CCNP – SWITCH – Study Notes #1 – VTP – Part 1

Alright, lets kick this study series off on a low note: VTP. Short for VLAN Trunking Protocol.

VTP is one of those things that is pretty horrible, really no way around that. If the idea of saving a couple of seconds of configuration time for the low low price of crippling your network in about 3 seconds sounds appealing to you, then read on. Or, if you are studying SWITCH, then also read on, because Cisco insists that you learn this.

Quick Overview

VTP is a protocol where switches can communicate with each other to decide what VLANs should be active on the switch and, if pruning is enabled, what VLANs should be active on a trunk link.

Note that VTP only communications over trunks – either statically configured trunk links or trunk links that are set up by Dynamic Trunking Protocol (DTP). VTP will not communicate over access or routed ports.

VTP will also not assign any of your access ports to a VLAN. VTP will also not work with private VLANs.

Some Cisco documentation on VTP is here.

For VTP to synchronize the switches need to be configured to be in the same VTP domain and have the same password settings.


There are 3 versions of VTP, Version 1, Version 2 and Version 3.

You change the version with the command:

switch(config)#vtp version {1 | 2 | 3}

Version 2 only allows you to configure VLANs 1 to 1001. Version 3 adds 1006 to 4094. Note that 1002 to 1005 are reserved VLANs.

Often the exam materials states that to synchronize VTP must have the same domain, security and version, but that’s not strictly accurate.

Version 3 is backwards compatible with Version 2. The Version 3 switch will send out a limited packet on a port that is connected to a Version 2 switch. Version 3 is not backwards compatible with Version 1.

If you are running VTP version 2 on a Server, and a Client is running version 1, the client will upgrade itself to version 2 automatically and hence they will still synchronize.

Modes of Operation

VTP has 3 modes of operation: transparent, server and client.

You change your mode with the command:

switch(config)#vtp mode {transparent | server | client}


Strictly speaking there is also the vtp mode off on CatOS switches, which will not forward VTP frames. I have never seen any reference to this in any SWITCH study material, so you probably don’t need to know that for the exam.



Transparent mode disables VTP on the switch, however, it will still forward VTP frames (if it’s VTP version 2 or 3). That means you can have 2 VTP switches connected via a transparent switch and the 2 VTP switches will still synchronize VLAN databases.

For Cisco exam speak you should know that Transparent switches “don’t participate in VTP”. Strictly, I don’t think that’s true, if they are forwarding VTP frames, they are still “participating”, albeit in a passive manner. Cisco exams disagree with me, so probably best to remember that.

On any sane operational network, this is the mode of operation you should use, as it’s the only mode that doesn’t have the potential to kill your entire network the minute you plug the wrong thing in.

If you need Private-VLANs this is the mode you need to be in.


Next mode is Server. On a VTP Server switch you can make changes such as adding or removing VLANs and turning pruning on or off (will get to this later).

VTP Version 3 also has the concept of a Primary Server. In VTP Version 3 the Primary Server is the only switch which can make changes. This help prevent some of the horrible VTP Auto-destruct features.


The last mode is Client. On a Client switch, you can’t make any changes to your VLAN database, the client requires communications to a server to get updates.


VTP domain (or VLAN management domain) is configured with the command:

switch(config)#vtp domain (domain-name)

The domain name must match on switches for them to synchronize. The default value for a switch is vtp domain Null. If a switch is not configured for a VTP domain (ie, it’s still null) and it receives a VTP packet it will reconfigure itself to whatever domain was in the VTP packet.



You can configure a password for your VTP domain with:

switch(config)#vtp password (password)

Passwords are optional but must match on all switches within the domain. The vtp password command configures an MD5 has to be sent with all VTP advertisements.

And next time on the VTP show…

Stay tuned, next VTP post will contain a some information on VTP pruning and how VTP synchronizes.

This entry was posted in CCNP, Study by Tom. Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *