VLAN Trunking Protocol
VLAN Trunking Protocol (VTP) is a Cisco proprietary protocol that propagates the definition of Virtual Local Area Networks (VLAN) on the whole local area network. To do this, VTP carries VLAN information to all the switches in a VTP domain. VTP advertisements can be sent over ISL, 802.1Q, IEEE 802.10 and LANE trunks. VTP is available on most of the Cisco Catalyst Family products. Using VTP, each Catalyst Family Switch advertises the following on its trunk ports:
- Management domain
- Configuration revision number
- Known VLANs and their specific parameters
There are three versions of VTP, namely version 1, version 2, version 3.
On Cisco Devices, VTP (VLAN Trunking Protocol) maintains VLAN configuration consistency across the entire network. VTP uses Layer 2 trunk frames to manage the addition, deletion, and renaming of VLANs on a network-wide basis from a centralized switch in the VTP server mode. VTP is responsible for synchronizing VLAN information within a VTP domain and reduces the need to configure the same VLAN information on each switch.
VTP minimizes the possible configuration inconsistencies that arise when changes are made. These inconsistencies can result in security violations, because VLANs can cross connect when duplicate names are used. They also could become internally disconnected when they are mapped from one LAN type to another, for example, Ethernet to ATM LANE ELANs or FDDI 802.10 VLANs. VTP provides a mapping scheme that enables seamless trunking within a network employing mixed-media technologies.
VTP provides the following benefits:
- VLAN configuration consistency across the network
- Mapping scheme that allows a VLAN to be trunked over mixed media
- Accurate tracking and monitoring of VLANs
- Dynamic reporting of added VLANs across the network
- Plug-and-play configuration when adding new VLANs
As beneficial as VTP can be, it does have disadvantages that are normally related to the spanning tree protocol (STP) as a bridging loop propagating throughout the network can occur. Cisco switches default run an instance of STP for each VLAN, and since VTP propagates VLANs across the campus LAN, VTP effectively creates more opportunities for a bridging loop to occur.
Before creating VLANs on the switch that will propagate via VTP, a VTP domain must first be set up. A VTP domain for a network is a set of all contiguously trunked switches with the matching VTP settings (domain name, password and VTP version). All switches in the same VTP domain share their VLAN information with each other, and a switch can participate in only one VTP management domain. Switches in different domains do not share VTP information. Non-matching VTP settings might result in issues in negotiating trunks, port-channels or VPC.
Another, even greater concern with VTP is the issue known colloquially as the "VTP Bomb". When a new switch is added to the network, by default it is configured with no VTP domain name or password, but in VTP server mode. If no VTP Domain Name has been configured, it assumes the one from the first VTP packet it receives. Since a new switch has a VTP configuration revision of 0, it will accept any revision number as newer and overwrite its VLAN information if the VTP passwords match. However, if you were to accidentally connect a switch to the network with the correct VTP domain name and password but a higher VTP revision number than what the network currently has, then the entire network would adopt the VLAN configuration of the new switch - likely bringing down your entire network, or at least that VTP domain.
- VLAN access control list Nguyễn Thị Văn Thọ
- Understanding VLAN Trunk Protocol (VTP) at Cisco.