Virtual local area network trunk protocol, or simply VTP, helps us to maintain the VLAN database consistency between our networks. Some people just love this technique to manage their VLAN database, while others may not love it so much. If you ask me about VTP, I will tell you that I use VTP when it is needed. But always be careful when applying it, because one simple mistake can cause your entire network to break down! Well, it won’t be that dramatic, but you can still have a BIG headache with it! And you may have to spend an entire day to resolve it.

So the first question that comes to mind is, What VTP can do for us? Well, it simply “propagates” the VLANs created in one switch in the domain (acting as server) to other switches in the same domain (either acting as server or client). VTP makes adding, deleting, and distributing VLAN databases a lot easier. So let’s start with another good lesson on how to deal with VTP. I know after reading this you will love it.

Before going into more detail, remember that in this article we are going to discuss these points:

· Introduction to VTP

· VTP domain and VTP modes

· Common VTP problems and solutions

Introduction to VTP

The first thing you need to know is that VLAN trunking protocol (VTP) is a Cisco proprietary protocol that propagates the definition of virtual local area networks (VLAN) on the whole local area network and is available on most of the Cisco Catalyst series switches. VTP advertisements can be sent over ISL, 802.1Q, IEEE 802.10, and LAN trunks. VTP reduces administration in a switched network. When you configure a new VLAN on one VTP server, the VLAN is distributed through all switches in the domain. This reduces the need to configure the same VLAN everywhere and give you more time to spend with your family, so you are already falling love with this protocol. If you want more theoretical knowledge about VTP, then please read my colleague’s articles about it (

VTP Domain

The configuration revision number is a 32−bit number that indicates the level of revision for a VTP packet. Each VTP device tracks the VTP configuration revision number that is assigned to it. Most VTP packets contain the VTP configuration revision number of the sender.

This information is used in order to determine whether the received information is more recent than the current version. Each time that you make a VLAN change in a VTP device, the configuration revision is incremented by one. In order to reset the configuration revision of a switch, change the VTP domain name, and then change the name back to the original name.

So we can simply say that a VTP domain is a collection of VTP-aware switches that share VLAN information with one another. You can specify which domain the switch should be in with a simple vtp domain <Domain_Name> command. In the example below you will see that we have used as a domain name. Switches will not share VLAN information if they are not in the same VTP domain.

VTP Modes

You can configure a switch to operate in any one of these VTP modes:

  • Server Mode—In VTP server mode, you can create, modify, and delete VLANs and specify other configuration parameters, such as VTP version and VTP pruning, for the entire VTP domain. VTP servers advertise their VLAN configuration to other switches in the same VTP domain and synchronize their VLAN configuration with other switches based on advertisements received over trunk links. VTP server is the default mode.
  • Client Mode—VTP clients simply get new updates from server about VLAN and forward the advertisement to others. It synchronizes its database to keep updated
  • Transparent ModeA VTP transparent switch does not advertise its VLAN configuration and does not synchronize its VLAN configuration based on received advertisements, but transparent switches do forward VTP advertisements between server and client switches; it does not use the information that passes between server and client or client to client or whatever it is. Remember it simply manages local VLANs.

VTP Off mode is configurable only in CatOS switches in the three described modes; VTP advertisements are received and transmitted as soon as the switch enters the management domain state. In the VTP off mode, switches behave the same as in VTP transparent mode, with the exception that VTP advertisements are not forwarded. Most of the engineers strongly believe that in Cisco switches VTP should be in off mode by default and should generate a warning before being enabled.

The below figure shows how VLANs 1 (i.e., the default VLAN) 10, and 20 are created at switch ASW1 for configuration A scenario and two switches, ASW2, ASW4, all are in transparent mode and connected between ASW1 – ASW2. Even then ASW3 (client switch) is getting all VLANs that are configured on ASW1. You can try the same with packet tracer; I have mentioned another scenario, named Configuration B. You just need to follow command listed below for all switches:

(Config)#vtp mode server/client/transparent

(Config)#vtp domain

(Config)#vtp password cisco

VTP Version 2 is not much different than VTP Version 1. The major difference is that VTP V2 introduces support for token ring VLANs. If you use token ring VLANs, you must enable VTP V2. Otherwise, there is no reason to use VTP V2. Changing the VTP version from 1 to 2 will not cause a switch to reload.

The table above shows you some basic difference between V1, V2, and V3.

VTP Password

If you configure a password for VTP, you must configure the password on all switches in the VTP domain. The password must be the same password on all other switches. The VTP password that you configure is translated by algorithm into a 16−byte word (MD5 value) that is carried in all summary−advertisement VTP packets.

And you can view the VTP password using show vtp password; also, to check VLANs, domain, and VTP mode, you can use show vtp status (as shown below):

VTP Pruning

VTP ensures that all switches in the VTP domain are aware of all VLANs. However, there are occasions when VTP can create unnecessary traffic. All unknown unicasts and broadcasts in a VLAN are flooded over the entire VLAN. All switches in the network receive all broadcasts, even in situations in which few users are connected in that VLAN. VTP pruning is a feature that you use in order to eliminate or prune this unnecessary traffic.

When VTP pruning is enabled on a VTP server, pruning is enabled for the entire management domain. Making VLANs pruning−eligible or pruning−ineligible affects pruning eligibility for those VLANs on that trunk only (not on all switches in the VTP domain). VTP pruning takes effect several seconds after you enable it. VTP pruning does not prune traffic from VLANs that are pruning−ineligible. VLAN 1 and VLANs 1002 to 1005 are always pruning−ineligible; traffic from these VLANs cannot be pruned. Extended−range VLANs (VLAN IDs greater than 1005) are also pruning−ineligible.

To configure VTP pruning, you need to write “VTP Pruning“; that’s it, your pruning is configured.

Use VTP in a Network

By default, all switches are configured to be VTP servers. This configuration is suitable for small−scale networks in which the size of the VLAN information is small and the information is easily stored in all switches (in NVRAM). In a large network, the network administrator must make a judgment call at some point, when the NVRAM storage required is wasteful because it is duplicated on every switch. At this point, the network administrator must choose a few well−equipped switches and keep them as VTP servers. Everything else that participates in VTP can be turned into a client. The number of VTP servers should be chosen in order to provide the degree of redundancy that is desired in the network.

Note: If a switch is configured as a VTP server without a VTP domain name, you cannot configure a VLAN on the switch. It is applicable only for CatOS. You can configure VLAN(s) without having the VTP domain name on the switch which runs on IOS.

  • If a new Catalyst is attached in the border of two VTP domains, the new Catalyst keeps the domain name of the first switch that sends it a summary advertisement. The only way to attach this switch to another VTP domain is to manually set a different VTP domain name.
  • Dynamic trunking protocol (DTP) sends the VTP domain name in a DTP packet. Therefore, if you have two ends of a link that belong to different VTP domains, the trunk does not come up if you use DTP. In this special case, you must configure the trunk mode as on or no-negotiate on both sides in order to allow the trunk to come up without DTP negotiation agreement.
  • If the domain has a single VTP server and it crashes, the best and easiest way to restore the operation is to change any of the VTP clients in that domain to a VTP server. The configuration revision is still the same in the rest of the clients, even if the server crashes. Therefore, VTP works properly in the domain.

Thanks for giving your time and concentration to read this article. I hope it was informative for you. The best possible way to master Cisco technologies you need to get your hands dirty, so it’s your turn to make it clear by doing some hands-on practice either in a real device or in packet tracer with my above scenario. If you face any issue regarding this article or any of my previous articles, you can write to me by using comment section below. Your feedbacks and comments always encourage me to provide the best and unmatched quality documentation with real world scenarios.


  1. Network Warrior by Gary A. Donahue, O’Reilly Media, Inc.
  2. Understanding and Configuring VLANs,
  3. CCNP SWITCH Official Certification Guide by David Hucaby
  4. VLANs and Trunking by David Hucaby and Stephen McQuerry
  5. Extending Switched Networks with VLANs by Stephen McQuerry