You are on page 1of 19

VLAN Trunking Protocol VTP Tutorial

This topic describes the features that VLAN Trunking Protocol (VTP) offers to support VLANs. To help you understand the basic concept, this is a summary of what VTP is: “VTP allows a network manager to configure a switch so that it will propagate VLAN configurations to other switches in the network” VTP minimizes misconfigurations and configuration inconsistencies that can cause problems, such as duplicate VLAN names or incorrect VLAN-type specifications. VTP helps you simplify management of the VLAN database across multiple switches. VTP is a Cisco-proprietary protocol and is available on most of the Cisco switches. Why we need VTP? To answer this question, let’s discuss a real and popular network topology. Suppose you are working in a medium company in a 5-floor office. You assigned each floor to a switch for easy management and of course they can be assigned to different VLANs. For example, your bosses can sit in any floor and still access Manage VLAN (VLAN 7). Your technical colleagues can sit anywhere on the floors to access Technical VLAN (VLAN 4). This is the best design because each person’s permission is not limited by the physical location.

other switches automatically learn about this VLAN. . adding your new VLANs and magically. Only switches belonging to the same domain share their VLAN information. How will you do that? Well. only one switch should be allowed to create (or delete. This is also the default mode. This switch is like the “master” of the whole VTP domain and it is ope rated in Server mode. it is what VTP does for you! How VTP Works To make switches exchange their VLAN information with each other. it will surely become a daunting task to add a new VLAN like this. the Support Department. One day. Fortunately your office only has 5 floors so you can finish this task in some hours :) But just imagine if your company was bigger with 100-floor office and some VLANs needed to be added every month! Well. To maintain domain consistency. they need to be configured in the same VTP domain. Luckily. When a change is made to the VLAN database. without VTP you have to go to each switch to enable this new VLAN. modify) new VLAN. and you are tasked to add a new SUPPORT VLAN for this department. your boss decides to add a new department to your office. right? It is not a dream. Cisco always “thinks big” to create a method for you to just sit at the “Main Sw”. sweet. it is propagated to all switches via VTP advertisements.Now let’s discuss about VTP role in this topology! Suppose VTP is not running on these switches.

the network manager doesn’t want a switch to learn VTP informat ion from other switches. In some cases. A transparent switch can add. delete and modify VLAN database locally. it still forwards VTP advertisements from the server to other switches (but doesn’t read that update). In this mode. a switch maintains its own VLAN database and never learn VTP information from other switches (even the server). He can set it to Transparent mode. They are operated in Client mode. the “Main Sw” should be assigned this function and we should place it in a safe place. we can configure any switches as the “server” but for our convenience.Other switches are only allowed to receive and forward updates from the “server” switch. Now return to the example above. However. .

the better your VTP advertisement. VTP advertisements bring VLAN information to all the switches in a VTP domain. + Number of Existing VLANs: Number of existing VLANs. the configuration revision is incremented by one. the switch runs version 1 but can be set to version 2. + Maximum VLANs Supported Locally: maximum number of VLANs supported locally. One important thing you must know is when a switch receives a better VTP advertisement. By default. the two VTP versions are not interoperable so make sure to configure the same VTP version on every switch in a domain. A switch does not try to compare its own VLAN database with information from the received VTP advertisements to find out and update the difference! Note: VTP advertisements are sent as multicast frames and all neighbors in that domain receive the frames. For example. The “show vtp status” command analysis The most important command to view the status of VTP on Cisco switches that each CCNA learners must grasp is the “show vtp status” command. When you add a new VLAN to the Main Sw. it will send a VTP advertisement with the Revision number of 2. . which is bigger than its current Revision number (0) so it updates its VLAN database. Each VTP advertisement is sent with a Revision number. + Configuration Revision: current Revision number on this switch. its Revision number is 1. So the higher the revision number. the first time the Main Sw sends a VTP advertisement. Next it receives the VTP advertisement with the Revision number of 2. This number is used in order to determine whether the VTP advertisement is more recent than the current version of that switch. Because each time you make a VLAN change in a switch. Client switches first receive the VTP advertisement with the Revision number of 1. it continues comparing with its current Revision number (1) -> it continues update its VLAN database.As said above. Within a domain. it deletes its whole VTP information and copy the new information from the better VTP advertisement to its VLAN database. Let’s have a look at the output of this command: + VTP Version: displays the VTP version the switch is running.

or transparent.+ VTP Operating Mode: can be server. + Configuration Last Modified: date and time of the last configuration modification. + VTP V2 Mode: displays if VTP version 2 mode is enabled. Moreover. By default. it travels across all trunk links in the VTP domain. Sw2. But only Sw3 has user on VLAN 10 and it is a waste of bandwidth on Sw2. and Sw3 all receive broadcast frames from PC A. let’s see an example: When PC A sends a broadcast frame on VLAN 10. VTP Pruning To understand what VTP Pruning is. Displays the IP address of the switch that caused the configuration change to the database. . a switch operates in VTP Server mode with a NULL (blank) domain name with no password configured (the password field is not listed in the output) + VTP Pruning Mode: displays whether pruning is enabled or disabled. + VTP Traps Generation: displays whether VTP traps are sent to a network management station. The link between switches Server and Sw2 does not carry any VLAN 10 traffic so it can be “pruned”. VTP version 2 is disabled by default. that broadcast traffic also consumes processor time on Sw2. We will discuss about VTP Pruning later. + MD5 Digest: a 16-byte checksum of the VTP configuration. Switches Server. + VTP Domain Name: name that identifies the administrative domain for the switch. client.

For example. In the above example. When a switch has a port associated with a VLAN. VTP Configuration Main Sw(config)#vtp version 2 Main Sw(config)#vtp domain 9tut Main Sw(config)#vtp mode server Main Sw(config)#vtp password keepitsecret On client switches Client(config)#vtp version 2 Client(config)#vtp domain 9tut . Sw2 has not advertised about VLAN 10 so Server switch will prune VLAN 10 on the trunk to Sw2. Server switch doesn’t send broadcast frame to Sw2 because Sw2 doesn’t have ports in VLAN 10. You only need to enable pruning on one VTP server switch in the domain.VTP Pruning makes more efficient use of trunk bandwidth by forwarding broadcast and unknown unicast frames on a VLAN only if the switch on the receiving end of the trunk has ports in that VLAN. Sw3 sends an advertisement to Server switch to inform that it has active port for VLAN 10. the switch sends an advertisement to its neighbors to inform that it has active ports on that VLAN.

the link will remain in access mode. .Client(config)#vtp password keepitsecret Client(config)#vtp mode client Notice: Before configuring VTP make sure the links between your switches are trunk links. the change affects only the local switch and does not propagate to other switches in the VTP domain. In Server mode we can create. VTP messages are transmitted out of all the trunk connections. VTP transparent mode does forward VTP advertisements that it receives within the domain. When you make a change to the VLAN configuration on a VTP server. modify. * Transparent: When you make a change to the VLAN configuration in this mode. transparent. delete VLANs. however. the change is propagated to all switches in the VTP domain. * Client: cannot make changes to the VLAN configuration when in this mode. a VTP client can send any VLANs currently listed in its database to other VTP switches. To configure trunk between these ports. use these commands: Client(config)#interface fa0/1 (or the interface on the link you want to be trunk) Client(config-if)#switchport mode trunk These commands only need to be used on one of two switches to form the trunk. VTP Pruning makes more efficient use of trunk bandwidth by forwarding broadcast and unknown unicast frames on a VLAN only if the switch on the receiving end of the trunk has ports in that VLAN. Below summaries important notes about VTP: + Whenever a change occurs in the VLAN database. VTP modes: * Server: The default mode. Your trunk link can automatically be formed if both of your switches are not 2960 or 3560 because ports on the 2960 and 3560 switches are set to dynamic auto by default. If both sides are set to dynamic auto. the VTP server increments its configuration revision number and then advertises the new revision throughout the VTP domain via VTP advertisements. or client. + VTP operates in one of three modes: server. VTP client also forwards VTP advertisements (but cannot create VTP advertisements).

The other broadcast frame from SwA comes to fa0/1 of SwB so SwB forwards it to fa0/0 and fa0/5. only one active path can exist between two stations. Let’s see a situation when there is no loop-avoidance process in operation. Spanning-Tree Protocol is a link management protocol that provides path redundancy while preventing undesirable loops in the network. the green arrow shows a broadcast frame sent by PC A. it forwards that frame to all ports except the port where it receives the request -> SwA forwards that ARP frame out of fa0/0 and fa0/1 ports. Suppose SwB receives the broadcast frame from fa0/0 first then it will forward that frame to the two other links ( fa0/1 and fa0/5 of SwB). switch are used interchangeably when discussing STP) To prevent bridging loops.To provide for fault tolerance. For an Ethernet network to function properly. This condition is known as a bridging loop. the IEEE 802. One switch connected to PC A and the other switch connected to PC B. It then sends a broadcast. (Note: the terms bridge. say an Address Resolution Protocol (ARP) to find out where the location of PC B. Now PC A wants to talk to PC B. When the switch A receives a broadcast frame. providing redundant paths between segments causes packets to be passed between the redundant paths endlessly. Suppose you have two switches connected with redundant links. . However.1d committee defined a standard called the spanning tree algorithm (STA). many networks implement redundant paths between devices using multiple switches. or spanning tree protocol (STP).

MAC Database Instability: MAC database instability results when multiple copies of a frame arrive on different ports of a switch. The same phenomenon occurs and PC B will receive more than one copy of that frame. Broadcast storm is a serious network problem and can shut down entire network in seconds. no data traffic is sent on this link and the loop in the network is eliminated. if the first frame is not a ARP broadcast but a unicast and SwA and SwB haven’t learned about the destination in that frame yet then they flood the frame on all ports except the originating port. When SwA receives these broadcast frames it continues broadcasting them again to its other interfaces. This phenomenon is called a broadcast storm. All of these problems can be solved with the Spanning Tree Protocol (STP) STP prevents loop by blocking one of switch’s port. . Multiple copies of the same frame can cause unrecoverable errors.As you can see. We can see it in the above example too when the two ports on SwB (fa0/0 and fa0/1) receive the same frame. Now you learned about problems when there is no looping-avoidance mechanism running on the network. by blocking port fa0/0 of SwA. creates 2 copies and sends one of them back to SwA (the other is sent to PC B). In the above example. For example. SwB receives each of them. Many protocols expect to receive only a single copy of each transmission. this will keep going on forever until you shutdown the network. SwA has sent 2 broadcast frames out of its fa0/0 and fa0/1. Other problems: Multiple frame transmission: Multiple copies of unicast frames may be delivered to destination stations. Broadcast storm consumes entire bandwidth and denies bandwidth for normal network traffic.

The Bridge ID is composed of the bridge priority value (0-65535. when you have just turned on the switches… 1. We will learn it in the next part. 2 bytes) and the bridge MAC address (6 bytes). each switch claims itself as the root bridge immediately and starts sending out multicast frames called Bridge Protocol Data Units (BPDUs). which are used to exchange STP information between switches.But how STP decides which port should be blocked. Elects one root bridge 2. Select one root port per nonroot bridge 3. A BPDU contains many fields but there are 4 most important fields for STP to operate correctly: * The Bridge IDs of the Root Bridge and the Bridge ID of the Transmitting Bridge: In the initial stage. . Select one designated port on each network segment Now let’s have a closer look from the beginning. How Spanning Tree Protocol (STP) works SPT must performs three steps to provide a loop-free network topology: 1. Elects one root bridge A fun thing is that when turned on. each switch claims itself as a root bridge so the bridge ID of the root bridge and the bridge ID of the transmitting bridge are the same. The whole process is more complex than what is shown above.

To compare two bridge IDs. all ports are designated ports. In conclusion.1111 -> the bridge ID of SwB is 32768:0000. The bridge priorities are compare first. both SwA and SwB have the same bridge ID (32768) so they will compare their MAC addresses. the priority is compared first. Designated ports are in the forwarding state and can send and receive traffic.Bridge ID = Bridge Priority + MAC Address For example: + The bridge priority of SwA is 32768 and its MAC address is 0000.9999 + The bridge priority of SwB is 32768 and its MAC address is 0000. we can lower SwA’s bridge priority to 28672(smaller than 32768) to make it root bridge. Because each switch has a unique MAC address so surely one root bridge will be elected.1111 The root bridge is the bridge with the lowest bridge ID.0000.9999 -> the bridge ID of SwA is 32768:0000.0000. If two bridges have equal priority. In the above example. if they are equal then the MAC addresses will be used. For example. then the MAC addresses are compared. Because SwB has lower MAC address it will become root bridge. But notice that the bridge priority number can be incremented only in step of 4096. . STP decides which switch will become root bridge by comparing the Bridge ID in the BPDUs.0000.0000. An administrator can decide which bridge will become the root bridge by lowering the priority value (thus lowering Bridge ID). Note: The default bridge priority value is 32768. On the root bridge.

* The Port ID: The transmitting switch port ID. Other switch ports on the segment typically become nondesignated ports and are blocked. will be discussed later. Every non-root bridge must have a root port. Select one designated port on each network segment STP selects one designated port per segment to forward traffic. In the above example. Link Speed 10 Gbps 1 Gbps 100 Mbps 10 Mbps Cost (Revised IEEE Specification) 2 4 19 100 Cost (Previous IEEE Specification) 1 1 10 100 The root path cost is used to elect root port and we will discuss in the next part. Select one root port per nonroot bridge Root port is the port that is closest to the root bridge. The cost range is 0-65535. 3. which means it is the port that receiving the lowest-cost BPDU from the root.* The cost to reach the root from this bridge (Root Path Cost): This value is set to 0 at the beginning of STP root bridge election process since all bridges claim to be the root. although switches cannot send data traffic but can still receive BPDUs. 2. In blocking state. . All root ports are placed in forwarding state. Therefore interface fa0/0 of SwA will become nondesignated port (blocking state). if we suppose the upper link (between two fa0/0 interfaces) are 10Mbps and the lower link (between two fa0/1 interfaces) is 100Mbps link then fa0/1 of SwA will become root port as it has lower cost than fa0/0 (cost 19 < cost 100).

every switch in the network goes through the blocking state and the transitory states of listening and learning.swf The spanning tree algorithm provides the following benefits: * Eliminates bridging loops * Provides redundant paths between devices * Enables dynamic role configuration * Recovers automatically from a topology change or device failure * Identifies the optimal path between any two network devices STP switch port states: When STP is enabled. * Blocking – no user data is sent or received but it may go into forwarding mode if the other links in use fail and the spanning tree algorithm determines the port may transition to the forwarding state. does not learn MAC address. Convergence in STP occurs when all ports on bridges and switches have transitioned to either forwarding or blocking states. No data is forwarded until convergence is complete so the time for convergence when network topology changes is very important. Fast convergence is very desirable in large networks. The normal convergence time is 50 seconds for 802.1D STP (which is rather slow) but the timers can be adjusted. * Listening – The switch processes BPDUs and awaits possible new information that would cause it to return to the blocking state.cisco. Cisco has a good flash to demonstrate it so please watch it at http://www. . The ports then stabilize to the forwarding or blocking state. discards frames and MAC address. BPDU data is still received in blocking state but discards frames.Now the network reaches a state called convergence. Now let’s consider how BPDU are sent when there are 3 switches in the network.com/warp/public/473/spanning_tree1.

This timer is covered in more depth shortly. Below is a quick summary of STP states: State Can forward data? No No Learn MAC? No No Timer Transitory or Stable State? Stable Transitory Blocking Listening Max Age (20 sec) Forward Delay (15 sec) Forward Delay Learning Forwarding No Yes Yes Yes Transitory Stable * MaxAge . SwA must wait for Max Age seconds before it begins to transition fa0/0 interface from blocking to listening state. and 15 seconds create STP’s relatively slow convergence. before trying to change the STP topology. Next it continues waiting for more Forward Delay seconds. * Forward Delay – Delay that affects the time involved when an interface changes from blocking state to forwarding state. learns MAC address. the default is 20 seconds. When the lower link is broken. normal operation. Usually this is a multiple of the hello time. * Forwarding – receives and sends data. In listening state it must wait for the Forward Delay seconds to move to the Learning state.* Learning – receives and transmits BPDUs and learns MAC addresses but does not yet forward frames. These three waiting periods of (by default) 20. .How long any bridge should wait. If no BPDU is received. receives and transmits BPDUs. A port stays in listening state and then learning state for the number of seconds defined by the forward delay. Now let’s take an example using the same network as above but we suppose that the bottom 100Mbps connection is broken. after beginning to not hear hellos. it is then placed in forwarding state. 15.

Rapid Spanning Tree Protocol (RSTP) One big disadvantage of STP is the low convergence which is very important in switched network.1w introduced an evolution of the Spanning Tree Protocol: Rapid Spanning Tree Protocol (RSTP). a network administrator can manually disable a port Now let’s see an example of three switches below: . To overcome this problem. in 2001. please read my article about Spanning Tree Protocol tutorial first. While STP can take 30 to 50 seconds to transit from a blocking state to a forwarding state. * Disabled port – Not strictly part of STP. RSTP works by adding an alternative port and a backup port compared to STP. * Backup port – A backup/redundant path to a segment where another bridge port already connects. The alternative port moves to the forwarding state if there is a failure on the designated port for the segment. RSTP is typically able to respond less than 10 seconds of a physical link failure.Rapid Spanning Tree Protocol RSTP Tutorial Note: Before reading this article you should understand how STP works. To have two links to the same collision domain. So if you are not sure about STP. RSTP bridge port roles: * Root port – A forwarding port that is the closest to the root bridge in terms of path cost * Designated port – A forwarding port for every LAN segment * Alternate port – A best alternate path to the root bridge. which significantly reduces the convergence time after a topology change occurs in the network. This path is different than using the root port. These ports are allowed to immediately enter the forwarding state rather than passively wait for the network to converge. the IEEE with document 802. The backup port applies only when a single switch has two links to the same segment (collision domain). the switch must be attached to a hub.

Two ports fa0/0 on Sw2 & Sw3 are closest to the root bridge (in terms of path cost) so they will become root ports. .Suppose all the switches have the same bridge priority so the switch with lowest MAC address will become root bridge -> Sw1 is the root bridge and therefore all of its ports will be Designated ports (forwarding). On the segment between Sw2 and Sw3. because Sw2 has lower MAC than Sw3 so it will advertise better BPDU on this segment -> fa0/1 of Sw2 will be Designated port and fa0/1 of Sw3 will be Alternative port.

But how does Sw2 select its Designated and Backup port? The decision process involves the following parameters inside the BPDU: * Lowest path cost to the Root * Lowest Sender Bridge ID (BID) * Lowest Port ID Well. . Sw2 will select fa0/2 as its Designated port. we know that there will have only one Designated port for each segment (notice that the two ports fa0/2 & fa0/3 of Sw2 are on the same segment as they are connected to a hub). both fa0/2 & fa0/3 of Sw2 has the same “path cost to the root” and “sender bridge ID” so the third parameter “lowest port ID” will be used.Now for the two ports connecting to the hub. Because fa0/2 is inferior to fa0/3. The other port will be Backup port according to the definition of Backup port above.

Note: Alternative Port and Backup Port are in discarding state. normal operation. * Discarding – the port does not forward frames. blocking. receives and transmits BPDUs (same as STP). process received frames. STP State (802.1D disabled.1w) Discarding Discarding Learning Forwarding Discarding . * Forwarding – receives and sends data. or learn MAC addresses – but it does listen for BPDUs (like the STP blocking state) * Learning – receives and transmits BPDUs and learns MAC addresses but does not yet forward frames (same as STP).1d) Blocking Listening Learning Forwarding Disabled RSTP State (802. The 802. and listening states are merged into the 802.1w discarding state. learns MAC address. RSTP Port States: There are only three port states left in RSTP that correspond to the three possible operational states.

RSTP Quick Summary: RSTP provides faster convergence than 802. learning. * RSTP defines five port roles: root. alternate. RSTP converges with all ports either in forwarding state or discarding state. designated. * RSTP defines three port states: discarding. and forwarding.Although the learning state is also used in RSTP but it only takes place for a short time as compared to STP. backup.1D STP when topology changes occur. and disabled. .