This is part 2 of a 2-part article. For part 1, click here.

  1. VTP: VTP is a Cisco proprietary Layer 2 messaging protocol that maintains VLAN configuration consistency across a switched network by managing the addition, deletion and renaming of VLANs on a network-wide basis. VTP minimizes misconfigurations and configuration inconsistencies that can cause several problems, such as duplicate VLAN names, incorrect VLAN-type specifications and security violations because it allows VLAN information to be automatically propagated within the domain.
  2. Before you create VLANs, you must decide whether to use VTP in your network. Using VTP, you can make configuration changes centrally on a single switch and have those changes automatically communicated to all the other switches in the network. Without VTP, you cannot send information about VLANs to other switches.

A VTP domain (also called a VLAN management domain) consists of one switch or several interconnected switches under the same administrative responsibility. A switch can be only in one VTP domain.

CCNA Training – Resources (Intense)

Every switch in the VTP domain can cover one operating mode between the following 3: Server, Client and Transparent:

 

VTP Server The default mode for all switches supporting VTP. You can create, modify, and delete VLANs and specify other configuration parameters (such as VTP version) for the entire VTP domain.VTP servers advertise their VLAN configurations to other switches in the same VTP domain and synchronize their VLAN configurations with other switches based on advertisements received over trunk links. VLAN configurations are saved in NVRAM.
VTP Client Behaves like a VTP server but you cannot create, change or delete VLANs on a VTP client. VLAN configurations are saved in NVRAM.
VTP Transparent Does not advertise its VLAN configuration and does not synchronize its VLAN configuration based on received advertisements. However, they will forward VTP advertisements as they are received from other switches.You can create, modify, and delete VLANs on a switch in VTP transparent mode. VLAN configurations are saved in NVRAM, but they are not advertised to other switches.

Table 2 –VTP Modes

 

All switches within the same domain must share the same domain name in fact when a switch sends a VTP advertisement (using for VLAN database synchronization between switches in the same VTP domain), the receiver switch controls if the local configured VTP domain name matches the name in the VTP advertisements.

You can configure a password for the VTP domain, but it is not required. All domain switches must share the same password that is used to validate the sources of VTP advertisements; switches without a password or with the wrong password reject VTP advertisements.

Another important piece of VTP information is the configuration revision number, a 32-bit number that indicates the level of revision for a VTP packet. Each VTP device tracks the VTP configuration revision number that is assigned to it. VTP packets contain the VTP configuration revision number of the sender.

This information is used to determine whether the received information is more recent than the current version. Each time that you make a VLAN change in a VTP device, the configuration revision is incremented by one. In order to reset the configuration revision of a switch, change the VTP domain name, and then change the name back to the original one.

Each switch in the VTP domain sends periodic global configuration advertisements from each trunk port to a reserved multicast address. Neighboring switches receive these advertisements and update their VTP and VLAN configurations as necessary.

VTP advertisements distribute this global domain information:

  • VTP domain name.
  • VTP configuration revision number.
  • Update identity and update timestamp.
  • MD5 digest.

VTP advertisements distribute this VLAN information for each configured VLAN:

  • VLAN ID.
  • VLAN name.
  • VLAN type.
  • VLAN state.
  • Additional VLAN configuration information specific to the VLAN type.

Cisco has developed 3 VTP versions such as 1, 2 and 3: you should not be tested on VTP versions for the CCNA exam.

However I would like to provide you with some guidelines when deciding which VTP version to implement in the real world. In a production environment all switches in a VTP domain must run the same VTP version.

A VTP version 2-capable switch can operate in the same VTP domain as a switch running VTP version 1 if version 2 is disabled on the version 2-capable switch giving that version 2 is disabled by default.

Do not enable VTP version 2 on a switch unless all of the switches in the same VTP domain are version-2-capable. When you enable version 2 on a switch, all of the version-2-capable switches in the domain enable version 2. If there is a version 1-only switch, it will not exchange VTP information with switches with version 2 enabled.

Same theory is valid for VTP version 3 capable switches.

To summarize: each VTP version is characterized by different properties and make sure that all switches within the VTP domain run the same VTP version because they are not backward compatible.

 

Feature

Default Value

VTP Domain name

Null

VTP mode

Server

VTP versions 2 capable

Versions 2 is disabled and Version 1 is enabled

VTP password

None

VTP pruning

Disabled

Table 3 – Default VTP switch setting on a VTP version 2 capable switch

Feature

Default Value

VTP Domain name

Null

VTP mode

Server

VTP versions 3 capable

Versions 3 is disabled and Version 1 is enabled

VTP password

None

VTP pruning

Disabled

Table 4 – Default VTP switch setting on a VTP version 3 capable switch

Reading from the last 2 tables, the last row refers to VTP pruning: this feature increases network available bandwidth by restricting flooded traffic to those trunk links that the traffic must use to reach the destination devices. Without VTP pruning, a switch floods broadcast, multicast, and unknown unicast traffic across all trunk links within a VTP domain even though receiving switches might discard them. VTP pruning is disabled by default. It blocks unneeded flooded traffic to VLANs on trunk ports that are included in the pruning-eligible list. Only VLANs included in the pruning-eligible list can be pruned. By default, VLANs 2 through 1001 are pruning eligible switch trunk ports. If the VLANs are configured as pruning-ineligible, the flooding continues. VTP pruning is supported with VTP version 1 and version 2.

You will find loads of question about this topic and possibly one or more simlets.

For the exam, remember that VTP works only on trunks, that when you have a factory default switch Cisco recommends configuring the switch in transparent mode to avoid corruption of the VTP database of the other peers in the VTP domain. To explain the latter concept better, by default the switch operates in VTP server mode and if by mistake its revision number is higher than other VTP servers, its introduction into the network may result on VLAN connectivity problem.

Whether on the exam there are diagrams with multiple switches and a VTP switch in client mode doesn’t synchronize its database with the VTP server check these points on the following order:

a) The VTP domain name is the same; if not VTP adv are discarded.
b) The VTP password matches, if configured; if not VTP adv are discarded.
c) The VTP version across all the switches in the domain matches.
d) The VTP revision number, where the designated VTP server must have the higher rn.

If points a, b and c are respected but the Client has got a higher revision number than the Server, the Client will not synchronize the VLAN database with the server because the local VLAN configuration is updated only when a VTP advertisement with a higher configuration revision number is received.

Furthermore memorize the properties of any VTP mode and clearly understand how the switch elaborates a received VTP advertisement in any of the possible VTP mode.

  1. VLAN database and commands: there will be several questions based on output commands and/or diagrams; show VLAN brief command gives out a picture of the VLAN database such as a table populated by VLAN ID number, VLAN Name, VLAN status and access port assigned to the created VLANs (and some other info which are not pertinent to the exam): if the port connected to trunk link is set up as an access port and therefore appears in the command output as port assigned to a VLAN, there will be connectivity issue over the trunk link.

Also a port sets up as a trunk will never appear in the output of the show VLAN or show VLAN brief commands.

From the output you can also find out the broadcast domain present on the switch where number of broadcast domains equal number of VLANs. Of course the Native VLAN named “default” in the VLAN table is a broadcast domain itself.

In a default configured switch VLAN 1 is the default and the untagged VLAN and VLAN 1002 through the 1005 are automatically created and cannot be deleted.

As best practice Cisco strongly recommends moving the management VLAN to something other than default VLAN 1 and to shutdown all unused ports in catalyst switch.

Another question would be about the VLAN database that it is not stored on the running config or startup config but it is saved on VLAN.dat file: the only method to delete it and the only way to reset the VTP domain name to a NULL value is by erasing the vlan.dat file.

During the exam, there will be multiple choices questions based on the output of the command show vtp status. Examples of the command output are shown on the below figures 4 and 5.

Figure 4 – show vtp status command output for a single switch example

Figure 5 – show vtp status command output for multiple switches example

During the exam, you will be asked the reasons the switches don’t share VTP messages based on show vtp status outputs.

Or which question statement is correct and which one incorrect about VTP status of the switch, either which commands the admin must issue to resolve connectivity issue on a given VTP domain.

You might have to resolve simlets by running the necessary commands from the admin workstation connected to a switch via console. An exam simlet example is displayed below on Figure 6.

 

Figure 6 – Cisco CCNA exam simlet example

 

Show interface trunk can be useful to retrieve several information about all switchports in trunk mode: there can be a question where you will compare 2 outputs of this command from 2 neighbor switches and spot where the problem is on the shared trunk link.

 

Figure 7 – show interface trunk command output example

 

The show interface xx switchport helps to verify the VLAN config per specific interface.

 

Figure 8 – show interface xx switchport command output example

  1. Troubleshooting: you may encounter network environments and you have to indentify where the issue lies and how to correct it in order to guarantee the proper connectivity between hosts.

A useful tip is, when troubleshooting connectivity issue, to start your debugging process from the L1 of the OSI model such as the physical layer and if you don’t find anything wrong, step up to the L2 of the OSI model, the data-link layer, and check if the VLAN is present on the VLAN database, if the right port is configured to be member of the proper VLAN, if the port type is correct (access or trunk).

 

Potential network deployments to troubleshoot can be:

  • between hosts physically connected on the same switch and belong to the same VLAN (communication within the same broadcast domain): check cables (access port uses a crossover cable), check if the switchport is shutdown, check if the 2 ports belong to same VLAN,
  • between hosts physically connected on different switches and no router is present on the network: connectivity issue between 2 hosts on the same VLAN connected on different switch can be only due to a misconfiguration on the trunk link where this particular VLAN is not allowed over the trunk. Whether the question includes an empty output of the show cdp neighbor command on the switch trunk ports, then the patched cable is wrong.
  • between hosts physically connected on different switches and no router is present on the network: connectivity issue between 2 hosts belong to different VLAN connected on different switch is due to the lack of a L3 device configured as router-on-a-stick with sub-interfaces handling the inter-VLAN routing process.
  • If a router is present, the cause of the problem can be multiple: sub-interface IP misconfiguration, or sub-interface lack of encapsulation, switch trunk port lack of encapsulation, port not configured as trunk, links between switches which are misconfigured as not trunk.

It can be that one host has the wrong IP configuration (IP address or netmask or the gateway) according to the router sub-interfaces settings. Cisco often uses classless netmask out of classfull boundaries to challenge you to make the right IP calculation.

To conclude, personally I prefer to use a mix between theory and practice study approach to prepare to an exam. On this article you can find all you have to know about VLAN for the Cisco CCNA exam but I suggest recreating and simulating potential tests scenario by firing up real Cisco switches or by running GNS3 application, a powerful graphical network simulator which supports emulation of Cisco devices.

[In the first part, we discussed VLAN benefits, general knowledge, switchport configurations, trunking, router-on-a-stick, and DTP]