operate in transparent mode drop VTP advertisements if they are not in the same VTPdomain. A switch that is in VTP transparent mode and uses VTP V2 propagates all VTP messages,regardless of the VTP domain that is listed. However, a switch with VTP V1 only propagates VTPmessages that have the same VTP domain as the domain that is configured on the local switch.

The extended−range VLANs are not propagated. So you must configure extended−range VLANsmanually on each network device.

Note: In the future, the Catalyst 6500 Cisco IOS Software switches support VTP Version 3. Thisversion is able to transmit extended−range VLANs. So far, VTP Version 3 is only supported onCatOS. Refer to the Understanding How VTP Version 3 Works section of Configuring VTP for moreinformation on VTP Version 3.

The Security Association Identifier (SAID) values must be unique. SAID is a user−configurable,4−byte VLAN identifier. The SAID identifies traffic that belongs to a particular VLAN. The SAIDalso determines to which VLAN each packet is switched. The SAID value is 100,000 plus the VLANnumber. These are two examples:

The SAID for VLAN 8 is 100008.♦ The SAID for VLAN 4050 is 104050.♦

The updates from a VTP server do not get updated on a client if the client already has a higher VTPrevision number. Neither does the client allow these updates to flow to its downstream VTP clients ifthe client has a higher revision number than that which the VTP server sends.

Catalyst Switch Automatically Changes VTP Mode from Client toTransparent

Some Catalyst Layer 2 and Layer 3 fixed configuration switches change the VTP mode automatically fromclient to transparent with this error message:

%SW_VLAN−6−VTP_MODE_CHANGE: VLAN manager changing device mode from CLIENT to TRANSPARENT.

Either of these two reasons can cause the automatic VTP mode change in these switches:

More VLANs run on the Spanning Tree Protocol (STP) than the switch can support.

Catalyst Layer 2 and Layer 3 fixed configuration switches support a different maximum number ofinstances of STP with the use of per−VLAN spanning tree+ (PVST+). For example, the Catalyst 2940supports four instances of STP in PVST+ mode, while the Catalyst 3750 supports 128 instances of

Cisco − Understanding and Configuring VLAN Trunk Protocol (VTP)

Page 20: Understanding and Configuring VLAN Trunk Protocol (VTP)

STP in PVST+ mode. If more than the maximum number of VLANs is defined in the VTP, theVLANs that remain operate with STP disabled.

If the number of instances of STP that is already in use is greater than the maximum number, you candisable STP on one of the VLANs and enable it on the VLAN where you want STP to run. Issue theno spanning−tree vlan vlan−id global configuration command in order to disable STP on a specificVLAN. Then, issue the spanning−tree vlan vlan−id global configuration command in order toenable STP on the desired VLAN.

Note: Switches that do not run STP still forward the bridge protocol data units (BPDUs) that theyreceive. In this way, the other switches on the VLAN that have a running STP instance can breakloops. Therefore, STP must run on enough switches in order to break all the loops in the network. Forexample, at least one switch on each loop in the VLAN must run STP. You do not need to run STP onall switches in the VLAN. However, if you run STP only on a minimal set of switches, a change tothe network can introduce a loop into the network and can result in a broadcast storm.

Workarounds:

Reduce the number of VLANs that are configured to a number that the switch supports.♦ Configure the IEEE 802.1s Multiple STP (MSTP) on the switch in order to map multipleVLANs to a single STP instance.

Use switches and/or images (Enhanced Image [EI]) which support a greater number ofVLANs.

The switch receives more VLANs from a connected switch than the switch can support.

An automatic VTP mode change also can occur if the switch receives a VLAN configuration databasemessage that contains more than a set number of VLANs. This normally happens in Catalyst Layer 2and Layer 3 fixed configuration switches when they are connected to a VTP domain that has moreVLANs than are supported locally.

Workarounds:

Configure the allowed VLAN list on the trunk port of the connected switch in order to restrictthe number of VLANs that are passed to the client switch.

Enable pruning on the VTP server switch.♦ Use switches and/or images (EI) which support a greater number of VLANs.♦

Data Traffic Blocked between VTP Domains

Sometimes it is required to connect to switches that belong to two different VTP domains. For example, thereare two switches called Switch1 and Switch2. Switch1 belongs to VTP domain cisco1 and Switch2 belongs toVTP domain cisco2. When you configure trunk between these two switches with the Dynamic TrunkNegotiation (DTP), the trunk negotiation fails and the trunk between the switches does not form, because theDynamic Trunking Protocol (DTP) sends the VTP domain name in a DTP packet. Because of this, the datatraffic does not pass between the switches.

Switch1#show vtp statusVTP Version : 2Configuration Revision : 0Maximum VLANs supported locally : 1005Number of existing VLANs : 9VTP Operating Mode : ServerVTP Domain Name : cisco1VTP Pruning Mode : Disabled

Cisco − Understanding and Configuring VLAN Trunk Protocol (VTP)

Page 21: Understanding and Configuring VLAN Trunk Protocol (VTP)

VTP V2 Mode : DisabledVTP Traps Generation : Disabled

Switch2#show vtp statusVTP Version : 2Configuration Revision : 2Maximum VLANs supported locally : 1005Number of existing VLANs : 42VTP Operating Mode : ServerVTP Domain Name : cisco2VTP Pruning Mode : DisabledVTP V2 Mode : DisabledVTP Traps Generation : Disabled

Switch1#show interface fastethernet 1/0/23 trunk

Port Mode Encapsulation Status Native vlanFa1/0/23 auto 802.1q not−trunking 1

Port Vlans allowed on trunkFa1/0/23 1

Port Vlans allowed and active in management domainFa1/0/23 1

Port Vlans in spanning tree forwarding state and not prunedFa1/0/23 1

It is possible that you can also see this error message. Some of the switches do not show this error message.

4w2d: %DTP−SP−5−DOMAINMISMATCH: Unable to perform trunk negotiation on port Fa3/3 because of VTP domain mismatch.

The solution for this issue is to manually force the trunking instead in order to rely on the DTP. Configure thetrunk ports between the switches with the switchport mode trunk command.

Switch1(config)#interface fastethernet 1/0/23switch1(config−if)#switchport mode trunk

Switch2(config)#interface fastethernet 3/3switch2(config−if)#switchport mode trunk

switch1#show interface fastethernet 1/0/23 trunk

Port Mode Encapsulation Status Native vlanFa1/0/23 on 802.1q trunking 1

Port Vlans allowed on trunkFa1/0/23 1−4094

Port Vlans allowed and active in management domainFa1/0/23 1−5

Port Vlans in spanning tree forwarding state and not prunedFa1/0/23 1−5

Cisco − Understanding and Configuring VLAN Trunk Protocol (VTP)

Page 22: Understanding and Configuring VLAN Trunk Protocol (VTP)

CatOS Switch Changes to VTP Transparent Mode,VTP−4−UNSUPPORTEDCFGRCVD:

A recent change in CatOS incorporated a protective feature that causes a CatOS switch to go into VTPtransparent mode in order to prevent the possibility of a switch reset because of a watchdog timeout. Thischange is documented in these Cisco bug IDs:

CSCdu32627 ( registered customers only)• CSCdv77448 ( registered customers only)•

How Do I Determine If My Switch Might Be Affected?

The watchdog timeout can occur if these two conditions are met:

The Token Ring VLAN (1003) is translated to VLAN 1.• You make a change in VLAN 1.•

Issue the show vlan command on the Catalyst in order to observe the Token Ring VLAN translation. This isan example of show vlan command output:

VLAN Type SAID MTU Parent RingNo BrdgNo Stp BrdgMode Trans1 Trans2−−−− −−−−− −−−−−−−−−− −−−−− −−−−−− −−−−−− −−−−−− −−−− −−−−−−−− −−−−−− −−−−−−1 enet 100001 1500 − − − − − 1003

How Does CatOS Version 6.3(3) Protect My Switch from a Watchdog Timeout?

There is a protective feature in order to prevent a watchdog timeout in this CatOS version. The Catalystswitch switches from VTP server/client to VTP transparent mode.

How Do I Determine If My Switch Has Gone to VTP Transparent Mode in Order to ProtectAgainst a Watchdog Timeout?

Your switch has gone to VTP transparent mode if the logging level for the VTP is raised to 4.

Console> (enable) set logging level vtp 4 default

You see this message when the switchover occurs:

VTP−4−UNSUPPORTEDCFGRCVD:Rcvd VTP advert with unsupported vlan config on trunk mod/port− VTP mode changed to transparent

What Are the Negative Effects When the Switch Goes to VTP Transparent Mode?

If pruning is enabled, the trunks go down.1. If the trunks go down and no other ports are in that VLAN, the VLAN interface in the installedMultilayer Switch Feature Card (MSFC) goes down.

2.

If these effects occur, and this switch is in the core of your network, your network can be negatively affected.

From Where Does the Unsupported VTP Configuration Come?

Any Cisco IOS Software−based switch, such as the switches in this list, can supply the unsupported VTPconfiguration:

Cisco − Understanding and Configuring VLAN Trunk Protocol (VTP)

Page 23: Understanding and Configuring VLAN Trunk Protocol (VTP)

A Catalyst 2900/3500XL• A Cisco IOS Software Catalyst 6500• A Cisco IOS Software−based Catalyst 4000•

These products translate the 1003 VLAN to VLAN 1 by default.

What Is the Solution?

The solution in CatOS−based switches enables the switches to handle this translated information properly.The solution for the Cisco IOS Software−based switches is to remove this default translation and match thebehavior of the CatOS−based switches. These are the integrated fixed versions that are currently available:

Catalyst SwitchFixed Releases

CatOS switches

5.5(14) and later

6.3(6) and later

7.2(2) and later

Catalyst 4000 (SupervisorEngine III)

Not affectedCatalyst 6500 (SupervisorEngine Cisco IOS Software) Cisco IOS Software Release

12.1(8a)EX and laterCatalyst 2900 and 3500XL Cisco IOS Software Release

12.0(5)WC3 and later

If you cannot upgrade to images that have these fixes integrated, you can modify the configuration in theCisco IOS Software−based switches. Use this procedure if the switch is a VTP server:

goss#vlan data

goss(vlan)#no vlan 1 tb−vlan1 tb−vlan2

Resetting translation bridge VLAN 1 to defaultResetting translation bridge VLAN 2 to default

goss(vlan)#no vlan 1003 tb−vlan1 tb−vlan2

Resetting translation bridge VLAN 1 to defaultResetting translation bridge VLAN 2 to default

goss(vlan)#apply

APPLY completed.

goss(vlan)#exit

APPLY completed.Exiting....

The 1002 VLAN can be translated, but you can also remove it if you include this in your configuration:

goss(vlan)#no vlan 1002 tb−vlan1 tb−vlan2

Resetting translation bridge VLAN 1 to default

Cisco − Understanding and Configuring VLAN Trunk Protocol (VTP)

Page 24: Understanding and Configuring VLAN Trunk Protocol (VTP)

Resetting translation bridge VLAN 2 to default

When Exactly Does My Switch Change to VTP Transparent Mode?

Some confusion exists about when this switchover to VTP transparent mode occurs. The scenarios in thissection provide examples of when the switchover can happen.

Example 1

These are the initial conditions:

Both the Catalyst 6500 and the Catalyst 3500XL are VTP servers with the same VTPconfiguration revision number.

Both servers have the same VTP domain name and the same VTP password, if the passwordis configured.

The Catalyst 3500XL has the translated Token Ring VLAN.♦ You start the servers while they are disconnected.♦

If you connect these two switches, the Catalyst 6500 goes to VTP transparent mode. Of course, thisalso happens if the Cisco 3500XL has a higher VTP configuration revision number than the Catalyst6500 configuration revision number. Moreover, if the switch to VTP transparent mode happens whenyou physically connect the two switches, you can reasonably assume that the change would alsohappen if you booted the Catalyst 6500 for the first time while the switch was already connected.

Example 2

These are the initial conditions:

The Catalyst 6500 is a VTP server.♦ The Catalyst 3500XL is a VTP client.♦ The Catalyst 3500XL has a higher VTP configuration revision number than the Catalyst 6500configuration revision number.

Both switches have the same VTP domain and the same VTP password, if the password isconfigured.

The Catalyst 3500XL has the translated Token Ring VLAN.♦ You start the servers while they are disconnected.♦

If you connect these two switches, the Catalyst 6500 goes to VTP transparent mode. In this scenario,if the Catalyst 3500XL has a lower configuration revision number than the Catalyst 6500configuration revision number, the Catalyst 6500 does not switch to VTP transparent mode. If theCatalyst 3500XL has the same configuration revision number, the Catalyst 6500 does not go to VTPtransparent mode. But the translation is still present in the Catalyst 3500XL.

What Is the Quickest Way to Recover After I Notice the Translation in My Network?

Even if you correct the Token Ring VLAN information in one switch, such as the switch that malfunctioned,the information can have propagated throughout your network. You can use the show vlan command in orderto determine if this occurred. Therefore, the quickest way to recover is to perform these steps:

Cisco − Understanding and Configuring VLAN Trunk Protocol (VTP)

Page 25: Understanding and Configuring VLAN Trunk Protocol (VTP)

Take a Cisco IOS Software−based switch, such as a Catalyst XL that is connected to the network, andchange the switch to a VTP server.

1.

Remove the translated VLANs.2. After you apply the change in the switch, reconnect the switch to the network.

The change should be propagated to all the other VTP servers and clients.

You can use the show vlan command in order to verify that the translation is gone in the network. Atthis point, you should be able to change the affected CatOS 6.3(3) switch back to a VTP server.

Note: The Catalyst XL switches do not support as many VLANs as the Catalyst 6500s support.Ensure that all the VLANs in the Catalyst 6500 exist in the Catalyst XL switch before you reconnectthem. For example, you do not want to connect a Catalyst 3548XL with 254 VLANs and a higherVTP configuration revision number to a Catalyst 6500 that has 500 VLANs configured.

3.

How a Recently Inserted Switch Can Cause Network Problems

Note: See the Flash Animation: VTP section of this document in order to see a Flash demonstration of thisproblem.

This problem occurs when you have a large switched domain that is all in the same VTP domain, and youwant to add one switch in the network.

This switch was previously used in the lab, and a good VTP domain name was entered. The switch wasconfigured as a VTP client and was connected to the rest of the network. Then, you brought the ISL link up tothe rest of the network. In just a few seconds, the whole network was down. What can have happened?

The configuration revision number of the switch that you inserted was higher than the configuration revisionnumber of the VTP domain. Therefore, your recently introduced switch, with almost no configured VLANs,erased all VLANs through the VTP domain.

This happens whether the switch is a VTP client or a VTP server. A VTP client can erase VLAN informationon a VTP server. You can tell that this has happened when many of the ports in your network go into inactivestate but continue to be assigned to a nonexistent VLAN.

Solution

Quickly reconfigure all of the VLANs on one of the VTP servers.

What to Remember

Always make sure that the configuration revision number of all switches that you insert into the VTP domainis lower than the configuration revision number of the switches that are already in the VTP domain.

If you have the output of a show tech−support command from your Cisco device, you can use the OutputInterpreter ( registered customers only) in order to display potential issues and fixes.

Example

Complete these steps in order to see an example of this problem:

Cisco − Understanding and Configuring VLAN Trunk Protocol (VTP)

Page 26: Understanding and Configuring VLAN Trunk Protocol (VTP)

Issue these commands in order to see that clic has 7 VLANs (1, 2, 3, and the defaults), clic is the VTPserver in the domain named test, and port 2/3 is in VLAN 3:

clic (enable) show vlan

1993 May 25 05:09:50 %PAGP−5−PORTTOSTP:Port 2/1 joined bridge port 2/1 lanVLAN Name Status IfIndex Mod/Ports, Vlans−−−− −−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−− −−−−−−−−− −−−−−−− −−−−−−−−−−−−−−−−−−−−−−−−1 default active 65 2/2,2/4−502 VLAN0002 active 703 VLAN0003 active 71 2/31002 fddi−default active 661003 token−ring−default active 691004 fddinet−default active 671005 trnet−default active 68 68

clic (enable) show vtp domain

Domain Name Domain Index VTP Version Local Mode Password−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−− −−−−−−−−−−−− −−−−−−−−−−− −−−−−−−−−−− −−−−−−−−−−test 1 2 server −

Vlan−count Max−vlan−storage Config Revision Notifications−−−−−−−−−− −−−−−−−−−−−−−−−− −−−−−−−−−−−−−−− −−−−−−−−−−−−−7 1023 0 disabled

Last Updater V2 Mode Pruning PruneEligible on Vlans−−−−−−−−−−−−−−− −−−−−−−− −−−−−−−− −−−−−−−−−−−−−−−−−−−−−−−−−0.0.0.0 disabled disabled 2−1000

clic (enable) show port 2/3

Port Name Status Vlan Level Duplex Speed Type−−−−− −−−−−−−−−−−−−−−−−− −−−−−−−−−− −−−−−−−−−− −−−−−− −−−−−− −−−−− −−−−−−−−−−−− 2/3 connected 3 normal 10 half 10/100BaseTX

1.

Connect bing, which is a lab switch on which VLANs 4, 5, and 6 were created.

Note: The configuration revision number is 3 in this switch.

bing (enable) show vlan

VLAN Name Status IfIndex Mod/Ports, Vlans−−−− −−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−− −−−−−−−−− −−−−−−− −−−−−−−−−−−−−−−−−−−−−−−−1 default active 4 2/1−48 3/1−64 VLAN0004 active 635 VLAN0005 active 646 VLAN0006 active 651002 fddi−default active 51003 token−ring−default active 81004 fddinet−default active 61005 trnet−default active 7

2.

Place bing in the same VTP domain (test).

bing (enable) show vtp domain

Domain Name Domain Index VTP Version Local Mode Password−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−− −−−−−−−−−−−− −−−−−−−−−−− −−−−−−−−−−− −−−−−−−−−−test 1 2 server −

Vlan−count Max−vlan−storage Config Revision Notifications−−−−−−−−−− −−−−−−−−−−−−−−−− −−−−−−−−−−−−−−− −−−−−−−−−−−−−

3.

Cisco − Understanding and Configuring VLAN Trunk Protocol (VTP)

Page 27: Understanding and Configuring VLAN Trunk Protocol (VTP)

8 1023 3 disabled

Last Updater V2 Mode Pruning PruneEligible on Vlans−−−−−−−−−−−−−−− −−−−−−−− −−−−−−−− −−−−−−−−−−−−−−−−−−−−−−−−−10.200.8.38 disabled disabled 2−1000

Configure the trunk between the two switches in order to integrate bing in the network.

Bing erased the clic VLAN, and now clic has VLANs 4, 5, and 6. But, clic no longer has VLANs 2and 3, and port 2/3 is inactive.

clic (enable) show vtp domain

Domain Name Domain Index VTP Version Local Mode Password−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−− −−−−−−−−−−−− −−−−−−−−−−− −−−−−−−−−−− −−−−−−−−−−test 1 2 server −

Vlan−count Max−vlan−storage Config Revision Notifications−−−−−−−−−− −−−−−−−−−−−−−−−− −−−−−−−−−−−−−−− −−−−−−−−−−−−−8 1023 3 disabled

Last Updater V2 Mode Pruning PruneEligible on Vlans−−−−−−−−−−−−−−− −−−−−−−− −−−−−−−− −−−−−−−−−−−−−−−−−−−−−−−−−10.200.8.38 disabled disabled 2−1000clic (enable)

clic (enable) show vlan

VLAN Name Status IfIndex Mod/Ports, Vlans−−−− −−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−− −−−−−−−−− −−−−−−− −−−−−−−−−−−−−−−−−−−−−−−−1 default active 65 2/2,2/4−504 VLAN0004 active 725 VLAN0005 active 736 VLAN0006 active 741002 fddi−default active 661003 token−ring−default active 691004 fddinet−default active 671005 trnet−default active 68 68

clic (enable) show port 2/3

Port Name Status Vlan Level Duplex Speed Type−−−−− −−−−−−−−−−−−−−−−−− −−−−−−−−−− −−−−−−−−−− −−−−−− −−−−−− −−−−− −−−−−−−−−−−− 2/3 inactive 3 normal auto auto 10/100BaseTX

4.

Reset the Configuration Revision number

You can easily reset the Configuration Revision number by either of the two procedures.

Reset the Configuration Revision using Domain Name

Complete these steps in order to reset the configuration revision number with the change of the DomainName:

Issue this command in order to see that the configuration is empty:

clic (enable) show vtp domain

Domain Name Domain Index VTP Version Local Mode Password−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−− −−−−−−−−−−−− −−−−−−−−−−− −−−−−−−−−−− −−−−−−−−−− 1 2 server −

1.

Cisco − Understanding and Configuring VLAN Trunk Protocol (VTP)

Page 28: Understanding and Configuring VLAN Trunk Protocol (VTP)

Vlan−count Max−vlan−storage Config Revision Notifications−−−−−−−−−− −−−−−−−−−−−−−−−− −−−−−−−−−−−−−−− −−−−−−−−−−−−−5 1023 0 disabled

Last Updater V2 Mode Pruning PruneEligible on Vlans−−−−−−−−−−−−−−− −−−−−−−− −−−−−−−− −−−−−−−−−−−−−−−−−−−−−−−−−0.0.0.0 disabled disabled 2−1000clic (enable)

Configure the domain name, which is test in this example, and create two VLANs.

The configuration revision number goes up to 2:

clic (enable) set vtp domain test

VTP domain test modified

clic (enable) set vlan 2

Vlan 2 configuration successful

clic (enable) set vlan 3

Vlan 3 configuration successful

clic (enable) show vtp domain

Domain Name Domain Index VTP Version Local Mode Password−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−− −−−−−−−−−−−− −−−−−−−−−−− −−−−−−−−−−− −−−−−−−−−−test 1 2 server −

Vlan−count Max−vlan−storage Config Revision Notifications−−−−−−−−−− −−−−−−−−−−−−−−−− −−−−−−−−−−−−−−− −−−−−−−−−−−−−7 1023 2 disabled

Last Updater V2 Mode Pruning PruneEligible on Vlans−−−−−−−−−−−−−−− −−−−−−−− −−−−−−−− −−−−−−−−−−−−−−−−−−−−−−−−−0.0.0.0 disabled disabled 2−1000clic (enable)

2.

Change the domain name from test to cisco.

The configuration revision number is back to 0, and all the VLANs are still present:

clic (enable) set vtp domain cisco

VTP domain cisco modified

clic (enable) show vtp domain

Domain Name Domain Index VTP Version Local Mode Password−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−− −−−−−−−−−−−− −−−−−−−−−−− −−−−−−−−−−− −−−−−−−−−−cisco 1 2 server −

Vlan−count Max−vlan−storage Config Revision Notifications−−−−−−−−−− −−−−−−−−−−−−−−−− −−−−−−−−−−−−−−− −−−−−−−−−−−−−7 1023 0 disabled

Last Updater V2 Mode Pruning PruneEligible on Vlans−−−−−−−−−−−−−−− −−−−−−−− −−−−−−−− −−−−−−−−−−−−−−−−−−−−−−−−−0.0.0.0 disabled disabled 2−1000

3.

Change the VTP domain name from cisco back to test.4.

Cisco − Understanding and Configuring VLAN Trunk Protocol (VTP)

Page 29: Understanding and Configuring VLAN Trunk Protocol (VTP)

The configuration revision is 0. There is no risk that anything can be erased, and all the previouslyconfigured VLANs remain:

clic (enable) set vtp domain test

VTP domain test modified

clic (enable) show vtp domain

Domain Name Domain Index VTP Version Local Mode Password−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−− −−−−−−−−−−−− −−−−−−−−−−− −−−−−−−−−−− −−−−−−−−−−test 1 2 server −

Vlan−count Max−vlan−storage Config Revision Notifications−−−−−−−−−− −−−−−−−−−−−−−−−− −−−−−−−−−−−−−−− −−−−−−−−−−−−−7 1023 0 disabled

Last Updater V2 Mode Pruning PruneEligible on Vlans−−−−−−−−−−−−−−− −−−−−−−− −−−−−−−− −−−−−−−−−−−−−−−−−−−−−−−−−0.0.0.0 disabled disabled 2−1000clic (enable)

Reset the Configuration Revision using VTP mode

Complete these steps in order to reset the configuration revision number with the change of the VTP mode:

Issue this command in order to see that the configuration is empty:

clic (enable) show vtp domain

Domain Name Domain Index VTP Version Local Mode Password−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−− −−−−−−−−−−−− −−−−−−−−−−− −−−−−−−−−−− −−−−−−−−−− 1 2 server −

Vlan−count Max−vlan−storage Config Revision Notifications−−−−−−−−−− −−−−−−−−−−−−−−−− −−−−−−−−−−−−−−− −−−−−−−−−−−−−5 1023 0 disabled

Last Updater V2 Mode Pruning PruneEligible on Vlans−−−−−−−−−−−−−−− −−−−−−−− −−−−−−−− −−−−−−−−−−−−−−−−−−−−−−−−−0.0.0.0 disabled disabled 2−1000clic (enable)

1.

Configure the domain name, which is test in this example, and create two VLANs.

The configuration revision number goes up to 2:

clic (enable) set vtp domain test

VTP domain test modified

clic (enable) set vlan 2

Vlan 2 configuration successful

clic (enable) set vlan 3

Vlan 3 configuration successful

clic (enable) show vtp domain

Domain Name Domain Index VTP Version Local Mode Password

2.

Cisco − Understanding and Configuring VLAN Trunk Protocol (VTP)

Page 30: Understanding and Configuring VLAN Trunk Protocol (VTP)

−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−− −−−−−−−−−−−− −−−−−−−−−−− −−−−−−−−−−− −−−−−−−−−−test 1 2 server −

Vlan−count Max−vlan−storage Config Revision Notifications−−−−−−−−−− −−−−−−−−−−−−−−−− −−−−−−−−−−−−−−− −−−−−−−−−−−−−7 1023 2 disabled

Last Updater V2 Mode Pruning PruneEligible on Vlans−−−−−−−−−−−−−−− −−−−−−−− −−−−−−−− −−−−−−−−−−−−−−−−−−−−−−−−−0.0.0.0 disabled disabled 2−1000clic (enable)

Change the VTP mode from server to transparent.

The configuration revision number is back to 0, and all the VLANs are still present:

clic (enable) set vtp mode transparent

VTP domain test modified

clic (enable) show vtp domain

Domain Name Domain Index VTP Version Local Mode Password−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−− −−−−−−−−−−−− −−−−−−−−−−− −−−−−−−−−−− −−−−−−−−−−test 1 2 transparent −

Vlan−count Max−vlan−storage Config Revision Notifications−−−−−−−−−− −−−−−−−−−−−−−−−− −−−−−−−−−−−−−−− −−−−−−−−−−−−−7 1023 0 disabled

Last Updater V2 Mode Pruning PruneEligible on Vlans−−−−−−−−−−−−−−− −−−−−−−− −−−−−−−− −−−−−−−−−−−−−−−−−−−−−−−−−0.0.0.0 disabled disabled 2−1000

3.

Change the VTP mode from transparent to server or client.

The configuration revision is 0. There is no risk that anything can be erased, and all the previouslyconfigured VLANs remain:

clic (enable) set vtp mode server

VTP domain test modified

clic (enable) show vtp domain

Domain Name Domain Index VTP Version Local Mode Password−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−− −−−−−−−−−−−− −−−−−−−−−−− −−−−−−−−−−− −−−−−−−−−−test 1 2 server −

Vlan−count Max−vlan−storage Config Revision Notifications−−−−−−−−−− −−−−−−−−−−−−−−−− −−−−−−−−−−−−−−− −−−−−−−−−−−−−7 1023 0 disabled

Last Updater V2 Mode Pruning PruneEligible on Vlans−−−−−−−−−−−−−−− −−−−−−−− −−−−−−−− −−−−−−−−−−−−−−−−−−−−−−−−−0.0.0.0 disabled disabled 2−1000clic (enable)

4.

All Ports Inactive After Power Cycle

Switch ports move to the inactive state when they are members of VLANs that do not exist in the VLANdatabase. A common issue is that all the ports move to this inactive state after a power cycle. Generally, you

Cisco − Understanding and Configuring VLAN Trunk Protocol (VTP)

Page 31: Understanding and Configuring VLAN Trunk Protocol (VTP)

see this when the switch is configured as a VTP client with the uplink trunk port on a VLAN other thanVLAN 1. Because the switch is in VTP client mode, when the switch resets, it loses its VLAN database andcauses the uplink port and any other ports that were not members of VLAN 1 to go into inactive mode.Complete these steps in order to solve this problem:

Temporarily change the VTP mode to transparent.

switch (enable) set vtp mode transparent

VTP domain austinlab modifiedswitch (enable)

1.

Add the VLAN to which the uplink port is assigned to the VLAN database.

Note: This example assumes that VLAN 3 is the VLAN that is assigned to the uplink port.

switch (enable) set vlan 3

VTP advertisements transmitting temporarily stopped,and will resume after the command finishes.Vlan 3 configuration successfulswitch (enable)

2.

Change the VTP mode back to client after the uplink port begins forwarding.

switch (enable) set vtp mode client

VTP domain austinlab modified

3.

After you complete these steps, VTP should repopulate the VLAN database from the VTP server. Therepopulation moves all ports that were members of VLANs that the VTP server advertised back into the activestate.

Trunk Down, Which Causes VTP Problems

Remember that VTP packets are carried on VLAN 1, but only on trunks (ISL, dot1q, or LAN emulation[LANE]).

If you make VLAN changes during a time when you have a trunk down or when LANE connectivity is downbetween two parts of your network, you can lose your VLAN configuration. When the trunk connectivity isrestored, the two sides of the network resynchronize. Therefore, the switch with the highest configurationrevision number erases the VLAN configuration of the lowest configuration revision switch.

VTP and STP (Logical Spanning Tree Port)

When you have a large VTP domain, you also have a large STP domain. VLAN 1 must span through thewhole VTP domain. Therefore, one unique STP is run for that VLAN in the whole domain.

When VTP is used and a new VLAN is created, the VLAN is propagated through the entire VTP domain. TheVLAN is then created in all switches in the VTP domain. All Cisco switches use PVST, which means that theswitches run a separate STP for each VLAN. This adds to the CPU load of the switch. You must refer to themaximum number of logical ports (for the STP) that are supported on the switch in order to have an idea ofthe number of STPs that you can have on each switch. The number of logical ports is roughly the number ofports that run STP.

Note: A trunk port runs one instance of STP for each active VLAN on the trunk.

Cisco − Understanding and Configuring VLAN Trunk Protocol (VTP)

Page 32: Understanding and Configuring VLAN Trunk Protocol (VTP)

You can perform a rapid evaluation of this value for your switch with this formula:

(Number of active VLANs x Number of trunks) + Number of access ports

This number, the maximum number of logical ports for STP, varies from switch to switch and is documentedin the release notes for each product. For example, on a Catalyst 5000 with a Supervisor Engine 2, you canhave a maximum of 1500 STP instances. Each time you create a new VLAN with VTP, the VLAN ispropagated by default to all switches and is subsequently active on all ports. You might need to pruneunnecessary VLANs from the trunk in order to avoid inflation of the number of logical ports.

Note: Pruning unnecessary VLANs from the trunk can be done with one of two methods:

Manual pruning of the unnecessary VLAN on the trunk�This is the best method, and it avoids theuse of the spanning tree. Instead, the method runs the pruned VLAN on trunks. The VTP Pruningsection of this document describes manual pruning further.

VTP pruning�Avoid this method if the goal is to reduce the number of STP instances. VTP−prunedVLANs on a trunk are still part of the spanning tree. Therefore, VTP−pruned VLANs do not reducethe number of spanning tree port instances.

VTP Pruning

VTP pruning increases the available bandwidth. VTP pruning restricts flooded traffic to those trunk links thatthe traffic must use in order to access the appropriate network devices. By default, VTP pruning is disabled.The enablement of VTP pruning on a VTP server enables pruning for the entire management domain. The setvtp pruning enable command prunes VLANs automatically and stops the inefficient flooding of frameswhere the frames are not needed. By default, VLANs 2 through 1000 are pruning eligible. VTP pruning doesnot prune traffic from pruning−ineligible VLANs. VLAN 1 is always pruning ineligible; traffic from VLAN 1cannot be pruned.

Note: Unlike manual VLAN pruning, automatic pruning does not limit the spanning tree diameter.

All devices in the management domain must support VTP pruning in order for VTP pruning to be effective.On devices that do not support VTP pruning, you must manually configure the VLANs that are allowed ontrunks. You can perform manual pruning of the VLAN from the trunk with the clear trunk mod/portcommand and the clear trunk vlan_list command. For example, you can choose to only allow, on each trunk,a core switch to the VLANs that are actually needed. This helps to reduce the load on the CPUs of all switches(core switches and access switches) and avoids the use of STP for those VLANs that extend through the entirenetwork. This pruning limits STP problems in the VLAN.

This is an example:

Topology�The topology is two core switches that are connected to each other, each with 80 trunkconnections to 80 different access switches. With this design, each core switch has 81 trunks, andeach access switch has two uplink trunks. This assumes that access switches have, in addition to thetwo uplinks, two or three trunks that go to a Catalyst 1900. This is a total of four to five trunks peraccess switch.

Platform�Core switches are Catalyst 6500s with Supervisor Engine 1A and Policy Feature Card 1(PFC1) that run software release 5.5(7). According to the Release Notes for Catalyst 6000/6500Software Release 5.x, this platform cannot have more than 4000 STP logical ports.

Access switches�Access switches are either:

Catalyst 5000 switches with Supervisor Engine 2, which do not support more than 1500 STPlogical ports

Cisco − Understanding and Configuring VLAN Trunk Protocol (VTP)

Page 33: Understanding and Configuring VLAN Trunk Protocol (VTP)

Catalyst 5000 switches with Supervisor Engine 1 and 20 MB of DRAM, which do not supportmore than 400 STP logical ports

Number of VLANs�Remember to use VTP. A VLAN on the VTP server is created on all switches inthe network. If you have 100 VLANs, the core must handle roughly 100 VLANs x 81 trunks = 8100logical ports, which is above the limit. The access switch must handle 100 VLANs x 5 trunks = 500logical ports. In this case, Catalysts in the core exceed the supported number of logical ports, andaccess switches with Supervisor Engine 1 are also above the limit.

Solution�If you assume that only four or five VLANs are actually needed in each access switch, youcan prune all the other VLANs from the trunk on the core layer. For example, if only VLANs 1, 10,11, and 13 are needed on trunk 3/1 that goes to that access switch, the configuration on the core is:

Praha> (enable) set trunk 1/1 des

Port(s) 1/1 trunk mode set to desirable.

Praha> (enable) clear trunk 1/1 2−9,12,14−1005

Removing Vlan(s) 2−9,12,14−1005 from allowed list.Port 1/1 allowed vlans modified to 1,10,11,13.

Praha> (enable) clear trunk 1/1 2−9,12,14−1005

Note: Even if you do not exceed the number of allowed logical ports, prune VLANs from a trunk.The reason is that an STP loop in one VLAN only extends where the VLAN is allowed and does notgo through the entire campus. The broadcast in one VLAN does not reach the switch that does notneed the broadcast. In releases that are earlier than software release 5.4, you cannot clear VLAN 1from trunks. In later releases, you can clear VLAN 1 with this command:

Praha> (enable) clear trunk 1/1 1

Default vlan 1 cannot be cleared from module 1.

The Case of VLAN 1 section of this document discusses techniques on how to keep VLAN 1 fromspanning the whole campus.

The Case of VLAN 1

You cannot apply VTP pruning to VLANs that need to exist everywhere and that need to be allowed on allswitches in the campus, in order to be able to carry VTP, Cisco Discovery Protocol [CDP] traffic, and othercontrol traffic. But, there is a way to limit the extent of VLAN 1. The feature is called VLAN 1 disable ontrunk. The feature is available on Catalyst 4500/4000, 5500/5000, and 6500/6000 series switches in CatOSsoftware release 5.4(x) and later. The feature allows you to prune VLAN 1 from a trunk, as you do for anyother VLAN. This pruning does not include all the control protocol traffic that is still allowed on the trunk(DTP, PAgP, CDP, VTP, and others). But, the pruning does block all user traffic on that trunk. With thisfeature, you can keep the VLAN from spanning the entire campus. STP loops are limited in extent, even inVLAN 1. Configure VLAN 1 to be disabled, as you would configure other VLANs to be cleared from thetrunk:

Console> (enable) set trunk 2/1 desirable

Port(s) 2/1 trunk mode set to desirable.

Console> (enable) clear trunk 2/1 1

Removing Vlan(s) 1 from allowed list.Port 2/1 allowed vlans modified to 2−1005.

Cisco − Understanding and Configuring VLAN Trunk Protocol (VTP)

Page 34: Understanding and Configuring VLAN Trunk Protocol (VTP)

Troubleshoot VTP Configuration Revision Number Errors That Are Seenin the show vtp statistics Command Output

VTP is designed for an administrative environment in which the VLAN database for the domain is changed atonly one switch at any one time. It assumes that the new revision propagates throughout the domain beforeanother revision is made. If you change the database simultaneously on two different devices in theadministrative domain, you can cause two different databases to be generated with the same revision number.These databases propagate and overwrite the existing information until they meet at an intermediate Catalystswitch on the network. This switch cannot accept either advertisement because the packets have the samerevision number but a different MD5 value. When the switch detects this condition, the switch increments theNo of config revision errors counter.

Note: The show vtp statistics command output in this section provides an example.

If you find that the VLAN information is not updated on a certain switch, or if you encounter other, similarproblems, issue the show vtp statistics command. Determine if the count of VTP packets with configurationrevision number errors is increasing:

Console> (enable) show vtp statistics

VTP statistics:summary advts received 4690subset advts received 7request advts received 0summary advts transmitted 4397subset advts transmitted 8request advts transmitted 0No of config revision errors 5No of config digest errors 0VTP pruning statistics:Trunk Join Transmitted Join Received Summary advts received from non−pruning−capable device−−−−−−−− −−−−−−−−−−−−−−− −−−−−−−−−−−−− −−−−−−−−−−−−−−−−−−−−−−−−−−− 1/1 0 0 0 1/2 0 0 0Console> (enable)

If you observe a configuration revision error, you can resolve this problem if you change the VLAN databasein some way so that a VTP database with a higher revision number than the revision number of the competingdatabases is created. For example, on the switch that acts as the primary VTP server, add or delete a falseVLAN in the administrative domain. This updated revision is propagated throughout the domain andoverwrites the database at all devices. When all the devices in the domain advertise an identical database, theerror no longer appears.

Troubleshoot VTP Configuration Digest Errors That Are Seen in theshow vtp statistics Command Output

This section addresses how to troubleshoot VTP configuration digest errors that you see when you issue theshow vtp statistics command. This is an example:

Console> (enable) show vtp statistics

VTP statistics:summary advts received 3240subset advts received 4request advts received 0

Cisco − Understanding and Configuring VLAN Trunk Protocol (VTP)

Page 35: Understanding and Configuring VLAN Trunk Protocol (VTP)

summary advts transmitted 3190subset advts transmitted 5request advts transmitted 0No of config revision errors 0 No of config digest errors 2VTP pruning statistics:Trunk Join Transmitted Join Received Summary advts received from non−pruning−capable device−−−−−−−− −−−−−−−−−−−−−−− −−−−−−−−−−−−− −−−−−−−−−−−−−−−−−−−−−−−−−−− 1/1 0 0 0 1/2 0 0 0Console> (enable)

The general purpose of an MD5 value is to verify the integrity of a received packet and to detect any changesto the packet or corruption of the packet during transit. When a switch detects a new revision number that isdifferent from the currently stored value, the switch sends a request message to the VTP server and requeststhe VTP subsets. A subset advertisement contains a list of VLAN information. The switch calculates the MD5value for the subset advertisements and compares the value to the MD5 value of the VTP summaryadvertisement. If the two values are different, the switch increases the No of config digest errorscounter.

A common reason for these digest errors is that the VTP password is not configured consistently on all VTPservers in the VTP domain. Troubleshoot these errors as a misconfiguration or data corruption issue.

When you troubleshoot this problem, ensure that the error counter is not historical. The statistics menu countserrors since the most recent device reset or the VTP statistics reset.

Unable to Change the VTP Mode of a Switch from Server / Transparent

If the switch is a standalone (that is, not connected to the network), and you want to configure the VTP modeas the client, after reboot, the switch comes up either as a VTP server or VTP transparent, dependent upon theVTP mode of the switch before it was configured as the VTP client. The switch does not allow itself to beconfigured as a VTP client when there is no VTP server nearby.

Conclusion

There are some disadvantages to the use of VTP. You must balance the ease of VTP administration againstthe inherent risk of a large STP domain and the potential instability and risks of STP. The greatest risk is anSTP loop through the entire campus. When you use VTP, there are two things to which you must pay closeattention:

Remember the configuration revision and how to reset it each time that you insert a new switch inyour network so that you do not bring down the entire network.

Avoid as much as possible to have a VLAN that spans the entire network.•

NetPro Discussion Forums − Featured Conversations

Networking Professionals Connection is a forum for networking professionals to share questions, suggestions,and information about networking solutions, products, and technologies. The featured links are some of themost recent conversations available in this technology.

NetPro Discussion Forums − Featured Conversations for LAN

Network Infrastructure: LAN Routing and Switching

Cisco − Understanding and Configuring VLAN Trunk Protocol (VTP)

Page 36: Understanding and Configuring VLAN Trunk Protocol (VTP)

Network Infrastructure: Getting Started with LANs

Related Information

LAN Product Support Pages• LAN Switching Support Page• Technical Support & Documentation − Cisco Systems•

All contents are Copyright © 1992−2006 Cisco Systems, Inc. All rights reserved. Important Notices and Privacy Statement.

Updated: Jan 04, 2007 Document ID: 10558

Cisco − Understanding and Configuring VLAN Trunk Protocol (VTP)