VTP Version 3 – Explained

· >

In our previous post Cisco VTP (VLAN Trunking Protocol), we learnt about VTP basics. In this lesson we shall learn in detail about VTP version 3 using same topology. It came with some extra additions as listed below:

  • VTP Primary Server
  • Extended VLANs.
  • Improved Authentication Methods
  • VTP Off Mode
  • Backward Compatibility

To understand each of the above feature lets dive into the configuration part with below topology.


VTP Primary Server

Unlike VTP 1 & 2, where every VTP server can add / delete / modify VLAN, in this version only the primary server can add / delete & modify VLANs . Consider below topology for better understanding.

Switch1(config)#vtp domain NetAcad
Changing VTP domain name from NULL to NetAcad
Switch1(config)#vtp version 3

Let’s do the same on Switch 2 & Switch 3.

Switch2(config)#vtp domain NetAcad
Changing VTP domain name from NULL to NetAcad
Switch2(config)#vtp version 3
Switch3(config)#vtp domain NetAcad
Changing VTP domain name from NULL to NetAcad
Switch3(config)#vtp version 3

All of these switch are currently operating on VTP server mode with version 3. This configuration will not allow any switch to add / remove & modify VLAN. Let’s Check.

Switch1(config)#vlan 10
VTP VLAN configuration not allowed when device is not the primary server
for vlan database.

As prompt says that switch must be in primary server mode to make configuration changes in VLAN database. So let’s make Switch1 our primary VTP server.

Switch1(config)#vtp primary 
This system is becoming primary server for feature vlan
No conflicting VTP3 devices found.
Do you want to continue? [confirm]

Press Enter to confirm, as soon as you confirm below message appears on switch2 & switch3

%SW_VLAN-4-VTP_PRIMARY_SERVER_CHG: 0000.17ac.260d has become the primary server for the VLAN VTP feature

Now lets again try to add VLANs from switch1 which is now Primary VTP Server.

Switch1(config)#vlan 10

It should synchronize its VLAN database to switch2 and switch3, let’s verify that.

Extended VLANs Support

In previous VTP versions, VLANs from (1006 – 4094) synchronization was not supported. VTP Version 3 allows us to synchronize VLANs in extended range.

Switch1(config)#vlan 3500

Now lets us verify on other switches.

Switch2(config)#show vlan | include VLAN3500
3500     VLAN3500                     active

Also Read:

Improved Authentication Methods

Version 3 now supports hidden password to be stored in configuration rather than storing password in clear text.

Switch1(config)#vtp password NetAcad ?
hidden Set the VTP password hidden option
secret Specify the vtp password in encrypted form
Switch1(config)#vtp password NetAcad hidden

Now you will need password in addition to VTP domain configuration, in order for switches to synchronize their VLAN databases from VTP primary server.

VTP Off Mode

Normally if VTP is not configured it is be default in NULL domain and does not modifies its VLAN database from any server. However, in VTP version 3 you can configure the switch in VTP Off mode to entirely disable the VLAN database synchronization or just disable any of its feature like (MST, VLAN etc.)

Switch3(config)#vtp mode off mst

Above command disables MST updates on entire switch. Optionally, rather than disabling VTP on entire device, you can disable VTP on interface level with “no vtp” command.

Switch3(config)#interface fastethernet 0/15
Switch3(config-if)#no vtp

Backward Compatibility

VTP Version 3 is partially back compatible with previous versions of VTP. Means that in a VTP domain, switches with VTP version 2 configured can synchronize their VLAN database from switch configured with VTP version 3. But if there is password authentication is enabled on switch operating with VTP Version 3, then it would not work.

Thats all for now, in this post we learnt about VTP Version 3 features in details. Hope this is been informative for you & we’d like to thank you for viewing.

Notify of
Inline Feedbacks
View all comments