10. VTP VLAN Trunking Protocol
In this lecture you’ll learn about VTP, the VLAN trunking protocol. It allows you to add, edit or delete VLANs on switches which are configured as VTP servers, and then other switches which are configured as VTP clients will synchronize their VLAN database with the servers. So say you go onto a VTP server server, there’s no configuration on any of your switches yet, and on the server you create VLAN engine and VLAN sales. That configuration will be pushed to the VTP client switches. So it saves you having to create all your VLANs and all of your different switches. And if later on you don’t need the sales VLAN anymore, you can delete it on a BTP server and it will be automatically deleted on all of the clients.
Or if maybe it was VLAN number ten before and you change it to VLAN number 100, that information would also be synchronized across all of your switches. So it can be convenient. If you manage a large campus with a lot of switches there. You’re still going to need to perform the port level VLAN configuration though. The switches can’t somehow magically know which physical port needs to be in the engine or the sales VLAN. So you’ll still need to go and do your part level access port or trunk port configuration, but it saves you having to configure the VLAN database on all of your different switches. Now, be very careful if you do use VTP, because it doesn’t just allow you to add VLANs.
You can delete and edit VLANs as well. So if you accidentally introduce a switch with a higher VLAN database revision number, and it doesn’t have all of your production VLANs on there, like, say you’re currently using VLAN engine VLAN sales, and then you go and get an old switch out of the cupboard which doesn’t have VLAN engine and VLAN sales on there. And this switch happens to be a VTP server, which is the default, and it’s got a higher revision number and it doesn’t have the VLANs on there. Well, when you plug it into your campus, it will update the other switches, they will delete the engine and the sales VLANs, and you’ve just dropped all of your PCs off of the network.
That would be a very bad day at the office. That would be a career limiting mistake to make. So do be careful if you are using VTP. If you use both DTP and VTP we covered DTP in the last lecture. The VTP domain name has to match on neighbor switches for trunks to be formed by DTP. It’s not recommended to use DTP anyway. You should be manually configuring your trunk parts.
The different VTP modes that you’ve got are VTP server, VTP client, and VTP transparent. On a switch which is configured as a VTP server, you can add, edit or delete VLANs. A VTP server will synchronize its VLAN database from another server with a higher revision number. So you don’t have to just have one master server there. You can have multiple servers for redundancy, but only one of them is going to be the actual copy of the VLAN database. Whichever one has got the highest revision number will act as the master. Next type was a VTP client. On a VTP client, you cannot add, edit or delete VLANs. It can only get the information from a server.
A VTP client will synchronize its VLAN database from the server with the highest revision number. And finally we’ve got VTP transparent.
A switch configured as VTP transparent does not participate in the VTP domain. It does not advertise or learn VLAN information, but it will pass it on. So if you’ve got a VTP server and a VTP client, and there’s a VTP transparent switch in the middle, it will pass on the server information downstream to the client. On your VTP transparent switch, you can add, edit or delete VLANs, which is in its own local VLAN database. So it doesn’t participate in the domain, it’s just independent on its own. Now, while we’re talking about that, let’s look at how VTP Coexistence works with your different modes of switches. Because this is something that confused me when I was first learning about VTP.
So in our example here, we’ve got the VTP server up at the top and the other switches downstream from there are VTP clients apart from the VTP transparent switch. So on the VTP server, for our example network here, we need the engineering and the sales VLAN. So we configure the engineering and the sales VLAN. On the VTP server, the client switches will synchronize their database. So they will learn about that VLAN and they will add it to their database. The VTP client down in the bottom right will also learn the information as well, because the VTP transparent switch will pass it on to it.
But the VTP transparent switch will not update its VLAN database. It will not add the engine and the sales VLANs just because that was configured on the server. So on the VTP transparent switch, you need to add the VLANs there as well. So on the VTP server, you manually add the engine sales VLANs. And on VTP Transparent, because it’s still in the campus, it still has PCs in the sales and engineering VLANs, it needs to know about them. You add the VLANs there as well. The VDP configuration, you need to specify the VTP domain. So here we’ve said VTP domain flatbox and then to set the mode, it’s either VTP mode server or VTP mode client or VTP mode transparent. And the default mode is VTP server. To add your VLANs, you know this information already.
For example VLAN 20 name sales. So our configuration in this last example, on the VTP clients, we would say VTP domain flatbox and then VTP mode client. On the VTP server we would say VTP domain flatbox and VTP mode server on transparent we would say VTP mode transparent. Then on the server we would configure VLAN ten and VLAN 20. And on the transparent switch we would also configure VLAN ten and VLAN 20 there. Then all of the switches would know about all of the different VLANs. We would just need to configure them down at the port level. Put the actual client PCs in the correct access port. Okay? That is the whole thing for VTP part. From verification to verify it, show VTP status. That will show you what the domain name is, also what the mode is, whether it’s a client server or transparent, and also the current revision number. Okay, so that’s the theory for BTP in the next lecture. We’ll configure it in the lab.
11. VTP Lab Demo
In this lecture you’ll learn how to configure VTP, the VLAN trunking protocol with a lab demo. So I’ve got the usual lab topology here. I’ve got my three switches, switch one through to switch three. Right now I’ve configured trunks between each of the switches. But that’s all of the configuration that I’ve done. One, I haven’t created any VLANs anywhere and I haven’t created any access ports. So let’s verify that. So I’ll go on to switch one and if I do a show running here and go down to the configuration for interface gigabit ethernet, zero slash one, you can see that I’ve configured it as a trunk port.
And the only VLAN that is configured right now is VLAN one nine nine for the native VLAN. So if I do a show VLAN brief, you can see that the sales and the engine VLANs have not been created yet. So I created the native VLAN so that I could do my trunk configuration. So that’s how it’s configured on switch one. It’s the same on switch two and switch three. And if I do a show VTP status on here, I haven’t changed this. So this is going to be the default where the VLAN domain name is currently null, there isn’t one and the VTP mode is server.
That’s the same on all of the switches. What I want to do in this lab, we have to look at the topology again. I’m going to configure switch one as VTP server. Switch two will be VTP transparent and switch three will be VTP client. So I’ll configure the VLANs on the server. The VTP transparent switch two should pass that information on to the client and the VLAN should show up there. I’m also going to need to configure the VLANs on switch two because it’s in transparent mode. So let’s go from right to left. I’ll configure the VTP client first. So I’ll go on to switch three. I’ll just do a show VLAN brief on here. So you can see there’s no VLANs there yet and I show VTP status and it’s the default of no domain name and it is currently a server. So on here I will say VTP domain. Let’s make it flatbox and I need to go to global configuration before I can do that.
So VTP domain flackbox and VTP mode client. So I get a confirmation message that it’s changed it to Flackbox and it’s changed it to client mode. I’ll do a do show VTP status and I should see that it’s changed. So there is the domain name and it’s client mode. So that is switch three configured. Next I will do switch two. So on switch two, I don’t want it to participate in the VTP domain if I do a show VTP status. It’s also the default settings. Actually, what’s happened here on switch too is that it has picked up the domain name from the other switch which is flatbox and it’s still a server, which is the default. So I’ll go to global configuration here and I will say VTP mode transparent. So it’s going to be independent for its VLAN configuration now. And I do show VTP status just to verify that it did take that.
And yes, it is now transparent. The last one to do is switch one. And on switch one let’s do a show VTP status again. And I see that it’s picked up the domain name as well of Flackbox. So I’ll go to global config and if I do a VTP domain flackbox in here, it’s going to tell me that the domain name was already set to that. And I’ll say VTP mode server and it’s going to tell me it was already a server. Okay, so that is VTP set up. All I need to do now is actually configure my VLANs. Again. I’ll do show VLAN brief. I don’t have any VLANs configured yet apart from the native VLAN for my trunks. So on the server I’ll say VLAN ten named and VLAN 20 name sales. And if I now look in the VLAN database here, if I show VLAN brief I can see that those VLANs have been created. If I go over onto switch three now, it didn’t have any VLANs previously. I just scrolled up there. You can see that the engine, the sales VLANs weren’t there before. But if I do a show VLAN brief now I can see that it has learned about the engine and the sales VLANs from the server. If I go on to switch to and I do a show VLAN brief on here, the VLANs aren’t showing up on the urban new ones because it’s transparent, it doesn’t synchronize its database. Okay, next thing to do is to test everything is working. So I will configure the switch ports.
To save me typing this in, I put it into a text file. So let me bring that up. So on switch one interfaces, fast one and two are in the engine VLAN ten and part three is in the sales VLAN. So let me copy this and then paste it in on switch one. And I’ve also got a config ready for switch three where fast one and two are in salesvillan and fast zero three is in the Nvlan. So I’ll copy that and paste that into switch three. Paste that in. Let’s have a look at the topology diagram. So there you see the inch PCs. I’ve configured their access ports now on switch one and on switch three as well for inch three. And I’ve also configured my access ports for sales as well.
So now if I go on to the engine one PC and I’ll try to ping ten 1012, which is inc three which is on the other far end switch and when I try this, it’s going to fail. And the reason for that is if I go back onto the switches again, you’ll see on switch three. If I do a show VLAN brief, I’ve got the engine, the sales VLANs, and I’ve also put my clients into the correct access VLAN. So that was on switch three and the same thing on switch one, show VLAN brief, it knows about the VLANs and the clients are put into the correct VLAN. The problem is if I have a look at switch two, if I can find it in here when I do a show VLAN briefing here, it doesn’t know about sales in the engine VLANs because this is VTP transparent.
So looking at the topology diagram again, it comes in from switch one to switch two tagged with a one Q tag of the engine VLAN. But switch two doesn’t know about the VLAN. So that’s why the traffic is failing right now. So I need to go on to switch two. And in global configuration, because it’s transparent, I need to add my VLANs here as well. So I’ll say VLAN ten name engine and VLAN 20 name sales. If I now go back onto my engineering PC, try the ping again, it will probably fail for a little while. I need to give this a second to come up. So let’s just watch the request time out and it might take a few pings.
I might even have to do the ping again before it’s going to actually come up and allow the traffic through. Okay, there we go. So the last one succeeded. And if I do the ping again, I’ll see they’re all going to work now. So I’ve now got end to end connectivity between my NPCs. Let’s check that sales is working as well. This should also be good. So I’m on sales one. I will pay sales free. So sales one is on switch three. Sales three is on switch one. On the other side, it’s at ten dot ten dot 2012. And this works just fine too. So I’ve got end to end connectivity between my PCs in the same VLANs. But if I go on a sales PC and I try to ping an engineering PC, this is going to fail because it’s in a different item subnet. And if we have a look at our topology diagram, I don’t have a router yet. So we need to configure interval and routing to allow that to work. That’s what we’re going to do in the next lecture.