You are on page 1of 19

VLAN Trunking Protocol VTP Tutorial

This topic describes the features that VLAN Trunking Protocol (VTP) offers to support VLANs. To help you understand the basic concept, this is a summary of what VTP is: “VTP allows a network manager to configure a switch so that it will propagate VLAN configurations to other switches in the network” VTP minimizes misconfigurations and configuration inconsistencies that can cause problems, such as duplicate VLAN names or incorrect VLAN-type specifications. VTP helps you simplify management of the VLAN database across multiple switches. VTP is a Cisco-proprietary protocol and is available on most of the Cisco switches. Why we need VTP? To answer this question, let’s discuss a real and popular network topology. Suppose you are working in a medium company in a 5-floor office. You assigned each floor to a switch for easy management and of course they can be assigned to different VLANs. For example, your bosses can sit in any floor and still access Manage VLAN (VLAN 7). Your technical colleagues can sit anywhere on the floors to access Technical VLAN (VLAN 4). This is the best design because each person’s permission is not limited by the physical location.

only one switch should be allowed to create (or delete. modify) new VLAN. This is also the default mode. To maintain domain consistency.Now let’s discuss about VTP role in this topology! Suppose VTP is not running on these switches. How will you do that? Well. Fortunately your office only has 5 floors so you can finish this task in some hours :) But just imagine if your company was bigger with 100-floor office and some VLANs needed to be added every month! Well. without VTP you have to go to each switch to enable this new VLAN. sweet. it will surely become a daunting task to add a new VLAN like this. When a change is made to the VLAN database. This switch is like the “master” of the whole VTP domain and it is ope rated in Server mode. right? It is not a dream. the Support Department. other switches automatically learn about this VLAN. your boss decides to add a new department to your office. . One day. and you are tasked to add a new SUPPORT VLAN for this department. they need to be configured in the same VTP domain. Cisco always “thinks big” to create a method for you to just sit at the “Main Sw”. Luckily. it is propagated to all switches via VTP advertisements. it is what VTP does for you! How VTP Works To make switches exchange their VLAN information with each other. adding your new VLANs and magically. Only switches belonging to the same domain share their VLAN information.

it still forwards VTP advertisements from the server to other switches (but doesn’t read that update).Other switches are only allowed to receive and forward updates from the “server” switch. In some cases. A transparent switch can add. However. a switch maintains its own VLAN database and never learn VTP information from other switches (even the server). Now return to the example above. In this mode. the network manager doesn’t want a switch to learn VTP informat ion from other switches. delete and modify VLAN database locally. . He can set it to Transparent mode. They are operated in Client mode. the “Main Sw” should be assigned this function and we should place it in a safe place. we can configure any switches as the “server” but for our convenience.

it deletes its whole VTP information and copy the new information from the better VTP advertisement to its VLAN database. which is bigger than its current Revision number (0) so it updates its VLAN database. the configuration revision is incremented by one. it continues comparing with its current Revision number (1) -> it continues update its VLAN database. The “show vtp status” command analysis The most important command to view the status of VTP on Cisco switches that each CCNA learners must grasp is the “show vtp status” command. VTP advertisements bring VLAN information to all the switches in a VTP domain. Client switches first receive the VTP advertisement with the Revision number of 1. . One important thing you must know is when a switch receives a better VTP advertisement. Within a domain. Because each time you make a VLAN change in a switch. + Configuration Revision: current Revision number on this switch. + Maximum VLANs Supported Locally: maximum number of VLANs supported locally. Each VTP advertisement is sent with a Revision number. + Number of Existing VLANs: Number of existing VLANs. the first time the Main Sw sends a VTP advertisement. Next it receives the VTP advertisement with the Revision number of 2. the switch runs version 1 but can be set to version 2. it will send a VTP advertisement with the Revision number of 2. For example. the two VTP versions are not interoperable so make sure to configure the same VTP version on every switch in a domain. Let’s have a look at the output of this command: + VTP Version: displays the VTP version the switch is running. When you add a new VLAN to the Main Sw. By default. So the higher the revision number. This number is used in order to determine whether the VTP advertisement is more recent than the current version of that switch.As said above. A switch does not try to compare its own VLAN database with information from the received VTP advertisements to find out and update the difference! Note: VTP advertisements are sent as multicast frames and all neighbors in that domain receive the frames. its Revision number is 1. the better your VTP advertisement.

Sw2. But only Sw3 has user on VLAN 10 and it is a waste of bandwidth on Sw2. Moreover. + VTP V2 Mode: displays if VTP version 2 mode is enabled. Displays the IP address of the switch that caused the configuration change to the database. Switches Server. VTP version 2 is disabled by default. let’s see an example: When PC A sends a broadcast frame on VLAN 10. that broadcast traffic also consumes processor time on Sw2. + Configuration Last Modified: date and time of the last configuration modification. VTP Pruning To understand what VTP Pruning is. and Sw3 all receive broadcast frames from PC A. By default. client. it travels across all trunk links in the VTP domain. a switch operates in VTP Server mode with a NULL (blank) domain name with no password configured (the password field is not listed in the output) + VTP Pruning Mode: displays whether pruning is enabled or disabled. We will discuss about VTP Pruning later.+ VTP Operating Mode: can be server. + VTP Domain Name: name that identifies the administrative domain for the switch. . or transparent. The link between switches Server and Sw2 does not carry any VLAN 10 traffic so it can be “pruned”. + MD5 Digest: a 16-byte checksum of the VTP configuration. + VTP Traps Generation: displays whether VTP traps are sent to a network management station.

Server switch doesn’t send broadcast frame to Sw2 because Sw2 doesn’t have ports in VLAN 10.VTP Pruning makes more efficient use of trunk bandwidth by forwarding broadcast and unknown unicast frames on a VLAN only if the switch on the receiving end of the trunk has ports in that VLAN. the switch sends an advertisement to its neighbors to inform that it has active ports on that VLAN. You only need to enable pruning on one VTP server switch in the domain. VTP Configuration Main Sw(config)#vtp version 2 Main Sw(config)#vtp domain 9tut Main Sw(config)#vtp mode server Main Sw(config)#vtp password keepitsecret On client switches Client(config)#vtp version 2 Client(config)#vtp domain 9tut . In the above example. Sw2 has not advertised about VLAN 10 so Server switch will prune VLAN 10 on the trunk to Sw2. For example. When a switch has a port associated with a VLAN. Sw3 sends an advertisement to Server switch to inform that it has active port for VLAN 10.

Below summaries important notes about VTP: + Whenever a change occurs in the VLAN database. When you make a change to the VLAN configuration on a VTP server. . To configure trunk between these ports. the VTP server increments its configuration revision number and then advertises the new revision throughout the VTP domain via VTP advertisements. In Server mode we can create. the change is propagated to all switches in the VTP domain. VTP messages are transmitted out of all the trunk connections. the change affects only the local switch and does not propagate to other switches in the VTP domain. transparent. * Transparent: When you make a change to the VLAN configuration in this mode.Client(config)#vtp password keepitsecret Client(config)#vtp mode client Notice: Before configuring VTP make sure the links between your switches are trunk links. delete VLANs. * Client: cannot make changes to the VLAN configuration when in this mode. VTP Pruning makes more efficient use of trunk bandwidth by forwarding broadcast and unknown unicast frames on a VLAN only if the switch on the receiving end of the trunk has ports in that VLAN. VTP transparent mode does forward VTP advertisements that it receives within the domain. VTP client also forwards VTP advertisements (but cannot create VTP advertisements). a VTP client can send any VLANs currently listed in its database to other VTP switches. If both sides are set to dynamic auto. VTP modes: * Server: The default mode. however. or client. + VTP operates in one of three modes: server. use these commands: Client(config)#interface fa0/1 (or the interface on the link you want to be trunk) Client(config-if)#switchport mode trunk These commands only need to be used on one of two switches to form the trunk. Your trunk link can automatically be formed if both of your switches are not 2960 or 3560 because ports on the 2960 and 3560 switches are set to dynamic auto by default. the link will remain in access mode. modify.

However. Suppose you have two switches connected with redundant links. providing redundant paths between segments causes packets to be passed between the redundant paths endlessly. say an Address Resolution Protocol (ARP) to find out where the location of PC B. only one active path can exist between two stations. Now PC A wants to talk to PC B. The other broadcast frame from SwA comes to fa0/1 of SwB so SwB forwards it to fa0/0 and fa0/5. the green arrow shows a broadcast frame sent by PC A. For an Ethernet network to function properly.To provide for fault tolerance. . One switch connected to PC A and the other switch connected to PC B.1d committee defined a standard called the spanning tree algorithm (STA). or spanning tree protocol (STP). When the switch A receives a broadcast frame. Spanning-Tree Protocol is a link management protocol that provides path redundancy while preventing undesirable loops in the network. the IEEE 802. This condition is known as a bridging loop. It then sends a broadcast. many networks implement redundant paths between devices using multiple switches. Suppose SwB receives the broadcast frame from fa0/0 first then it will forward that frame to the two other links ( fa0/1 and fa0/5 of SwB). (Note: the terms bridge. switch are used interchangeably when discussing STP) To prevent bridging loops. Let’s see a situation when there is no loop-avoidance process in operation. it forwards that frame to all ports except the port where it receives the request -> SwA forwards that ARP frame out of fa0/0 and fa0/1 ports.

Broadcast storm consumes entire bandwidth and denies bandwidth for normal network traffic. Other problems: Multiple frame transmission: Multiple copies of unicast frames may be delivered to destination stations. no data traffic is sent on this link and the loop in the network is eliminated. When SwA receives these broadcast frames it continues broadcasting them again to its other interfaces. . All of these problems can be solved with the Spanning Tree Protocol (STP) STP prevents loop by blocking one of switch’s port. MAC Database Instability: MAC database instability results when multiple copies of a frame arrive on different ports of a switch. this will keep going on forever until you shutdown the network. We can see it in the above example too when the two ports on SwB (fa0/0 and fa0/1) receive the same frame. Multiple copies of the same frame can cause unrecoverable errors. The same phenomenon occurs and PC B will receive more than one copy of that frame. For example. SwA has sent 2 broadcast frames out of its fa0/0 and fa0/1. SwB receives each of them. Now you learned about problems when there is no looping-avoidance mechanism running on the network. Many protocols expect to receive only a single copy of each transmission. In the above example. This phenomenon is called a broadcast storm. creates 2 copies and sends one of them back to SwA (the other is sent to PC B). Broadcast storm is a serious network problem and can shut down entire network in seconds. by blocking port fa0/0 of SwA. if the first frame is not a ARP broadcast but a unicast and SwA and SwB haven’t learned about the destination in that frame yet then they flood the frame on all ports except the originating port.As you can see.

A BPDU contains many fields but there are 4 most important fields for STP to operate correctly: * The Bridge IDs of the Root Bridge and the Bridge ID of the Transmitting Bridge: In the initial stage. . Elects one root bridge A fun thing is that when turned on. which are used to exchange STP information between switches. Select one designated port on each network segment Now let’s have a closer look from the beginning. each switch claims itself as a root bridge so the bridge ID of the root bridge and the bridge ID of the transmitting bridge are the same. The Bridge ID is composed of the bridge priority value (0-65535. How Spanning Tree Protocol (STP) works SPT must performs three steps to provide a loop-free network topology: 1. 2 bytes) and the bridge MAC address (6 bytes).But how STP decides which port should be blocked. Elects one root bridge 2. each switch claims itself as the root bridge immediately and starts sending out multicast frames called Bridge Protocol Data Units (BPDUs). We will learn it in the next part. Select one root port per nonroot bridge 3. The whole process is more complex than what is shown above. when you have just turned on the switches… 1.

On the root bridge. If two bridges have equal priority. Because each switch has a unique MAC address so surely one root bridge will be elected.0000. then the MAC addresses are compared.0000. To compare two bridge IDs. both SwA and SwB have the same bridge ID (32768) so they will compare their MAC addresses. In conclusion. all ports are designated ports. Designated ports are in the forwarding state and can send and receive traffic.9999 + The bridge priority of SwB is 32768 and its MAC address is 0000. But notice that the bridge priority number can be incremented only in step of 4096. Because SwB has lower MAC address it will become root bridge. we can lower SwA’s bridge priority to 28672(smaller than 32768) to make it root bridge. In the above example.0000. the priority is compared first.9999 -> the bridge ID of SwA is 32768:0000. The bridge priorities are compare first. STP decides which switch will become root bridge by comparing the Bridge ID in the BPDUs. An administrator can decide which bridge will become the root bridge by lowering the priority value (thus lowering Bridge ID). Note: The default bridge priority value is 32768. if they are equal then the MAC addresses will be used.Bridge ID = Bridge Priority + MAC Address For example: + The bridge priority of SwA is 32768 and its MAC address is 0000.0000.1111 -> the bridge ID of SwB is 32768:0000. For example. .1111 The root bridge is the bridge with the lowest bridge ID.

The cost range is 0-65535.* The cost to reach the root from this bridge (Root Path Cost): This value is set to 0 at the beginning of STP root bridge election process since all bridges claim to be the root. Link Speed 10 Gbps 1 Gbps 100 Mbps 10 Mbps Cost (Revised IEEE Specification) 2 4 19 100 Cost (Previous IEEE Specification) 1 1 10 100 The root path cost is used to elect root port and we will discuss in the next part. In the above example. although switches cannot send data traffic but can still receive BPDUs. Other switch ports on the segment typically become nondesignated ports and are blocked. if we suppose the upper link (between two fa0/0 interfaces) are 10Mbps and the lower link (between two fa0/1 interfaces) is 100Mbps link then fa0/1 of SwA will become root port as it has lower cost than fa0/0 (cost 19 < cost 100). In blocking state. 3. Therefore interface fa0/0 of SwA will become nondesignated port (blocking state). Every non-root bridge must have a root port. . will be discussed later. which means it is the port that receiving the lowest-cost BPDU from the root. Select one designated port on each network segment STP selects one designated port per segment to forward traffic. All root ports are placed in forwarding state. 2. Select one root port per nonroot bridge Root port is the port that is closest to the root bridge. * The Port ID: The transmitting switch port ID.

The ports then stabilize to the forwarding or blocking state. Cisco has a good flash to demonstrate it so please watch it at http://www. BPDU data is still received in blocking state but discards frames. Convergence in STP occurs when all ports on bridges and switches have transitioned to either forwarding or blocking states.Now the network reaches a state called convergence.1D STP (which is rather slow) but the timers can be adjusted. * Listening – The switch processes BPDUs and awaits possible new information that would cause it to return to the blocking state. does not learn MAC address. discards frames and MAC address. Fast convergence is very desirable in large networks. every switch in the network goes through the blocking state and the transitory states of listening and learning. The normal convergence time is 50 seconds for 802. Now let’s consider how BPDU are sent when there are 3 switches in the network.swf The spanning tree algorithm provides the following benefits: * Eliminates bridging loops * Provides redundant paths between devices * Enables dynamic role configuration * Recovers automatically from a topology change or device failure * Identifies the optimal path between any two network devices STP switch port states: When STP is enabled. .cisco. No data is forwarded until convergence is complete so the time for convergence when network topology changes is very important.com/warp/public/473/spanning_tree1. * Blocking – no user data is sent or received but it may go into forwarding mode if the other links in use fail and the spanning tree algorithm determines the port may transition to the forwarding state.

it is then placed in forwarding state.How long any bridge should wait. Next it continues waiting for more Forward Delay seconds. A port stays in listening state and then learning state for the number of seconds defined by the forward delay. learns MAC address. If no BPDU is received.* Learning – receives and transmits BPDUs and learns MAC addresses but does not yet forward frames. before trying to change the STP topology. receives and transmits BPDUs. Below is a quick summary of STP states: State Can forward data? No No Learn MAC? No No Timer Transitory or Stable State? Stable Transitory Blocking Listening Max Age (20 sec) Forward Delay (15 sec) Forward Delay Learning Forwarding No Yes Yes Yes Transitory Stable * MaxAge . after beginning to not hear hellos. SwA must wait for Max Age seconds before it begins to transition fa0/0 interface from blocking to listening state. . When the lower link is broken. and 15 seconds create STP’s relatively slow convergence. 15. In listening state it must wait for the Forward Delay seconds to move to the Learning state. Usually this is a multiple of the hello time. This timer is covered in more depth shortly. the default is 20 seconds. Now let’s take an example using the same network as above but we suppose that the bottom 100Mbps connection is broken. * Forward Delay – Delay that affects the time involved when an interface changes from blocking state to forwarding state. These three waiting periods of (by default) 20. * Forwarding – receives and sends data. normal operation.

The backup port applies only when a single switch has two links to the same segment (collision domain). This path is different than using the root port. a network administrator can manually disable a port Now let’s see an example of three switches below: . So if you are not sure about STP. To have two links to the same collision domain. Rapid Spanning Tree Protocol (RSTP) One big disadvantage of STP is the low convergence which is very important in switched network. To overcome this problem. While STP can take 30 to 50 seconds to transit from a blocking state to a forwarding state. * Backup port – A backup/redundant path to a segment where another bridge port already connects.Rapid Spanning Tree Protocol RSTP Tutorial Note: Before reading this article you should understand how STP works. RSTP works by adding an alternative port and a backup port compared to STP. RSTP bridge port roles: * Root port – A forwarding port that is the closest to the root bridge in terms of path cost * Designated port – A forwarding port for every LAN segment * Alternate port – A best alternate path to the root bridge. in 2001. the switch must be attached to a hub. please read my article about Spanning Tree Protocol tutorial first. * Disabled port – Not strictly part of STP. RSTP is typically able to respond less than 10 seconds of a physical link failure. which significantly reduces the convergence time after a topology change occurs in the network. The alternative port moves to the forwarding state if there is a failure on the designated port for the segment. the IEEE with document 802. These ports are allowed to immediately enter the forwarding state rather than passively wait for the network to converge.1w introduced an evolution of the Spanning Tree Protocol: Rapid Spanning Tree Protocol (RSTP).

Suppose all the switches have the same bridge priority so the switch with lowest MAC address will become root bridge -> Sw1 is the root bridge and therefore all of its ports will be Designated ports (forwarding). On the segment between Sw2 and Sw3. because Sw2 has lower MAC than Sw3 so it will advertise better BPDU on this segment -> fa0/1 of Sw2 will be Designated port and fa0/1 of Sw3 will be Alternative port. . Two ports fa0/0 on Sw2 & Sw3 are closest to the root bridge (in terms of path cost) so they will become root ports.

But how does Sw2 select its Designated and Backup port? The decision process involves the following parameters inside the BPDU: * Lowest path cost to the Root * Lowest Sender Bridge ID (BID) * Lowest Port ID Well. both fa0/2 & fa0/3 of Sw2 has the same “path cost to the root” and “sender bridge ID” so the third parameter “lowest port ID” will be used. The other port will be Backup port according to the definition of Backup port above. . Sw2 will select fa0/2 as its Designated port.Now for the two ports connecting to the hub. Because fa0/2 is inferior to fa0/3. we know that there will have only one Designated port for each segment (notice that the two ports fa0/2 & fa0/3 of Sw2 are on the same segment as they are connected to a hub).

STP State (802. * Discarding – the port does not forward frames. RSTP Port States: There are only three port states left in RSTP that correspond to the three possible operational states. learns MAC address. blocking.1d) Blocking Listening Learning Forwarding Disabled RSTP State (802. normal operation.1w discarding state. receives and transmits BPDUs (same as STP). * Forwarding – receives and sends data. or learn MAC addresses – but it does listen for BPDUs (like the STP blocking state) * Learning – receives and transmits BPDUs and learns MAC addresses but does not yet forward frames (same as STP). and listening states are merged into the 802.1D disabled. process received frames.Note: Alternative Port and Backup Port are in discarding state.1w) Discarding Discarding Learning Forwarding Discarding . The 802.

* RSTP defines five port roles: root. .1D STP when topology changes occur. and disabled. learning. RSTP converges with all ports either in forwarding state or discarding state. alternate. designated. RSTP Quick Summary: RSTP provides faster convergence than 802. backup. * RSTP defines three port states: discarding.Although the learning state is also used in RSTP but it only takes place for a short time as compared to STP. and forwarding.