Tuesday, May 27, 2008

VLAN Trunk Protocol (VTP) Basics

VLAN Trunk Protocol, or VTP, helps us to keep the VLAN Database consistent between our network. Some peaple just love it, others not so much... I use VTP when needed... But with carefull, one simple mistake, and you can bring your entire network down! (well... not that dramatic, but you can have a BIG headache with it!).

So, what VTP can do for us?! Well... it "propagates" the VLANs created in one Switch in the domain (acting as server) to other switches in the same domain (either acting as server or client), VTP makes adding, deleting and distributing vlan database easy.

Lets step back a while... How many VTP Modes exists?! There are three in fact, Server, Client and Transparent:

VTP 1

All changes made in a Switch working in the VTP Transparent Mode are locally significant.

Some general rules about VTP:

- VTP packets are only carried on trunks in vlan 1;

- VTP domain name is case sensitive;

- VTP only ‘services’ vlan 1-1005;

- Switch needs to be in VTP transparent mode if extended range vlans (1006-4094) are to be used.

VTP keeps tracks about the changes by checking the revision number (the higher the revision number, the newer the database version).

So far it looks great, but let´s supose you have a network working with the VTP Domain Cisco with no password set, and a revision number 13 (the revision number increases by 1 each time you make any changes in the VLAN Database).

Good, also supose you have a LAB with some switches used for training purposes, like new engineers, and they spent all day long creating, adding, changing vlans on that switch, and off course, they´ll set the same VTP Domain as in your production network... Ok, no problem! The switch is not connected, is just a stand alone switch used for training your future co-worker friend! But what happen if  he wants to check his email and for instance, connect the switch to the production network?! Well! This is where the danger lives! The Revision Number is much higher than 13, so your production switches will replace their database by this new one from the LAB Switch! And that can crash a network in just a few seconds!!!

Ok... so... am I not suppose to use VTP to avoid this kind of problem?! Well... if you have just a few VLANs yes... but if we´re talking about 100, or even 200, 300 vlans?! You´re going to add it manually in each switch in the network?! If you have 5 switches, you´ll have a LOT of work!

Some basic rules must be followed to avoid this kind of problem:

- Set the VTP Domain and also set the VTP Password;

- Have only ONE VTP Server in the network and made the changes just in it;

- When you add a new switch to a production network, reset the revision number (every time you change the VTP Domain name, the revision number gets reseted to 0);

- Only connect a new switch in the mode client (with the revision number reseted).

Taking care about it will make your life easier, and will help you to keep your job! :)

Will post some examples output later in the week...

1 comment:

Anonymous said...

thanks for the info, I'm troubleshooting my LAN...got everything correct (domain/client) but not getting updates, I'll try to reset my revision number when I get back by changing the domain name.