Understanding and Configuring VLAN Trunk

Protocol (VTP)
Document ID: 10558

Interactive: This document offers customized analysis of your Cisco

device.

This document contains Flash animation.

Introduction
Prerequisites
Requirements
Components Used
Conventions
Understand VTP
Flash Animation: VTP
VTP Messages in Detail
Other VTP Options
VTP V2
VTP Password
VTP Pruning
Use VTP in a Network
VTP Configuration Guidelines
VTP Configuration on Catalyst Switches
Catalyst 6500/6000 Series Cisco IOS Software/Catalyst 4500/4000 Cisco IOS Software
(Supervisor Engine III/Supervisor Engine IV), Catalyst 2950, 3550, and 3750 Series Switches
Catalyst 4500/4000, 5500/5000, or 6500/6000 Series CatOS
Catalyst 2900XL, 3500XL, 2950, and 3550
Catalyst Express 500 Series Switches
Practical Examples
VTP Troubleshooting and Caveats
Unable to See VLAN Details in the show run Command Output
Catalyst Switches Do Not Exchange VTP Information
Catalyst Switch Automatically Changes VTP Mode from Client to Transparent
Data Traffic Blocked between VTP Domains
CatOS Switch Changes to VTP Transparent Mode,
VTP−4−UNSUPPORTEDCFGRCVD:
How a Recently Inserted Switch Can Cause Network Problems
Reset the Configuration Revision number
All Ports Inactive After Power Cycle
Trunk Down, Which Causes VTP Problems
VTP and STP (Logical Spanning Tree Port)
The Case of VLAN 1
Troubleshoot VTP Configuration Revision Number Errors That Are Seen in the show vtp
statistics Command Output
Troubleshoot VTP Configuration Digest Errors That Are Seen in the show vtp statistics
Command Output
Unable to Change the VTP Mode of a Switch from Server / Transparent

Cisco − Understanding and Configuring VLAN Trunk Protocol (VTP)

 Conclusion
NetPro Discussion Forums − Featured Conversations
Related Information

Introduction
VLAN Trunk Protocol (VTP) reduces administration in a switched network. When you configure a new
VLAN on one VTP server, the VLAN is distributed through all switches in the domain. This reduces the need
to configure the same VLAN everywhere. VTP is a Cisco−proprietary protocol that is available on most of the
Cisco Catalyst series products.

Note: This document does not cover VTP Version 3. VTP Version 3 differs from VTP Version 1 (V1) and
Version 2 (V2), and it is only available on Catalyst OS (CatOS) 8.1(1) or later. VTP Version 3 incorporates
many changes from VTP V1 and V2. Make certain that you understand the differences between VTP Version
3 and prior versions before you alter your network configuration. Refer to one of these sections of the
document Configuring VTP for more information:

• Understanding How VTP Version 3 Works

• Interaction with VTP Version 1 and VTP Version 2 (VTP Version 3)

Prerequisites
Requirements
There are no specific requirements for this document.

Components Used
This document is not restricted to specific software or hardware versions.

Conventions
Refer to Cisco Technical Tips Conventions for more information on document conventions.

Understand VTP
Flash Animation: VTP
Refer to the VTP Flash animation , which explains these concepts for VTP V1 and V2:

• Introduction to VTP
• VTP domain and VTP modes
• Common VTP problems and solutions

Note: This document does not cover VTP Version 3. VTP Version 3 differs from VTP V1 and V2 and is only
available on CatOS 8.1(1) or later. Refer to one of these sections of the document Configuring VTP for more
information:

• Understanding How VTP Version 3 Works

Cisco − Understanding and Configuring VLAN Trunk Protocol (VTP)

 • Interaction with VTP Version 1 and VTP Version 2 (VTP Version 3)

VTP Messages in Detail

VTP packets are sent in either Inter−Switch Link (ISL) frames or in IEEE 802.1Q (dot1q) frames. These
packets are sent to the destination MAC address 01−00−0C−CC−CC−CC with a logical link control (LLC)
code of Subnetwork Access Protocol (SNAP) (AAAA) and a type of 2003 (in the SNAP header). This is the
format of a VTP packet that is encapsulated in ISL frames:

Of course, you can have a VTP packet inside 802.1Q frames. In that case, the ISL header and cyclic
redundancy check (CRC) is replaced by dot1q tagging.

Now consider the detail of a VTP packet. The format of the VTP header can vary, based on the type of VTP
message. But, all VTP packets contain these fields in the header:

• VTP protocol version: 1, 2, or 3

• VTP message types:

♦ Summary advertisements
♦ Subset advertisement
♦ Advertisement requests
♦ VTP join messages
• Management domain length
• Management domain name

Configuration Revision Number

The configuration revision number is a 32−bit number that indicates the level of revision for a VTP packet.
Each VTP device tracks the VTP configuration revision number that is assigned to it. Most of the VTP
packets contain the VTP configuration revision number of the sender.

This information is used in order to determine whether the received information is more recent than the
current version. Each time that you make a VLAN change in a VTP device, the configuration revision is
incremented by one. In order to reset the configuration revision of a switch, change the VTP domain name,
and then change the name back to the original name.

Summary Advertisements

By default, Catalyst switches issue summary advertisements in five−minute increments. Summary

advertisements inform adjacent Catalysts of the current VTP domain name and the configuration revision
number.

When the switch receives a summary advertisement packet, the switch compares the VTP domain name to its
own VTP domain name. If the name is different, the switch simply ignores the packet. If the name is the same,

Cisco − Understanding and Configuring VLAN Trunk Protocol (VTP)

the switch then compares the configuration revision to its own revision. If its own configuration revision is
higher or equal, the packet is ignored. If it is lower, an advertisement request is sent.

This list clarifies what the fields means in the summary advertisement packet:

• The Followers field indicates that this packet is followed by a Subset Advertisement packet.
• The Updater Identity is the IP address of the switch that is the last to have incremented the
configuration revision.
• The Update Timestamp is the date and time of the last increment of the configuration revision.
• Message Digest 5 (MD5) carries the VTP password, if MD5 is configured and used to authenticate
the validation of a VTP update.

Subset Advertisements

When you add, delete, or change a VLAN in a Catalyst, the server Catalyst where the changes are made
increments the configuration revision and issues a summary advertisement. One or several subset
advertisements follow the summary advertisement. A subset advertisement contains a list of VLAN
information. If there are several VLANs, more than one subset advertisement can be required in order to
advertise all the VLANs.

Cisco − Understanding and Configuring VLAN Trunk Protocol (VTP)

This formatted example shows that each VLAN information field contains information for a different VLAN.
It is ordered so that lowered−valued ISL VLAN IDs occur first:

Most of the fields in this packet are easy to understand. These are two clarifications:

• CodeThe format for this is 0x02 for subset advertisement.

• Sequence numberThis is the sequence of the packet in the stream of packets that follow a summary
advertisement. The sequence starts with 1.

Advertisement Requests

A switch needs a VTP advertisement request in these situations:

• The switch has been reset.

• The VTP domain name has been changed.
• The switch has received a VTP summary advertisement with a higher configuration revision than its
own.

Upon receipt of an advertisement request, a VTP device sends a summary advertisement. One or more subset
advertisements follow the summary advertisement. This is an example:

Cisco − Understanding and Configuring VLAN Trunk Protocol (VTP)

 • CodeThe format for this is 0x03 for an advertisement request.
• Start−ValueThis is used in cases in which there are several subset advertisements. If the first (n)
subset advertisement has been received and the subsequent one (n+1) has not been received, the
Catalyst only requests advertisements from the (n+1)th one.

Other VTP Options

VTP V2
VTP V2 is not much different than VTP V1. The major difference is that VTP V2 introduces support for
Token Ring VLANs. If you use Token Ring VLANs, you must enable VTP V2. Otherwise, there is no reason
to use VTP V2.

VTP Password
If you configure a password for VTP, you must configure the password on all switches in the VTP domain.
And the password must be the same password on all those switches. The VTP password that you configure is
translated by algorithm into a 16−byte word (MD5 value) that is carried in all summary−advertisement VTP
packets.

VTP Pruning
VTP ensures that all switches in the VTP domain are aware of all VLANs. But, there are occasions when VTP
can create unnecessary traffic. All unknown unicasts and broadcasts in a VLAN are flooded over the entire
VLAN. All switches in the network receive all broadcasts, even in situations in which few users are connected
in that VLAN. VTP pruning is a feature that you use in order to eliminate or prune this unnecessary traffic.

Use VTP in a Network

By default, all switches are configured to be VTP servers. This configuration is suitable for small−scale
networks in which the size of the VLAN information is small and the information is easily stored in all
switches (in NVRAM). In a large network, the network administrator must make a judgment call at some
point, when the NVRAM storage that is necessary is wasteful because it is duplicated on every switch. At this
point, the network administrator must choose a few well−equipped switches and keep them as VTP servers.
Everything else that participates in VTP can be turned into a client. The number of VTP servers should be
chosen in order to provide the degree of redundancy that is desired in the network.

Notes:

Cisco − Understanding and Configuring VLAN Trunk Protocol (VTP)

 • If a switch is configured as a VTP server without a VTP domain name, you cannot configure a VLAN
on the switch.
• If a new Catalyst is attached in the border of two VTP domains, the new Catalyst keeps the domain
name of the first switch that sends it a summary advertisement. The only way to attach this switch to
another VTP domain is to manually set a different VTP domain name.
• Dynamic Trunking Protocol (DTP) sends the VTP domain name in a DTP packet. Therefore, if you
have two ends of a link that belong to different VTP domains, the trunk does not come up if you use
DTP. In this special case, you must configure the trunk mode as on or nonegotiate, on both sides,
in order to allow the trunk to come up without DTP negotiation agreement.
• If the domain has a single VTP server and it crashes, the best and easiest way to restore the operation
is to change any of the VTP clients in that domain to a VTP server. The configuration revision is still
the same in the rest of the clients, even if the server crashes. Therefore, VTP works properly in the
domain.

VTP Configuration Guidelines

This section provides some guidelines for the configuration of VTP in the network.

• All switches have the same the VTP domain name, unless the network design insists for different
VTP domains.

Note: Trunk negotiation does not work across VTP domains. See the Data Traffic Blocked between
VTP Domains section for more information.
• All switches in a VTP domain must run the same VTP version.
• All switches in a VTP domain has the same VTP password, if there is any.
• All VTP Server switch(es) should have the same configuration revision number and it should also be
the highest in the domain.
• When you move a VTP mode of a switch from Transparent to Server, VLANs configured on the VTP
Transparent switch should exist on the Server switch.

VTP Configuration on Catalyst Switches

This section provides some basic commands in order to configure VTP on the most commonly used Catalyst
switches.

Note: The Catalyst 2948G−L3 and Catalyst 4908G−L3 Layer 3 (L3) switches do not support several Layer 2
(L2)−oriented protocols that are found on other Catalyst switches. Such protocols include VTP, DTP, and Port
Aggregation Protocol (PAgP).

Catalyst 6500/6000 Series Cisco IOS Software/Catalyst 4500/4000 Cisco

IOS Software (Supervisor Engine III/Supervisor Engine IV), Catalyst 2950,
3550, and 3750 Series Switches
There are two methods that you can use in order to configure VTP, as this section shows. Method 2 (the
global configuration mode method) is not available in earlier software on Catalyst 6500 series switches that
run Cisco IOS® Software.

1. In VLAN database mode:

In Cisco IOS Software, you can configure the VTP domain name, the VTP mode, and the VLANs in

Cisco − Understanding and Configuring VLAN Trunk Protocol (VTP)

 VLAN configuration mode.

a. In EXEC mode, issue this command in order to enter VLAN configuration mode:

Router#vlan database

!−−− Issue this command in privileged EXEC mode,

!−−− not in global configuration mode.

Router(vlan)#

!−−− This is VLAN configuration mode.

b. Issue this command in order to set the VTP domain name:

Router(vlan)#vtp mode {client | server | transparent}

c. Issue the exit command in order to exit VLAN configuration mode.

Note: The end command and the Ctrl−Z command do not work in this mode.

Router(vlan)#end

Router(vlan)#^Z

% Invalid input detected at '^' marker.

Router(vlan)#

Router(vlan)#exit

APPLY completed.
Exiting....
Router#
2. In global configuration mode:

In Cisco IOS Software global configuration mode, you can configure all VTP parameters with Cisco
IOS Software commands. This is the command format:

Router(config)#vtp ?

domain Set the name of the VTP administrative domain.

file Configure IFS filesystem file where VTP configuration is stored.
interface Configure interface as the preferred source for the VTP IP updater
address.
mode Configure VTP device mode
password Set the password for the VTP administrative domain
pruning Set the administrative domain to permit pruning
version Set the administrative domain to VTP version

In order to monitor VTP operation and status, issue these commands:

Router#show vtp status

Router#show vtp counters

Catalyst 4500/4000, 5500/5000, or 6500/6000 Series CatOS

Issue this command in order to set the domain name:

Cisco − Understanding and Configuring VLAN Trunk Protocol (VTP)

 set vtp domain name

Issue this command in order to set the mode:

set vtp mode [server | client | transparent]

Issue these commands in order to monitor the VTP operation and status:

show vtp domain

show vtp status

Catalyst 2900XL, 3500XL, 2950, and 3550

Issue these commands from the VLAN database mode:

Note: This is similar to the method for Cisco 6500 series switches that run Cisco IOS Software.

vtp [client | server | transparent]

vtp domain name

From enable mode, issue these commands in order to monitor VTP operation:

show vtp counters

show vtp status

Note: The Catalyst 2900XL series switches with Cisco IOS Software Release 11.2(8)SA4 and later support
VTP protocol. The Cisco IOS Software Release 11.2(8)SA3 and earlier code do not support VTP protocol on
Catalyst 2900XL series switches.

Catalyst Express 500 Series Switches

Catalyst Express 500 series switches support only VTP transparent mode. There is currently no support for
VTP client or VTP server mode. The user must manually configure all VLANs that is used on the switch.

Open the Switch Management, choose Configure > VLAN > Create, and fill out the available fields in
order to configure a VLAN on a Catalyst Express 500 series switch. Refer to the Create, Modify, and Delete
VLANs section of Customization for more information.

Practical Examples
This first example involves two Catalyst 4000 switches that are connected by a Fast Ethernet link:

1. Bing is a new switch that has no VTP domain name and no VLAN. Clic is a switch that currently
exists and runs with 12 VLANs in the VTP domain test.
2. In this sample output from the show vtp domain command, you can see that the VTP version is set at
2. This means that the switch is VTP V2−capable. But the switch does not run VTP V2 in this case.
The switch only runs VTP V2 if the V2 mode is enabled with the set vtp v2 enable command:

bing (enable) show vtp domain

Domain Name Domain Index VTP Version Local Mode Password

−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−− −−−−−−−−−−−− −−−−−−−−−−− −−−−−−−−−−− −−−−−−−−−−

Cisco − Understanding and Configuring VLAN Trunk Protocol (VTP)

 1 2 server −

Vlan−count Max−vlan−storage Config Revision Notifications

−−−−−−−−−− −−−−−−−−−−−−−−−− −−−−−−−−−−−−−−− −−−−−−−−−−−−−
5 1023 0 disabled

Last Updater V2 Mode Pruning PruneEligible on Vlans

−−−−−−−−−−−−−−− −−−−−−−− −−−−−−−− −−−−−−−−−−−−−−−−−−−−−−−−−
0.0.0.0 disabled disabled 2−1000
bing (enable)

bing (enable) show vlan

VLAN Name Status IfIndex Mod/Ports, Vlans

−−−− −−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−− −−−−−−−−− −−−−−−− −−−−−−−−−−−−−−−−−−−−−−−−
1 default active 67 2/1−2,2/4−48
3/1−6
1002 fddi−default active 68
1003 token−ring−default active 71
1004 fddinet−default active 69
1005 trnet−default active 70

clic (enable) show vtp domain

Domain Name Domain Index VTP Version Local Mode Password

−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−− −−−−−−−−−−−− −−−−−−−−−−− −−−−−−−−−−− −−−−−−−−−−
test 1 2 server −

Vlan−count Max−vlan−storage Config Revision Notifications

−−−−−−−−−− −−−−−−−−−−−−−−−− −−−−−−−−−−−−−−− −−−−−−−−−−−−−
12 1023 11 disabled

Last Updater V2 Mode Pruning PruneEligible on Vlans

−−−−−−−−−−−−−−− −−−−−−−− −−−−−−−− −−−−−−−−−−−−−−−−−−−−−−−−−
0.0.0.0 disabled disabled 2−1000

clic (enable) show vlan

VLAN Name Status IfIndex Mod/Ports, Vlans

−−−− −−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−− −−−−−−−−− −−−−−−− −−−−−−−−−−−−−−−−−−−−−−−−
1 default active 65 2/1−2,2/4−50
2 VLAN0002 active 77
3 VLAN0003 active 78 2/3
4 VLAN0004 active 79
5 VLAN0005 active 73
6 VLAN0006 active 74
7 VLAN0007 active 76
10 VLAN0010 active 80
1002 fddi−default active 66
1003 token−ring−default active 69
1004 fddinet−default active 67
1005 trnet−default active 68 68
3. At this stage, a trunk is created between the two switches. Notice how they synchronize and watch the
VTP packet exchange:

MAC 005014BB63FD is clic

MAC 003019798CFD is bing

4. Clic sends a summary advertisement to bing. Bing learns the VTP domain name from this packet, in
FRAME 1 in this sample output:

!−−− On bing:

Cisco − Understanding and Configuring VLAN Trunk Protocol (VTP)

 received vtp packet: mNo = 2 pNo = 1
VTP: i summary, domain = test, rev = 11, followers = 0

!−−− This indicates that bing has received its

!−−− first summary advertisement.

domain change notification sent

VTP: transitioning from null to test domain

!−−− This is where bing gets the VTP domain name.

VTP: summary packet rev 11 greater than domain test rev 0

VTP: domain test currently not in updating state
VTP: summary packet with followers field zero

−−−−−−−−−−−−−−−−−−FRAME 1−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−
DLC: −−−−− DLC Header −−−−−
DLC:
DLC: Frame 1988 arrived at 15:01:00.1223; frame size is 99 (0063 hex) bytes.
DLC: Destination = Multicast 01000CCCCCCC
DLC: Source = Station 005014BB63FD
DLC: 802.3 length = 85
DLC:
LLC: −−−−− LLC Header −−−−−
LLC:
LLC: DSAP Address = AA, DSAP IG Bit = 00 (Individual Address)
LLC: SSAP Address = AA, SSAP CR Bit = 00 (Command)
LLC: Unnumbered frame: UI
LLC:
SNAP: −−−−− SNAP Header −−−−−
SNAP:
SNAP: Vendor ID = Cisco1
SNAP: Type = 2003 (VTP)
SNAP:
VTP: −−−−− Cisco Virtual Trunk Protocol (VTP) Packet −−−−−
VTP:
VTP: Version = 1
VTP: Message type = 0x01 (Summary−Advert)
VTP: Number of Subset−Advert messages = 0
VTP: Length of management domain name = 4
VTP: Management domain name = "test"
VTP: Number of Padding bytes = 28
VTP: Configuration revision number = 0x0000000b
VTP: Updater Identity IP address = 0.0.0.0
VTP: Update Timestamp = "930525053753"
VTP: MD5 Digest value = 0x857610862F3015F0
VTP: 0x220A52427247A7A0
−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−
5. With trace set, bing receives a summary advertisement with no followers. Therefore, bing updates its
domain name and sends advertisement requests to obtain the VLAN information, in FRAME 2 in this
sample output:

!−−− On bing:

VTP: tx vtp request, domain test, start value 0

!−−− This is where the advertisement request is sent.

−−−−−−−−−−−−−−−−−−−−−−FRAME 2−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−
DLC: −−−−− DLC Header −−−−−
DLC:

Cisco − Understanding and Configuring VLAN Trunk Protocol (VTP)

 DLC: Frame 1683 arrived at 17:38:55.9383; frame size is 60 (003C hex) bytes.
DLC: Destination = Multicast 01000CCCCCCC
DLC: Source = Station 003019798CFD
DLC: 802.3 length = 46
DLC:
LLC: −−−−− LLC Header −−−−−
LLC:
LLC: DSAP Address = AA, DSAP IG Bit = 00 (Individual Address)
LLC: SSAP Address = AA, SSAP CR Bit = 00 (Command)
LLC: Unnumbered frame: UI
LLC:
SNAP: −−−−− SNAP Header −−−−−
SNAP:
SNAP: Vendor ID = Cisco1
SNAP: Type = 2003 (VTP)
SNAP:
VTP: −−−−− Cisco Virtual Trunk Protocol (VTP) Packet −−−−−
VTP:
VTP: Version = 1
VTP: Message type = 0x03 (Advert−Request)
VTP: Reserved
VTP: Length of management domain name = 4
VTP: Management domain name = "test"
VTP: Padding bytes = 28
VTP: Start value = 0 (all VLANs)
−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−
6. Clic sends another summary advertisement with field followers to VLAN 1. The subset advertisement
that contains all VLANs, in FRAME 3 in this output, follows this packet. Then bing configures all the
VLANs:

!−−− On bing:

received vtp packet: mNo = 2 pNo = 1

VTP: i summary, domain = test, rev = 11, followers = 1

!−−− Bing has received its second summary advertisement.

VTP: domain test, current rev = 0 found for summary pkt

VTP: summary packet rev 11 greater than domain test rev 0

!−−− This configuration revision is higher than that on bing.

VTP: domain test currently not in updating state

received vtp packet: mNo = 2 pNo = 1
VTP: i subset, domain = test, rev = 11, seq = 1, length = 344

!−−− Bing has received its subset advertisement.

VTP: domain test, current rev = 0 found for subset pkt

domain change notification sent
vlan 1 unknown tlv change notification sent
vlan 2 unknown tlv change notification sent
vtp_vlan_change_notification: vlan = 2, mode = 1
(ADD,ACTIVE), mNo = 2 pNo = 1 vlan = 2
vlan 3 unknown tlv change notification sent
vtp_vlan_change_notification: vlan = 3, mode = 1
(ADD,ACTIVE), mNo = 2 pNo = 1 vlan = 3
vlan 4 unknown tlv change notification sent
vtp_vlan_change_notification: vlan = 4, mode = 1
(ADD,ACTIVE), mNo = 2 pNo = 1 vlan = 4
vlan 5 unknown tlv change notification sent
vtp_vlan_change_notification: vlan = 5, mode = 1

Cisco − Understanding and Configuring VLAN Trunk Protocol (VTP)

 (ADD,ACTIVE), mNo = 2 pNo = 1 vlan = 5
vlan 6 unknown tlv change notification sent
vtp_vlan_change_notification: vlan = 6, mode = 1
(ADD,ACTIVE), mNo = 2 pNo = 1 vlan = 6
vlan 7 unknown tlv change notification sent
vtp_vlan_change_notification: vlan = 7, mode = 1
(ADD,ACTIVE), mNo = 2 pNo = 1 vlan = 7

−−−−−−−−−−−−−−−−−FRAME 3−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−
DLC: −−−−− DLC Header −−−−−
DLC:
DLC: Frame 2008 arrived at 15:01:03.9661; frame size is 99 (0063 hex) bytes.
DLC: Destination = Multicast 01000CCCCCCC
DLC: Source = Station 003019798CFD
DLC: 802.3 length = 85
DLC:
LLC: −−−−− LLC Header −−−−−
LLC:
LLC: DSAP Address = AA, DSAP IG Bit = 00 (Individual Address)
LLC: SSAP Address = AA, SSAP CR Bit = 00 (Command)
LLC: Unnumbered frame: UI
LLC:
SNAP: −−−−− SNAP Header −−−−−
SNAP:
SNAP: Vendor ID = Cisco1
SNAP: Type = 2003 (VTP)
SNAP:
VTP: −−−−− Cisco Virtual Trunk Protocol (VTP) Packet −−−−−
VTP:
VTP: Version = 1
VTP: Message type = 0x01 (Summary−Advert)
VTP: Number of Subset−Advert messages = 1

!−−− Here are the numbers.

VTP: Length of management domain name = 4

VTP: Management domain name = "test"
VTP: Number of Padding bytes = 28
VTP: Configuration revision number = 0x0000000b
VTP: Updater Identity IP address = 0.0.0.0
VTP: Update Timestamp = "930525053753"
VTP: MD5 Digest value = 0x857610862F3015F0
VTP: 0x220A52427247A7A0

DLC: −−−−− DLC Header −−−−−

DLC:
DLC: Frame 2009 arrived at 15:01:03.9664; frame size is 366 (016E hex) bytes
DLC: Destination = Multicast 01000CCCCCCC
DLC: Source = Station 003019798CFD
DLC: 802.3 length = 352
DLC:
LLC: −−−−− LLC Header −−−−−
LLC:
LLC: DSAP Address = AA, DSAP IG Bit = 00 (Individual Address)
LLC: SSAP Address = AA, SSAP CR Bit = 00 (Command)
LLC: Unnumbered frame: UI
LLC:
SNAP: −−−−− SNAP Header −−−−−
SNAP:
SNAP: Vendor ID = Cisco1
SNAP: Type = 2003 (VTP)
SNAP:
VTP: −−−−− Cisco Virtual Trunk Protocol (VTP) Packet −−−−−
VTP:

Cisco − Understanding and Configuring VLAN Trunk Protocol (VTP)

 VTP: Version = 1
VTP: Message type = 0x02 (Subset−Advert)
VTP: Sequence number = 1
VTP: Management Domain Name length = 4
VTP: Management Domain Name = "test"
VTP: Number of Padding bytes = 28
VTP: Configuration revision number = 0x0000000b
VTP:
VTP: VLAN Information Field # 1:
VTP: VLAN information field length = 20
VTP: VLAN Status = 00 (Operational)
VTP: VLAN type = 1 (Ethernet)
VTP: Length of VLAN name = 7
VTP: ISL VLAN−id = 1
VTP: MTU size = 1500
VTP: 802.10 SAID field = 100001
VTP: VLAN Name = "default"
VTP: # padding bytes in VLAN Name = 1
VTP:
VTP: VLAN Information Field # 2:
VTP: VLAN information field length = 20
VTP: VLAN Status = 00 (Operational)
VTP: VLAN type = 1 (Ethernet)
VTP: Length of VLAN name = 8
VTP: ISL VLAN−id = 2
VTP: MTU size = 1500
VTP: 802.10 SAID field = 100002
VTP: VLAN Name = "VLAN0002"
VTP: # padding bytes in VLAN Name = 0
VTP:
VTP: VLAN Information Field # 3:
VTP: VLAN information field length = 20
VTP: VLAN Status = 00 (Operational)
VTP: VLAN type = 1 (Ethernet)
VTP: Length of VLAN name = 8
VTP: ISL VLAN−id = 3
VTP: MTU size = 1500
VTP: 802.10 SAID field = 100003
VTP: VLAN Name = "VLAN0003"
VTP: # padding bytes in VLAN Name = 0
VTP:
VTP: VLAN Information Field # 4:
VTP: VLAN information field length = 20
VTP: VLAN Status = 00 (Operational)
VTP: VLAN type = 1 (Ethernet)
VTP: Length of VLAN name = 8
VTP: ISL VLAN−id = 4
VTP: MTU size = 1500
VTP: 802.10 SAID field = 100004
VTP: VLAN Name = "VLAN0004"
VTP: # padding bytes in VLAN Name = 0
VTP:
VTP: VLAN Information Field # 5:
VTP: VLAN information field length = 20
VTP: VLAN Status = 00 (Operational)
VTP: VLAN type = 1 (Ethernet)
VTP: Length of VLAN name = 8
VTP: ISL VLAN−id = 5
VTP: MTU size = 1500
VTP: 802.10 SAID field = 100005
VTP: VLAN Name = "VLAN0005"
VTP: # padding bytes in VLAN Name = 0
VTP:
VTP: VLAN Information Field # 6:

Cisco − Understanding and Configuring VLAN Trunk Protocol (VTP)

 VTP: VLAN information field length = 20
VTP: VLAN Status = 00 (Operational)
VTP: VLAN type = 1 (Ethernet)
VTP: Length of VLAN name = 8
VTP: ISL VLAN−id = 6
VTP: MTU size = 1500
VTP: 802.10 SAID field = 100006
VTP: VLAN Name = "VLAN0006"
VTP: # padding bytes in VLAN Name = 0
VTP:
VTP: VLAN Information Field # 7:
VTP: VLAN information field length = 20
VTP: VLAN Status = 00 (Operational)
VTP: VLAN type = 1 (Ethernet)
VTP: Length of VLAN name = 8
VTP: ISL VLAN−id = 7
VTP: MTU size = 1500
VTP: 802.10 SAID field = 100007
VTP: VLAN Name = "VLAN0007"
VTP: # padding bytes in VLAN Name = 0
VTP:
VTP: VLAN Information Field # 8:
VTP: VLAN information field length = 20
VTP: VLAN Status = 00 (Operational)
VTP: VLAN type = 1 (Ethernet)
VTP: Length of VLAN name = 8
VTP: ISL VLAN−id = 10
VTP: MTU size = 1500
VTP: 802.10 SAID field = 100010
VTP: VLAN Name = "VLAN0010"
VTP: # padding bytes in VLAN Name = 0
VTP:
VTP: VLAN Information Field # 9:
VTP: VLAN information field length = 32
VTP: VLAN Status = 00 (Operational)
VTP: VLAN type = 2 (FDDI)
VTP: Length of VLAN name = 12
VTP: ISL VLAN−id = 1002
VTP: MTU size = 1500
VTP: 802.10 SAID field = 101002
VTP: VLAN Name = "fddi−default"
VTP: # padding bytes in VLAN Name = 0
VTP: Reserved 8 bytes
VTP:
VTP: VLAN Information Field # 10:
VTP: VLAN information field length = 40
VTP: VLAN Status = 00 (Operational)
VTP: VLAN type = 3 (Token−Ring)
VTP: Length of VLAN name = 18
VTP: ISL VLAN−id = 1003
VTP: MTU size = 1500
VTP: 802.10 SAID field = 101003
VTP: VLAN Name = "token−ring−default"
VTP: # padding bytes in VLAN Name = 2
VTP: Reserved 8 bytes
VTP:
VTP: VLAN Information Field # 11:
VTP: VLAN information field length = 36
VTP: VLAN Status = 00 (Operational)
VTP: VLAN type = 4 (FDDI−Net)
VTP: Length of VLAN name = 15
VTP: ISL VLAN−id = 1004
VTP: MTU size = 1500
VTP: 802.10 SAID field = 101004

Cisco − Understanding and Configuring VLAN Trunk Protocol (VTP)

 VTP: VLAN Name = "fddinet−default"
VTP: # padding bytes in VLAN Name = 1
VTP: Reserved 8 bytes
VTP:
VTP: VLAN Information Field # 12:
VTP: VLAN information field length = 36
VTP: VLAN Status = 00 (Operational)
VTP: VLAN type = 5 (TR−Net)
VTP: Length of VLAN name = 13
VTP: ISL VLAN−id = 1005
VTP: MTU size = 1500
VTP: 802.10 SAID field = 101005
VTP: VLAN Name = "trnet−default"
VTP: # padding bytes in VLAN Name = 3
VTP: Reserved 8 bytes
−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−
7. At this point, both switches are synchronized:

bing (enable) show vtp domain

Domain Name Domain Index VTP Version Local Mode Password

−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−− −−−−−−−−−−−− −−−−−−−−−−− −−−−−−−−−−− −−−−−−−−−−
test 1 2 server −

Vlan−count Max−vlan−storage Config Revision Notifications

−−−−−−−−−− −−−−−−−−−−−−−−−− −−−−−−−−−−−−−−− −−−−−−−−−−−−−
12 1023 11 disabled

Last Updater V2 Mode Pruning PruneEligible on Vlans

−−−−−−−−−−−−−−− −−−−−−−− −−−−−−−− −−−−−−−−−−−−−−−−−−−−−−−−−
0.0.0.0 disabled disabled 2−1000

bing (enable) show vlan

VLAN Name Status IfIndex Mod/Ports, Vlans

−−−− −−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−− −−−−−−−−− −−−−−−− −−−−−−−−−−−−−−−−−−−−−−−−
1 default active 127 2/2−48
3/1−6
2 VLAN0002 active 132
3 VLAN0003 active 133
4 VLAN0004 active 134
5 VLAN0005 active 135
6 VLAN0006 active 136
7 VLAN0007 active 137
10 VLAN0010 active 138
1002 fddi−default active 128
1003 token−ring−default active 131
1004 fddinet−default active 129
1005 trnet−default active 130

This example shows how to verify the VTP configuration on a Catalyst 6000 that runs Cisco IOS
Software:

Router#show vtp status

VTP Version: 2
Configuration Revision: 247
Maximum VLANs supported locally: 1005
Number of existing VLANs: 33
VTP Operating Mode: Client
VTP Domain Name: Lab_Network
VTP Pruning Mode: Enabled
VTP V2 Mode: Disabled

Cisco − Understanding and Configuring VLAN Trunk Protocol (VTP)

 VTP Traps Generation: Disabled
MD5 digest: 0x45 0x52 0xB6 0xFD 0x63 0xC8 0x49 0x80
Configuration last modified by 0.0.0.0 at 8−12−99 15:04:49
Router#

This example shows how to display VTP statistics on a Catalyst 6000 that runs Cisco IOS Software:

Router#show vtp counters

VTP statistics:
Summary advertisements received: 7
Subset advertisements received: 5
Request advertisements received: 0
Summary advertisements transmitted: 997
Subset advertisements transmitted: 13
Request advertisements transmitted: 3
Number of config revision errors: 0
Number of config digest errors: 0
Number of V1 summary errors: 0
VTP pruning statistics:

Trunk Join Transmitted Join ReceivedSummary advts received

from on−pruning−capable device
−−−−−−−−−−−−−−−− −−−−−−−−−−−−−−−− −−−−−−−−−−−−−−−− −−−−−−−−−−−−−−−−−−−−−−−−−−−
Fa5/8 43071 42766 5

VTP Troubleshooting and Caveats

This section discusses some common troubleshooting situations for VTP.

Unable to See VLAN Details in the show run Command Output

Configuration changes in CatOS are written to NVRAM immediately after a change is made. In contrast,
Cisco IOS Software does not save configuration changes to NVRAM unless you issue the copy
running−config startup−config command. VTP client and server systems require VTP updates from other
VTP servers to be immediately saved in NVRAM without user intervention. The VTP update requirements
are met by the default CatOS operation, but the Cisco IOS update model requires an alternative update
operation.

For this alteration, a VLAN database was introduced into Cisco IOS Software as a method to immediately
save VTP updates for VTP clients and servers. In some versions of software, this VLAN database is in the
form of a separate file in NVRAM, called the vlan.dat file. You can view VTP/VLAN information that is
stored in the vlan.dat file for the VTP client or VTP server if you issue the show vtp status command.

VTP server/client mode switches do not save the entire VTP/VLAN configuration to the startup config file in
the NVRAM when you issue the copy running−config startup−config command on these systems. It saves
the configuration in the vlan.dat file. This does not apply to systems that run as VTP transparent. VTP
transparent systems save the entire VTP/VLAN configuration to the startup config file in NVRAM when you
issue the copy running−config startup−config command. For example, if you delete vlan.dat file after the
configuration of the VTP in Server or Client mode and reload the switch, it resets the VTP configuration to
default settings. But if you configure VTP in transparent mode, delete the vlan.dat and reload the switch, it
retains the VTP configuration. This is an example of default VTP configuration.

Switch#show vtp status

VTP Version : 2
Configuration Revision : 0

Cisco − Understanding and Configuring VLAN Trunk Protocol (VTP)

 Maximum VLANs supported locally : 1005
Number of existing VLANs : 5
VTP Operating Mode : Client
VTP Domain Name : CISCO
VTP Pruning Mode : Disabled
VTP V2 Mode : Disabled
VTP Traps Generation : Disabled
MD5 digest : 0xD3 0x78 0x41 0xC8 0x35 0x56 0x89 0x97
Configuration last modified by 0.0.0.0 at 0−0−00 00:00:00

You can configure normal−range VLANs (2 through 1000) when the switch is in either VTP server or
transparent mode. But, you can only configure extended−range VLANs (1025 through 4094) in VTP
transparent switches.

• In order to display all the VLAN configurations, the VLAN ID, name, and so forth, that are stored in
the binary file, you must issue the show vlan command.
• You can display the VTP information, the mode, domain, and so forth, with use of the show vtp
status command.
• The VLAN information and the VTP information are not displayed in the show running−config
command output when the switch is in the VTP server/client mode. This is normal behavior of the
switch.

Router#show run | include vlan

vlan internal allocation policy ascending

Router#show run | include vtp

• Switches that are in VTP transparent mode display the VLAN and VTP configurations in the show
running−config command output because this information is also stored in the configuration text file.

Router#show run | include vlan

vlan internal allocation policy ascending
vlan 1
tb−vlan1 1002
tb−vlan2 1003
vlan 20−21,50−51
vlan 1002
tb−vlan1 1
tb−vlan2 1003
vlan 1003
tb−vlan1 1
tb−vlan2 1002
vlan 1004
vlan 1005
Router#show run | include vtp
vtp domain cisco
vtp mode transparent

Catalyst Switches Do Not Exchange VTP Information

VTP allows switches to advertise VLAN information between other members of the same VTP domain. VTP
allows a consistent view of the switched network across all switches. There are several reasons why the
VLAN information can fail to be exchanged.

Verify these items if switches that run VTP fail to exchange VLAN information:

• VTP information only passes through a trunk port. Make sure that all ports that interconnect switches
are configured as trunks and are actually trunking.

Cisco − Understanding and Configuring VLAN Trunk Protocol (VTP)

 • Make sure that the VLANs are active in all the devices.
• One of the switches must be the VTP server in a VTP domain. All VLAN changes must be done on
this switch in order to have them propagated to the VTP clients.
• The VTP domain name must match and it is case sensitive. CISCO and cisco are two different domain
names.
• Make sure that no password is set between the server and client. If any password is set, make sure that
the password is the same on both sides.
• Every switch in the VTP domain must use the same VTP version. VTP V1 and VTP V2 are not
compatible on switches in the same VTP domain. Do not enable VTP V2 unless every switch in the
VTP domain supports V2.

Note: VTP V2 is disabled by default on VTP V2−capable switches. When you enable VTP V2 on a
switch, every VTP V2−capable switch in the VTP domain enables V2. You can only configure the
version on switches in VTP server or transparent mode.
• Switches that operate in transparent mode drop VTP advertisements if they are not in the same VTP
domain. A switch that is in VTP transparent mode and uses VTP V2 propagates all VTP messages,
regardless of the VTP domain that is listed. However, a switch with VTP V1 only propagates VTP
messages that have the same VTP domain as the domain that is configured on the local switch.
• The extended−range VLANs are not propagated. So you must configure extended−range VLANs
manually on each network device.

Note: In the future, the Catalyst 6500 Cisco IOS Software switches support VTP Version 3. This
version is able to transmit extended−range VLANs. So far, VTP Version 3 is only supported on
CatOS. Refer to the Understanding How VTP Version 3 Works section of Configuring VTP for more
information on VTP Version 3.
• The Security Association Identifier (SAID) values must be unique. SAID is a user−configurable,
4−byte VLAN identifier. The SAID identifies traffic that belongs to a particular VLAN. The SAID
also determines to which VLAN each packet is switched. The SAID value is 100,000 plus the VLAN
number. These are two examples:

♦ The SAID for VLAN 8 is 100008.

♦ The SAID for VLAN 4050 is 104050.
• The updates from a VTP server do not get updated on a client if the client already has a higher VTP
revision number. Neither does the client allow these updates to flow to its downstream VTP clients if
the client has a higher revision number than that which the VTP server sends.

Catalyst Switch Automatically Changes VTP Mode from Client to

Transparent
Some Catalyst Layer 2 and Layer 3 fixed configuration switches change the VTP mode automatically from
client to transparent with this error message:

%SW_VLAN−6−VTP_MODE_CHANGE: VLAN manager changing device mode from

CLIENT to TRANSPARENT.

Either of these two reasons can cause the automatic VTP mode change in these switches:

• More VLANs run on the Spanning Tree Protocol (STP) than the switch can support.

Catalyst Layer 2 and Layer 3 fixed configuration switches support a different maximum number of
instances of STP with the use of per−VLAN spanning tree+ (PVST+). For example, the Catalyst 2940
supports four instances of STP in PVST+ mode, while the Catalyst 3750 supports 128 instances of

Cisco − Understanding and Configuring VLAN Trunk Protocol (VTP)

 STP in PVST+ mode. If more than the maximum number of VLANs is defined in the VTP, the
VLANs that remain operate with STP disabled.

If the number of instances of STP that is already in use is greater than the maximum number, you can
disable STP on one of the VLANs and enable it on the VLAN where you want STP to run. Issue the
no spanning−tree vlan vlan−id global configuration command in order to disable STP on a specific
VLAN. Then, issue the spanning−tree vlan vlan−id global configuration command in order to
enable STP on the desired VLAN.

Note: Switches that do not run STP still forward the bridge protocol data units (BPDUs) that they
receive. In this way, the other switches on the VLAN that have a running STP instance can break
loops. Therefore, STP must run on enough switches in order to break all the loops in the network. For
example, at least one switch on each loop in the VLAN must run STP. You do not need to run STP on
all switches in the VLAN. However, if you run STP only on a minimal set of switches, a change to
the network can introduce a loop into the network and can result in a broadcast storm.

Workarounds:

♦ Reduce the number of VLANs that are configured to a number that the switch supports.
♦ Configure the IEEE 802.1s Multiple STP (MSTP) on the switch in order to map multiple
VLANs to a single STP instance.
♦ Use switches and/or images (Enhanced Image [EI]) which support a greater number of
VLANs.
• The switch receives more VLANs from a connected switch than the switch can support.

An automatic VTP mode change also can occur if the switch receives a VLAN configuration database
message that contains more than a set number of VLANs. This normally happens in Catalyst Layer 2
and Layer 3 fixed configuration switches when they are connected to a VTP domain that has more
VLANs than are supported locally.

Workarounds:

♦ Configure the allowed VLAN list on the trunk port of the connected switch in order to restrict
the number of VLANs that are passed to the client switch.
♦ Enable pruning on the VTP server switch.
♦ Use switches and/or images (EI) which support a greater number of VLANs.

Data Traffic Blocked between VTP Domains

Sometimes it is required to connect to switches that belong to two different VTP domains. For example, there
are two switches called Switch1 and Switch2. Switch1 belongs to VTP domain cisco1 and Switch2 belongs to
VTP domain cisco2. When you configure trunk between these two switches with the Dynamic Trunk
Negotiation (DTP), the trunk negotiation fails and the trunk between the switches does not form, because the
Dynamic Trunking Protocol (DTP) sends the VTP domain name in a DTP packet. Because of this, the data
traffic does not pass between the switches.

Switch1#show vtp status

VTP Version : 2
Configuration Revision : 0
Maximum VLANs supported locally : 1005
Number of existing VLANs : 9
VTP Operating Mode : Server
VTP Domain Name : cisco1
VTP Pruning Mode : Disabled

Cisco − Understanding and Configuring VLAN Trunk Protocol (VTP)

 VTP V2 Mode : Disabled
VTP Traps Generation : Disabled

Switch2#show vtp status

VTP Version : 2
Configuration Revision : 2
Maximum VLANs supported locally : 1005
Number of existing VLANs : 42
VTP Operating Mode : Server
VTP Domain Name : cisco2
VTP Pruning Mode : Disabled
VTP V2 Mode : Disabled
VTP Traps Generation : Disabled

Switch1#show interface fastethernet 1/0/23 trunk

Port Mode Encapsulation Status Native vlan

Fa1/0/23 auto 802.1q not−trunking 1

Port Vlans allowed on trunk

Fa1/0/23 1

Port Vlans allowed and active in management domain

Fa1/0/23 1

Port Vlans in spanning tree forwarding state and not pruned

Fa1/0/23 1

It is possible that you can also see this error message. Some of the switches do not show this error message.

4w2d: %DTP−SP−5−DOMAINMISMATCH: Unable to perform trunk negotiation on port Fa3/

3 because of VTP domain mismatch.

The solution for this issue is to manually force the trunking instead in order to rely on the DTP. Configure the
trunk ports between the switches with the switchport mode trunk command.

Switch1(config)#interface fastethernet 1/0/23

switch1(config−if)#switchport mode trunk

Switch2(config)#interface fastethernet 3/3

switch2(config−if)#switchport mode trunk

switch1#show interface fastethernet 1/0/23 trunk

Port Mode Encapsulation Status Native vlan

Fa1/0/23 on 802.1q trunking 1

Port Vlans allowed on trunk

Fa1/0/23 1−4094

Port Vlans allowed and active in management domain

Fa1/0/23 1−5

Port Vlans in spanning tree forwarding state and not pruned

Fa1/0/23 1−5

Cisco − Understanding and Configuring VLAN Trunk Protocol (VTP)

CatOS Switch Changes to VTP Transparent Mode,
VTP−4−UNSUPPORTEDCFGRCVD:
A recent change in CatOS incorporated a protective feature that causes a CatOS switch to go into VTP
transparent mode in order to prevent the possibility of a switch reset because of a watchdog timeout. This
change is documented in these Cisco bug IDs:

• CSCdu32627 ( registered customers only)

• CSCdv77448 ( registered customers only)

How Do I Determine If My Switch Might Be Affected?

The watchdog timeout can occur if these two conditions are met:

• The Token Ring VLAN (1003) is translated to VLAN 1.

• You make a change in VLAN 1.

Issue the show vlan command on the Catalyst in order to observe the Token Ring VLAN translation. This is
an example of show vlan command output:

VLAN Type SAID MTU Parent RingNo BrdgNo Stp BrdgMode Trans1 Trans2
−−−− −−−−− −−−−−−−−−− −−−−− −−−−−− −−−−−− −−−−−− −−−− −−−−−−−− −−−−−− −−−−−−
1 enet 100001 1500 − − − − − 1003

How Does CatOS Version 6.3(3) Protect My Switch from a Watchdog Timeout?

There is a protective feature in order to prevent a watchdog timeout in this CatOS version. The Catalyst
switch switches from VTP server/client to VTP transparent mode.

How Do I Determine If My Switch Has Gone to VTP Transparent Mode in Order to Protect
Against a Watchdog Timeout?

Your switch has gone to VTP transparent mode if the logging level for the VTP is raised to 4.

Console> (enable) set logging level vtp 4 default

You see this message when the switchover occurs:

VTP−4−UNSUPPORTEDCFGRCVD:Rcvd VTP advert with unsupported vlan config on

trunk mod/port− VTP mode changed to transparent

What Are the Negative Effects When the Switch Goes to VTP Transparent Mode?

1. If pruning is enabled, the trunks go down.

2. If the trunks go down and no other ports are in that VLAN, the VLAN interface in the installed
Multilayer Switch Feature Card (MSFC) goes down.

If these effects occur, and this switch is in the core of your network, your network can be negatively affected.

From Where Does the Unsupported VTP Configuration Come?

Any Cisco IOS Software−based switch, such as the switches in this list, can supply the unsupported VTP
configuration:

Cisco − Understanding and Configuring VLAN Trunk Protocol (VTP)

 • A Catalyst 2900/3500XL
• A Cisco IOS Software Catalyst 6500
• A Cisco IOS Software−based Catalyst 4000

These products translate the 1003 VLAN to VLAN 1 by default.

What Is the Solution?

The solution in CatOS−based switches enables the switches to handle this translated information properly.
The solution for the Cisco IOS Software−based switches is to remove this default translation and match the
behavior of the CatOS−based switches. These are the integrated fixed versions that are currently available:

Catalyst Switch
Fixed Releases
5.5(14) and later
CatOS switches
6.3(6) and later

7.2(2) and later

Catalyst 4000 (Supervisor
Engine III)
Catalyst 6500 (Supervisor
Engine Cisco IOS Software)
Catalyst 2900 and 3500XL
Not affected
Cisco IOS Software Release
12.1(8a)EX and later
Cisco IOS Software Release
12.0(5)WC3 and later

If you cannot upgrade to images that have these fixes integrated, you can modify the configuration in the
Cisco IOS Software−based switches. Use this procedure if the switch is a VTP server:

goss#vlan data

goss(vlan)#no vlan 1 tb−vlan1 tb−vlan2

Resetting translation bridge VLAN 1 to default

Resetting translation bridge VLAN 2 to default

goss(vlan)#no vlan 1003 tb−vlan1 tb−vlan2

Resetting translation bridge VLAN 1 to default

Resetting translation bridge VLAN 2 to default

goss(vlan)#apply

APPLY completed.

goss(vlan)#exit

APPLY completed.
Exiting....

The 1002 VLAN can be translated, but you can also remove it if you include this in your configuration:

goss(vlan)#no vlan 1002 tb−vlan1 tb−vlan2

Resetting translation bridge VLAN 1 to default

Cisco − Understanding and Configuring VLAN Trunk Protocol (VTP)

 Resetting translation bridge VLAN 2 to default

When Exactly Does My Switch Change to VTP Transparent Mode?

Some confusion exists about when this switchover to VTP transparent mode occurs. The scenarios in this
section provide examples of when the switchover can happen.

• Example 1

These are the initial conditions:

♦ Both the Catalyst 6500 and the Catalyst 3500XL are VTP servers with the same VTP
configuration revision number.
♦ Both servers have the same VTP domain name and the same VTP password, if the password
is configured.
♦ The Catalyst 3500XL has the translated Token Ring VLAN.
♦ You start the servers while they are disconnected.
If you connect these two switches, the Catalyst 6500 goes to VTP transparent mode. Of course, this
also happens if the Cisco 3500XL has a higher VTP configuration revision number than the Catalyst
6500 configuration revision number. Moreover, if the switch to VTP transparent mode happens when
you physically connect the two switches, you can reasonably assume that the change would also
happen if you booted the Catalyst 6500 for the first time while the switch was already connected.
• Example 2

These are the initial conditions:

♦ The Catalyst 6500 is a VTP server.

♦ The Catalyst 3500XL is a VTP client.
♦ The Catalyst 3500XL has a higher VTP configuration revision number than the Catalyst 6500
configuration revision number.
♦ Both switches have the same VTP domain and the same VTP password, if the password is
configured.
♦ The Catalyst 3500XL has the translated Token Ring VLAN.
♦ You start the servers while they are disconnected.
If you connect these two switches, the Catalyst 6500 goes to VTP transparent mode. In this scenario,
if the Catalyst 3500XL has a lower configuration revision number than the Catalyst 6500
configuration revision number, the Catalyst 6500 does not switch to VTP transparent mode. If the
Catalyst 3500XL has the same configuration revision number, the Catalyst 6500 does not go to VTP
transparent mode. But the translation is still present in the Catalyst 3500XL.

What Is the Quickest Way to Recover After I Notice the Translation in My Network?

Even if you correct the Token Ring VLAN information in one switch, such as the switch that malfunctioned,
the information can have propagated throughout your network. You can use the show vlan command in order
to determine if this occurred. Therefore, the quickest way to recover is to perform these steps:

Cisco − Understanding and Configuring VLAN Trunk Protocol (VTP)

 1. Take a Cisco IOS Software−based switch, such as a Catalyst XL that is connected to the network, and
change the switch to a VTP server.
2. Remove the translated VLANs.
3. After you apply the change in the switch, reconnect the switch to the network.

The change should be propagated to all the other VTP servers and clients.

You can use the show vlan command in order to verify that the translation is gone in the network. At
this point, you should be able to change the affected CatOS 6.3(3) switch back to a VTP server.

Note: The Catalyst XL switches do not support as many VLANs as the Catalyst 6500s support.
Ensure that all the VLANs in the Catalyst 6500 exist in the Catalyst XL switch before you reconnect
them. For example, you do not want to connect a Catalyst 3548XL with 254 VLANs and a higher
VTP configuration revision number to a Catalyst 6500 that has 500 VLANs configured.

How a Recently Inserted Switch Can Cause Network Problems

Note: See the Flash Animation: VTP section of this document in order to see a Flash demonstration of this
problem.

This problem occurs when you have a large switched domain that is all in the same VTP domain, and you
want to add one switch in the network.

This switch was previously used in the lab, and a good VTP domain name was entered. The switch was
configured as a VTP client and was connected to the rest of the network. Then, you brought the ISL link up to
the rest of the network. In just a few seconds, the whole network was down. What can have happened?

The configuration revision number of the switch that you inserted was higher than the configuration revision
number of the VTP domain. Therefore, your recently introduced switch, with almost no configured VLANs,
erased all VLANs through the VTP domain.

This happens whether the switch is a VTP client or a VTP server. A VTP client can erase VLAN information
on a VTP server. You can tell that this has happened when many of the ports in your network go into inactive
state but continue to be assigned to a nonexistent VLAN.

Solution

Quickly reconfigure all of the VLANs on one of the VTP servers.

What to Remember

Always make sure that the configuration revision number of all switches that you insert into the VTP domain
is lower than the configuration revision number of the switches that are already in the VTP domain.

If you have the output of a show tech−support command from your Cisco device, you can use the Output
Interpreter ( registered customers only) in order to display potential issues and fixes.

Example

Complete these steps in order to see an example of this problem:

Cisco − Understanding and Configuring VLAN Trunk Protocol (VTP)

 1. Issue these commands in order to see that clic has 7 VLANs (1, 2, 3, and the defaults), clic is the VTP
server in the domain named test, and port 2/3 is in VLAN 3:

clic (enable) show vlan

1993 May 25 05:09:50 %PAGP−5−PORTTOSTP:Port 2/1 joined bridge port 2/1 lan
VLAN Name Status IfIndex Mod/Ports, Vlans
−−−− −−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−− −−−−−−−−− −−−−−−− −−−−−−−−−−−−−−−−−−−−−−−−
1 default active 65 2/2,2/4−50
2 VLAN0002 active 70
3 VLAN0003 active 71 2/3
1002 fddi−default active 66
1003 token−ring−default active 69
1004 fddinet−default active 67
1005 trnet−default active 68 68

clic (enable) show vtp domain

Domain Name Domain Index VTP Version Local Mode Password

−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−− −−−−−−−−−−−− −−−−−−−−−−− −−−−−−−−−−− −−−−−−−−−−
test 1 2 server −

Vlan−count Max−vlan−storage Config Revision Notifications

−−−−−−−−−− −−−−−−−−−−−−−−−− −−−−−−−−−−−−−−− −−−−−−−−−−−−−
7 1023 0 disabled

Last Updater V2 Mode Pruning PruneEligible on Vlans

−−−−−−−−−−−−−−− −−−−−−−− −−−−−−−− −−−−−−−−−−−−−−−−−−−−−−−−−
0.0.0.0 disabled disabled 2−1000

clic (enable) show port 2/3

Port Name Status Vlan Level Duplex Speed Type

−−−−− −−−−−−−−−−−−−−−−−− −−−−−−−−−− −−−−−−−−−− −−−−−− −−−−−− −−−−− −−−−−−−−−−−−
2/3 connected 3 normal 10 half 10/100BaseTX
2. Connect bing, which is a lab switch on which VLANs 4, 5, and 6 were created.

Note: The configuration revision number is 3 in this switch.

bing (enable) show vlan

VLAN Name Status IfIndex Mod/Ports, Vlans

−−−− −−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−− −−−−−−−−− −−−−−−− −−−−−−−−−−−−−−−−−−−−−−−−
1 default active 4 2/1−48
3/1−6
4 VLAN0004 active 63
5 VLAN0005 active 64
6 VLAN0006 active 65
1002 fddi−default active 5
1003 token−ring−default active 8
1004 fddinet−default active 6
1005 trnet−default active 7
3. Place bing in the same VTP domain (test).

bing (enable) show vtp domain

Domain Name Domain Index VTP Version Local Mode Password

−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−− −−−−−−−−−−−− −−−−−−−−−−− −−−−−−−−−−− −−−−−−−−−−
test 1 2 server −

Vlan−count Max−vlan−storage Config Revision Notifications

−−−−−−−−−− −−−−−−−−−−−−−−−− −−−−−−−−−−−−−−− −−−−−−−−−−−−−

Cisco − Understanding and Configuring VLAN Trunk Protocol (VTP)

 8 1023 3 disabled

Last Updater V2 Mode Pruning PruneEligible on Vlans

−−−−−−−−−−−−−−− −−−−−−−− −−−−−−−− −−−−−−−−−−−−−−−−−−−−−−−−−
10.200.8.38 disabled disabled 2−1000
4. Configure the trunk between the two switches in order to integrate bing in the network.

Bing erased the clic VLAN, and now clic has VLANs 4, 5, and 6. But, clic no longer has VLANs 2
and 3, and port 2/3 is inactive.

clic (enable) show vtp domain

Domain Name Domain Index VTP Version Local Mode Password

−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−− −−−−−−−−−−−− −−−−−−−−−−− −−−−−−−−−−− −−−−−−−−−−
test 1 2 server −

Vlan−count Max−vlan−storage Config Revision Notifications

−−−−−−−−−− −−−−−−−−−−−−−−−− −−−−−−−−−−−−−−− −−−−−−−−−−−−−
8 1023 3 disabled

Last Updater V2 Mode Pruning PruneEligible on Vlans

−−−−−−−−−−−−−−− −−−−−−−− −−−−−−−− −−−−−−−−−−−−−−−−−−−−−−−−−
10.200.8.38 disabled disabled 2−1000
clic (enable)

clic (enable) show vlan

VLAN Name Status IfIndex Mod/Ports, Vlans

−−−− −−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−− −−−−−−−−− −−−−−−− −−−−−−−−−−−−−−−−−−−−−−−−
1 default active 65 2/2,2/4−50
4 VLAN0004 active 72
5 VLAN0005 active 73
6 VLAN0006 active 74
1002 fddi−default active 66
1003 token−ring−default active 69
1004 fddinet−default active 67
1005 trnet−default active 68 68

clic (enable) show port 2/3

Port Name Status Vlan Level Duplex Speed Type

−−−−− −−−−−−−−−−−−−−−−−− −−−−−−−−−− −−−−−−−−−− −−−−−− −−−−−− −−−−− −−−−−−−−−−−−
2/3 inactive 3 normal auto auto 10/100BaseTX

Reset the Configuration Revision number

You can easily reset the Configuration Revision number by either of the two procedures.

Reset the Configuration Revision using Domain Name

Complete these steps in order to reset the configuration revision number with the change of the Domain
Name:

1. Issue this command in order to see that the configuration is empty:

clic (enable) show vtp domain

Domain Name Domain Index VTP Version Local Mode Password

−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−− −−−−−−−−−−−− −−−−−−−−−−− −−−−−−−−−−− −−−−−−−−−−
1 2 server −

Cisco − Understanding and Configuring VLAN Trunk Protocol (VTP)

 Vlan−count Max−vlan−storage Config Revision Notifications
−−−−−−−−−− −−−−−−−−−−−−−−−− −−−−−−−−−−−−−−− −−−−−−−−−−−−−
5 1023 0 disabled

Last Updater V2 Mode Pruning PruneEligible on Vlans

−−−−−−−−−−−−−−− −−−−−−−− −−−−−−−− −−−−−−−−−−−−−−−−−−−−−−−−−
0.0.0.0 disabled disabled 2−1000
clic (enable)
2. Configure the domain name, which is test in this example, and create two VLANs.

The configuration revision number goes up to 2:

clic (enable) set vtp domain test

VTP domain test modified

clic (enable) set vlan 2

Vlan 2 configuration successful

clic (enable) set vlan 3

Vlan 3 configuration successful

clic (enable) show vtp domain

Domain Name Domain Index VTP Version Local Mode Password

−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−− −−−−−−−−−−−− −−−−−−−−−−− −−−−−−−−−−− −−−−−−−−−−
test 1 2 server −

Vlan−count Max−vlan−storage Config Revision Notifications

−−−−−−−−−− −−−−−−−−−−−−−−−− −−−−−−−−−−−−−−− −−−−−−−−−−−−−
7 1023 2 disabled

Last Updater V2 Mode Pruning PruneEligible on Vlans

−−−−−−−−−−−−−−− −−−−−−−− −−−−−−−− −−−−−−−−−−−−−−−−−−−−−−−−−
0.0.0.0 disabled disabled 2−1000
clic (enable)
3. Change the domain name from test to cisco.

The configuration revision number is back to 0, and all the VLANs are still present:

clic (enable) set vtp domain cisco

VTP domain cisco modified

clic (enable) show vtp domain

Domain Name Domain Index VTP Version Local Mode Password

−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−− −−−−−−−−−−−− −−−−−−−−−−− −−−−−−−−−−− −−−−−−−−−−
cisco 1 2 server −

Vlan−count Max−vlan−storage Config Revision Notifications

−−−−−−−−−− −−−−−−−−−−−−−−−− −−−−−−−−−−−−−−− −−−−−−−−−−−−−
7 1023 0 disabled

Last Updater V2 Mode Pruning PruneEligible on Vlans

−−−−−−−−−−−−−−− −−−−−−−− −−−−−−−− −−−−−−−−−−−−−−−−−−−−−−−−−
0.0.0.0 disabled disabled 2−1000
4. Change the VTP domain name from cisco back to test.

Cisco − Understanding and Configuring VLAN Trunk Protocol (VTP)

 The configuration revision is 0. There is no risk that anything can be erased, and all the previously
configured VLANs remain:

clic (enable) set vtp domain test

VTP domain test modified

clic (enable) show vtp domain

Domain Name Domain Index VTP Version Local Mode Password

−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−− −−−−−−−−−−−− −−−−−−−−−−− −−−−−−−−−−− −−−−−−−−−−
test 1 2 server −

Vlan−count Max−vlan−storage Config Revision Notifications

−−−−−−−−−− −−−−−−−−−−−−−−−− −−−−−−−−−−−−−−− −−−−−−−−−−−−−
7 1023 0 disabled

Last Updater V2 Mode Pruning PruneEligible on Vlans

−−−−−−−−−−−−−−− −−−−−−−− −−−−−−−− −−−−−−−−−−−−−−−−−−−−−−−−−
0.0.0.0 disabled disabled 2−1000
clic (enable)

Reset the Configuration Revision using VTP mode

Complete these steps in order to reset the configuration revision number with the change of the VTP mode:

1. Issue this command in order to see that the configuration is empty:

clic (enable) show vtp domain

Domain Name Domain Index VTP Version Local Mode Password

−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−− −−−−−−−−−−−− −−−−−−−−−−− −−−−−−−−−−− −−−−−−−−−−
1 2 server −

Vlan−count Max−vlan−storage Config Revision Notifications

−−−−−−−−−− −−−−−−−−−−−−−−−− −−−−−−−−−−−−−−− −−−−−−−−−−−−−
5 1023 0 disabled

Last Updater V2 Mode Pruning PruneEligible on Vlans

−−−−−−−−−−−−−−− −−−−−−−− −−−−−−−− −−−−−−−−−−−−−−−−−−−−−−−−−
0.0.0.0 disabled disabled 2−1000
clic (enable)
2. Configure the domain name, which is test in this example, and create two VLANs.

The configuration revision number goes up to 2:

clic (enable) set vtp domain test

VTP domain test modified

clic (enable) set vlan 2

Vlan 2 configuration successful

clic (enable) set vlan 3

Vlan 3 configuration successful

clic (enable) show vtp domain

Domain Name Domain Index VTP Version Local Mode Password

Cisco − Understanding and Configuring VLAN Trunk Protocol (VTP)

 −−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−− −−−−−−−−−−−− −−−−−−−−−−− −−−−−−−−−−− −−−−−−−−−−
test 1 2 server −

Vlan−count Max−vlan−storage Config Revision Notifications

−−−−−−−−−− −−−−−−−−−−−−−−−− −−−−−−−−−−−−−−− −−−−−−−−−−−−−
7 1023 2 disabled

Last Updater V2 Mode Pruning PruneEligible on Vlans

−−−−−−−−−−−−−−− −−−−−−−− −−−−−−−− −−−−−−−−−−−−−−−−−−−−−−−−−
0.0.0.0 disabled disabled 2−1000
clic (enable)
3. Change the VTP mode from server to transparent.

The configuration revision number is back to 0, and all the VLANs are still present:

clic (enable) set vtp mode transparent

VTP domain test modified

clic (enable) show vtp domain

Domain Name Domain Index VTP Version Local Mode Password

−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−− −−−−−−−−−−−− −−−−−−−−−−− −−−−−−−−−−− −−−−−−−−−−
test 1 2 transparent −

Vlan−count Max−vlan−storage Config Revision Notifications

−−−−−−−−−− −−−−−−−−−−−−−−−− −−−−−−−−−−−−−−− −−−−−−−−−−−−−
7 1023 0 disabled

Last Updater V2 Mode Pruning PruneEligible on Vlans

−−−−−−−−−−−−−−− −−−−−−−− −−−−−−−− −−−−−−−−−−−−−−−−−−−−−−−−−
0.0.0.0 disabled disabled 2−1000
4. Change the VTP mode from transparent to server or client.

The configuration revision is 0. There is no risk that anything can be erased, and all the previously
configured VLANs remain:

clic (enable) set vtp mode server

VTP domain test modified

clic (enable) show vtp domain

Domain Name Domain Index VTP Version Local Mode Password

−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−− −−−−−−−−−−−− −−−−−−−−−−− −−−−−−−−−−− −−−−−−−−−−
test 1 2 server −

Vlan−count Max−vlan−storage Config Revision Notifications

−−−−−−−−−− −−−−−−−−−−−−−−−− −−−−−−−−−−−−−−− −−−−−−−−−−−−−
7 1023 0 disabled

Last Updater V2 Mode Pruning PruneEligible on Vlans

−−−−−−−−−−−−−−− −−−−−−−− −−−−−−−− −−−−−−−−−−−−−−−−−−−−−−−−−
0.0.0.0 disabled disabled 2−1000
clic (enable)

All Ports Inactive After Power Cycle

Switch ports move to the inactive state when they are members of VLANs that do not exist in the VLAN
database. A common issue is that all the ports move to this inactive state after a power cycle. Generally, you

Cisco − Understanding and Configuring VLAN Trunk Protocol (VTP)

see this when the switch is configured as a VTP client with the uplink trunk port on a VLAN other than
VLAN 1. Because the switch is in VTP client mode, when the switch resets, it loses its VLAN database and
causes the uplink port and any other ports that were not members of VLAN 1 to go into inactive mode.
Complete these steps in order to solve this problem:

1. Temporarily change the VTP mode to transparent.

switch (enable) set vtp mode transparent

VTP domain austinlab modified

switch (enable)
2. Add the VLAN to which the uplink port is assigned to the VLAN database.

Note: This example assumes that VLAN 3 is the VLAN that is assigned to the uplink port.

switch (enable) set vlan 3

VTP advertisements transmitting temporarily stopped,

and will resume after the command finishes.
Vlan 3 configuration successful
switch (enable)
3. Change the VTP mode back to client after the uplink port begins forwarding.

switch (enable) set vtp mode client

VTP domain austinlab modified

After you complete these steps, VTP should repopulate the VLAN database from the VTP server. The
repopulation moves all ports that were members of VLANs that the VTP server advertised back into the active
state.

Trunk Down, Which Causes VTP Problems

Remember that VTP packets are carried on VLAN 1, but only on trunks (ISL, dot1q, or LAN emulation
[LANE]).

If you make VLAN changes during a time when you have a trunk down or when LANE connectivity is down
between two parts of your network, you can lose your VLAN configuration. When the trunk connectivity is
restored, the two sides of the network resynchronize. Therefore, the switch with the highest configuration
revision number erases the VLAN configuration of the lowest configuration revision switch.

VTP and STP (Logical Spanning Tree Port)

When you have a large VTP domain, you also have a large STP domain. VLAN 1 must span through the
whole VTP domain. Therefore, one unique STP is run for that VLAN in the whole domain.

When VTP is used and a new VLAN is created, the VLAN is propagated through the entire VTP domain. The
VLAN is then created in all switches in the VTP domain. All Cisco switches use PVST, which means that the
switches run a separate STP for each VLAN. This adds to the CPU load of the switch. You must refer to the
maximum number of logical ports (for the STP) that are supported on the switch in order to have an idea of
the number of STPs that you can have on each switch. The number of logical ports is roughly the number of
ports that run STP.

Note: A trunk port runs one instance of STP for each active VLAN on the trunk.

Cisco − Understanding and Configuring VLAN Trunk Protocol (VTP)

You can perform a rapid evaluation of this value for your switch with this formula:

(Number of active VLANs x Number of trunks) + Number of access ports

This number, the maximum number of logical ports for STP, varies from switch to switch and is documented
in the release notes for each product. For example, on a Catalyst 5000 with a Supervisor Engine 2, you can
have a maximum of 1500 STP instances. Each time you create a new VLAN with VTP, the VLAN is
propagated by default to all switches and is subsequently active on all ports. You might need to prune
unnecessary VLANs from the trunk in order to avoid inflation of the number of logical ports.

Note: Pruning unnecessary VLANs from the trunk can be done with one of two methods:

• Manual pruning of the unnecessary VLAN on the trunkThis is the best method, and it avoids the
use of the spanning tree. Instead, the method runs the pruned VLAN on trunks. The VTP Pruning
section of this document describes manual pruning further.
• VTP pruningAvoid this method if the goal is to reduce the number of STP instances. VTP−pruned
VLANs on a trunk are still part of the spanning tree. Therefore, VTP−pruned VLANs do not reduce
the number of spanning tree port instances.

VTP Pruning

VTP pruning increases the available bandwidth. VTP pruning restricts flooded traffic to those trunk links that
the traffic must use in order to access the appropriate network devices. By default, VTP pruning is disabled.
The enablement of VTP pruning on a VTP server enables pruning for the entire management domain. The set
vtp pruning enable command prunes VLANs automatically and stops the inefficient flooding of frames
where the frames are not needed. By default, VLANs 2 through 1000 are pruning eligible. VTP pruning does
not prune traffic from pruning−ineligible VLANs. VLAN 1 is always pruning ineligible; traffic from VLAN 1
cannot be pruned.

Note: Unlike manual VLAN pruning, automatic pruning does not limit the spanning tree diameter.

All devices in the management domain must support VTP pruning in order for VTP pruning to be effective.
On devices that do not support VTP pruning, you must manually configure the VLANs that are allowed on
trunks. You can perform manual pruning of the VLAN from the trunk with the clear trunk mod/port
command and the clear trunk vlan_list command. For example, you can choose to only allow, on each trunk,
a core switch to the VLANs that are actually needed. This helps to reduce the load on the CPUs of all switches
(core switches and access switches) and avoids the use of STP for those VLANs that extend through the entire
network. This pruning limits STP problems in the VLAN.

This is an example:

• TopologyThe topology is two core switches that are connected to each other, each with 80 trunk
connections to 80 different access switches. With this design, each core switch has 81 trunks, and
each access switch has two uplink trunks. This assumes that access switches have, in addition to the
two uplinks, two or three trunks that go to a Catalyst 1900. This is a total of four to five trunks per
access switch.
• PlatformCore switches are Catalyst 6500s with Supervisor Engine 1A and Policy Feature Card 1
(PFC1) that run software release 5.5(7). According to the Release Notes for Catalyst 6000/6500
Software Release 5.x, this platform cannot have more than 4000 STP logical ports.
• Access switchesAccess switches are either:

♦ Catalyst 5000 switches with Supervisor Engine 2, which do not support more than 1500 STP
logical ports

Cisco − Understanding and Configuring VLAN Trunk Protocol (VTP)

 ♦ Catalyst 5000 switches with Supervisor Engine 1 and 20 MB of DRAM, which do not support
more than 400 STP logical ports
• Number of VLANsRemember to use VTP. A VLAN on the VTP server is created on all switches in
the network. If you have 100 VLANs, the core must handle roughly 100 VLANs x 81 trunks = 8100
logical ports, which is above the limit. The access switch must handle 100 VLANs x 5 trunks = 500
logical ports. In this case, Catalysts in the core exceed the supported number of logical ports, and
access switches with Supervisor Engine 1 are also above the limit.
• SolutionIf you assume that only four or five VLANs are actually needed in each access switch, you
can prune all the other VLANs from the trunk on the core layer. For example, if only VLANs 1, 10,
11, and 13 are needed on trunk 3/1 that goes to that access switch, the configuration on the core is:

Praha> (enable) set trunk 1/1 des

Port(s) 1/1 trunk mode set to desirable.

Praha> (enable) clear trunk 1/1 2−9,12,14−1005

Removing Vlan(s) 2−9,12,14−1005 from allowed list.

Port 1/1 allowed vlans modified to 1,10,11,13.

Praha> (enable) clear trunk 1/1 2−9,12,14−1005

Note: Even if you do not exceed the number of allowed logical ports, prune VLANs from a trunk.
The reason is that an STP loop in one VLAN only extends where the VLAN is allowed and does not
go through the entire campus. The broadcast in one VLAN does not reach the switch that does not
need the broadcast. In releases that are earlier than software release 5.4, you cannot clear VLAN 1
from trunks. In later releases, you can clear VLAN 1 with this command:

Praha> (enable) clear trunk 1/1 1

Default vlan 1 cannot be cleared from module 1.

The Case of VLAN 1 section of this document discusses techniques on how to keep VLAN 1 from
spanning the whole campus.

The Case of VLAN 1

You cannot apply VTP pruning to VLANs that need to exist everywhere and that need to be allowed on all
switches in the campus, in order to be able to carry VTP, Cisco Discovery Protocol [CDP] traffic, and other
control traffic. But, there is a way to limit the extent of VLAN 1. The feature is called VLAN 1 disable on
trunk. The feature is available on Catalyst 4500/4000, 5500/5000, and 6500/6000 series switches in CatOS
software release 5.4(x) and later. The feature allows you to prune VLAN 1 from a trunk, as you do for any
other VLAN. This pruning does not include all the control protocol traffic that is still allowed on the trunk
(DTP, PAgP, CDP, VTP, and others). But, the pruning does block all user traffic on that trunk. With this
feature, you can keep the VLAN from spanning the entire campus. STP loops are limited in extent, even in
VLAN 1. Configure VLAN 1 to be disabled, as you would configure other VLANs to be cleared from the
trunk:

Console> (enable) set trunk 2/1 desirable

Port(s) 2/1 trunk mode set to desirable.

Console> (enable) clear trunk 2/1 1

Removing Vlan(s) 1 from allowed list.

Port 2/1 allowed vlans modified to 2−1005.

Cisco − Understanding and Configuring VLAN Trunk Protocol (VTP)

Troubleshoot VTP Configuration Revision Number Errors That Are Seen
in the show vtp statistics Command Output
VTP is designed for an administrative environment in which the VLAN database for the domain is changed at
only one switch at any one time. It assumes that the new revision propagates throughout the domain before
another revision is made. If you change the database simultaneously on two different devices in the
administrative domain, you can cause two different databases to be generated with the same revision number.
These databases propagate and overwrite the existing information until they meet at an intermediate Catalyst
switch on the network. This switch cannot accept either advertisement because the packets have the same
revision number but a different MD5 value. When the switch detects this condition, the switch increments the
No of config revision errors counter.

Note: The show vtp statistics command output in this section provides an example.

If you find that the VLAN information is not updated on a certain switch, or if you encounter other, similar
problems, issue the show vtp statistics command. Determine if the count of VTP packets with configuration
revision number errors is increasing:

Console> (enable) show vtp statistics

VTP statistics:
summary advts received 4690
subset advts received 7
request advts received 0
summary advts transmitted 4397
subset advts transmitted 8
request advts transmitted 0
No of config revision errors 5
No of config digest errors 0
VTP pruning statistics:
Trunk Join Transmitted Join Received Summary advts received from
non−pruning−capable device
−−−−−−−− −−−−−−−−−−−−−−− −−−−−−−−−−−−− −−−−−−−−−−−−−−−−−−−−−−−−−−−
1/1 0 0 0
1/2 0 0 0
Console> (enable)

If you observe a configuration revision error, you can resolve this problem if you change the VLAN database
in some way so that a VTP database with a higher revision number than the revision number of the competing
databases is created. For example, on the switch that acts as the primary VTP server, add or delete a false
VLAN in the administrative domain. This updated revision is propagated throughout the domain and
overwrites the database at all devices. When all the devices in the domain advertise an identical database, the
error no longer appears.

Troubleshoot VTP Configuration Digest Errors That Are Seen in the

show vtp statistics Command Output
This section addresses how to troubleshoot VTP configuration digest errors that you see when you issue the
show vtp statistics command. This is an example:

Console> (enable) show vtp statistics

VTP statistics:
summary advts received 3240
subset advts received 4
request advts received 0

Cisco − Understanding and Configuring VLAN Trunk Protocol (VTP)

 summary advts transmitted 3190
subset advts transmitted 5
request advts transmitted 0
No of config revision errors 0
No of config digest errors 2
VTP pruning statistics:
Trunk Join Transmitted Join Received Summary advts received from
non−pruning−capable device
−−−−−−−− −−−−−−−−−−−−−−− −−−−−−−−−−−−− −−−−−−−−−−−−−−−−−−−−−−−−−−−
1/1 0 0 0
1/2 0 0 0
Console> (enable)

The general purpose of an MD5 value is to verify the integrity of a received packet and to detect any changes
to the packet or corruption of the packet during transit. When a switch detects a new revision number that is
different from the currently stored value, the switch sends a request message to the VTP server and requests
the VTP subsets. A subset advertisement contains a list of VLAN information. The switch calculates the MD5
value for the subset advertisements and compares the value to the MD5 value of the VTP summary
advertisement. If the two values are different, the switch increases the No of config digest errors
counter.

A common reason for these digest errors is that the VTP password is not configured consistently on all VTP
servers in the VTP domain. Troubleshoot these errors as a misconfiguration or data corruption issue.

When you troubleshoot this problem, ensure that the error counter is not historical. The statistics menu counts
errors since the most recent device reset or the VTP statistics reset.

Unable to Change the VTP Mode of a Switch from Server / Transparent

If the switch is a standalone (that is, not connected to the network), and you want to configure the VTP mode
as the client, after reboot, the switch comes up either as a VTP server or VTP transparent, dependent upon the
VTP mode of the switch before it was configured as the VTP client. The switch does not allow itself to be
configured as a VTP client when there is no VTP server nearby.

Conclusion
There are some disadvantages to the use of VTP. You must balance the ease of VTP administration against
the inherent risk of a large STP domain and the potential instability and risks of STP. The greatest risk is an
STP loop through the entire campus. When you use VTP, there are two things to which you must pay close
attention:

• Remember the configuration revision and how to reset it each time that you insert a new switch in
your network so that you do not bring down the entire network.
• Avoid as much as possible to have a VLAN that spans the entire network.

NetPro Discussion Forums − Featured Conversations

Networking Professionals Connection is a forum for networking professionals to share questions, suggestions,
and information about networking solutions, products, and technologies. The featured links are some of the
most recent conversations available in this technology.

NetPro Discussion Forums − Featured Conversations for LAN

Network Infrastructure: LAN Routing and Switching

Cisco − Understanding and Configuring VLAN Trunk Protocol (VTP)

Network Infrastructure: Getting Started with LANs

Related Information
• LAN Product Support Pages
• LAN Switching Support Page
• Technical Support & Documentation − Cisco Systems

All contents are Copyright © 1992−2006 Cisco Systems, Inc. All rights reserved. Important Notices and Privacy Statement.

Updated: Jan 04, 2007 Document ID: 10558

Cisco − Understanding and Configuring VLAN Trunk Protocol (VTP)