CCIE R&S Written Overview: VLANs/Trunking/VTP


VLAN Numbering

• VLAN membership defined by number

• 12-bit field (0-4095)

– 0 & 4095 reserved per 802.1Q standard

• Normal VLANs 1-1005

– 1 – Default Ethernet VLAN

– 1002/1004 – Default FDDI VLANs

– 1003/1005 – Default Token Ring VLANs

• Extended VLANs 1006-4094

VLAN Trunks

• Traffic sent over a trunk link receives special trunking encapsulation

– Normal Ethernet header does not have a field for VLAN number

– ISL or 802.1Q headers are added to include this information

Trunking Encapsulations

• Both ISL and 802.1Q accomplish the same goal of encoding VLAN number in frame header to separate traffic

• The key differences are…


• Cisco proprietary

• 30-byte encapsulation for all frames

– 26-byte header

– 4-byte trailer (FCS)

• Does not modify original frame


• IEEE standard

• 4-byte tag except for “native” VLAN

• Modifies original frame

– See Inter-Switch Link and IEEE 802.1Q Frame Format for more info

DTP – Dynamic Trunking Protocol

• Dynamic switchports automatically choose whether to run in access or trunking mode

• Runs Dynamic Trunking Protocol (DTP) to negotiate, in order…

– ISL trunk

– 802.1Q trunk

– Access port

• Configured as switchport mode dynamic [auto|desirable]

• Disabled with switchport nonegotiate or switchport mode access

Auto vs Desirable

  • Auto will not initiate but will accept
  • Desirable will initiate a negotiation and also accept one

VTP Overview

• VLAN Trunk Protocol

• Cisco proprietary

• Used to dynamically…

– Advertise addition, removal, modification of VLAN properties

• Number, name, etc.

– Negotiate trunking allowed lists

• “VTP Pruning”

• Does not affect actual VLAN assignments

– Still manually needed with switchport access vlan [vlan]

How VTP Works

• VTP Domain

– To exchange information, switches must belong to the same


• VTP Mode

– Controls who can advertise new/modified information

– Modes are…

• Server

• Client

• Transparent

• VTP Revision Number

– Sequence number to ensure consistent databases

– Higher revision indicates newer database

VTP Domains

• VTP domain name controls which devices can exchange VTP advertisements

• VTP domain does not define broadcast domain

– Switches in different VTP domains that share same VLAN numbers hosts’ are still in the same broadcast domain

• Configured as vtp domain [name]

• Defaults to null value

– Switch inherits VTP domain name of first advertisement it hears

VTP Pruning

• Broadcasts and unknown unicast/multicast frame are flooded everywhere in the broadcast domain

– Includes trunk links

• Editing allowed list limits this flooding, but large administrative overhead

• VTP pruning automates this procedure

– Switches advertise what VLANs they need

– All other VLANs are pruned (removed) off the trunk link

• Does not work for transparent mode

VTP: Advertisement Types, Options and Pruning

VTPv1 and v2 passwords can’t be encrypted in running-config.

VTPv3 can encrypt passwords.

VTP Pruning

By default a port that is trunking belongs to all VLANs

VTP will also follow the same behaviour with it’s VLAN replication, therefore on your VTP Server you need to apply VTP pruning which will then prune VLANs mirroring what is permitted on your trunks.

Once enabled on 1 VTP server, this is then enabled across entire VTP domain.

VTP v2 will perform a consistency check on names and numbers.

VTP versions do not play well together at all. Make consistent across the enterprise.

Cisco PDF: VTPv3

VTP: VTP Fundamentals And Configuration

Overall and synchronised database of all VLANs in enterprise.

VTP advertisements that notify neighbouring switches in the same domain of any VLANs in existence on the switch sending the advertisements.

Can only belong to 1 VTP domain

Transparent VTP switches are locally significant.

VTP Version 1 The transparent switch will forward that advertisement information only if the VTP version number and domain name on that switch is the same of that of downstream switches.

VTP Version 2 The transparent switch will forward VTP advertisements via it’s trunk ports even if the domain name doesn’t match.

VTP Client is unable to create VLAN in any method. When using switchport access vlan 300, this will NOT create VLAN 300 in the database, as the client mode doesn’t have rights.

VTP Advertisements

Multicast based but not sent out every port, as a result the advertisements are only sent via trunk ports.

When 1 switches LAN database changes, the config revision number is incremented.

Client receives advertisement and compared revision number to what is received on the incoming advertisement, this indicates the information is more recent as the revision number is higher. If the revision number is higher then it is ignored.

To reset a switches revision number to zero: (More art form then science)

  • Change VTP domain name to a nonexistent domain, then change it back to the original name.
  • Change the VTP mode to Transparent, then change it back to Server.

VTP Counters

show vtp counters – Handy command!

  • Summary Advertisements – Transmitted by VTP servers every 5 minutes,or upon a change in the VLAN database.

Information included in the summary advertisement:

  1. VTP domain name and version
  2. Confoguration revision number
  3. MD5 Hash Code
  4. Timestamp
  5. Number of subset advertisments that will follow this ad
  • Subset Advertisements – Transmitted by VTP servers upon a VLAN configuration change,
  1. Whether the VLAN was created, deleted, activated or suspended.
  2. The new name of the VLAN
  3. The new MTU
  4. VLAN Type (Ethernet, Token Ring, FDDI)
  • Client Advertisement Requests – are just that! a request for VLAN information from the client. Why? Most likely the VLAN database has been corrupted or deleted. VTP Server will respond to this request with a series of Summary and Subset advertisements.