It’s a common discussion about when Cisco VTP protocol is actually forwarded through Cisco switches and when it’s isn’t. I’ve always gotten it somewhat confused and when I stumbled across some old notes on the topic I had an ah-hah moment. I’m answering the question about when using VTP in your network, which versions are risky – that’s risky is terms of how do you prevent VTP updates from ‘crossing’ a switch by explaining how each version works.
There are three versions of VTP – Version 1, 2 and 3. Each VTP device is configured in Transparent, Client or Server mode (except VTP v3 which has an extra mode – off).
The purpose of VTP is copy the contents of the VLAN Database to neighbouring switches so that VLAN configuration in a given operational domain are synchronised – that way, all VLANs are consistently configured, VLAN names are the same and much more.
Note that VTP was especially useful when first introduced since configuring VLAN over Token Ring and FDDI interfaces was complex, and it took many years for network administrators to understand VLAN configuration. Importantly, VTP was useful to help stabilise Spanning Tree in the early days by ensuring consistentcy, especially in large networks (well, they were large in 1999 anyway….).
Yes, I’m forcing some history down your throat….
A Switch in VTP Server mode will always actively participate in sending and receiving VTP and synchronising the VTP data file. Regardless of version.
A Switch in VTP Client mode will always actively participate in VTP data file synchronisation. Regardless of version.
A switch in VTP v1 Transparent Mode will not send, receive VTP data or participate in file synchronisation.
A switch in VTP v2 Transparent Mode will send, receive VTP data, but doesn’t participate in VTP file synchronisation.
The only configuration that DOES NOT pass VTP packets is a switch configured in VTPv1 Transparent Mode and VTPv3 in off mode.
For VTPv3, the difference is much clearer. VTPv3 has four modes: server, client, transparent and off. The difference between transparent and off is the termination of received VTP messages instead of relaying them. With VTP version 3, off mode can be configured globally or on a per port (for example trunk) base. The off mode was formerly only available with CAT OS. The configuration of off on an interface will apply to all VTP instances.
Also note that VTPv3 will propagate VLANs above 1024, while VTPv1 & 2 do not. Another historical artefact.
The EtherealMind View
I’m a big fan of VTP to reduce the day to day grind of configuring switches but that it isn’t a popular view. I’ve provided some tips for VTP safety in Fate Sharing, Failure Domains and Why VTP Is Awesome and how to mitigate that risk.
I’ve previously looked at VTPv3 in VTP Making a Comeback:VTPv3 which makes VTP safe.
You should take time to have a another look and consider the benefits of better operation instead of focussing on one bad experience.
Move on, people, move on.