In our previous post Cisco VTP (VLAN Trunking Protocol), we learnt about VTP basics. In this lesson we shall learn in detail about VTP version 3 using same topology. It came with some extra additions as listed below:
- VTP Primary Server
- Extended VLANs.
- Improved Authentication Methods
- VTP Off Mode
- Backward Compatibility
To understand each of the above feature lets dive into the configuration part with below topology.
VTP Primary Server
Unlike VTP 1 & 2, where every VTP server can add / delete / modify VLAN, in this version only the primary server can add / delete & modify VLANs . Consider below topology for better understanding.
Switch1(config)#vtp domain NetAcad Changing VTP domain name from NULL to NetAcad Switch1(config)#vtp version 3
Let’s do the same on Switch 2 & Switch 3.
Switch2(config)#vtp domain NetAcad Changing VTP domain name from NULL to NetAcad Switch2(config)#vtp version 3
Switch3(config)#vtp domain NetAcad Changing VTP domain name from NULL to NetAcad Switch3(config)#vtp version 3
All of these switch are currently operating on VTP server mode with version 3. This configuration will not allow any switch to add / remove & modify VLAN. Let’s Check.
Switch1(config)#vlan 10 VTP VLAN configuration not allowed when device is not the primary server for vlan database.
As prompt says that switch must be in primary server mode to make configuration changes in VLAN database. So let’s make Switch1 our primary VTP server.
Switch1(config)#vtp primary This system is becoming primary server for feature vlan No conflicting VTP3 devices found. Do you want to continue? [confirm]
Press Enter to confirm, as soon as you confirm below message appears on switch2 & switch3
%SW_VLAN-4-VTP_PRIMARY_SERVER_CHG: 0000.17ac.260d has become the primary server for the VLAN VTP feature
Now lets again try to add VLANs from switch1 which is now Primary VTP Server.
Switch1(config)#vlan 10 Switch1(config-vlan)#exit
It should synchronize its VLAN database to switch2 and switch3, let’s verify that.
Extended VLANs Support
In previous VTP versions, VLANs from (1006 – 4094) synchronization was not supported. VTP Version 3 allows us to synchronize VLANs in extended range.
Switch1(config)#vlan 3500 Switch1(config-vlan)#exit
Now lets us verify on other switches.
Switch2(config)#show vlan | include VLAN3500 3500 VLAN3500 active
Improved Authentication Methods
Version 3 now supports hidden password to be stored in configuration rather than storing password in clear text.
Switch1(config)#vtp password NetAcad ? hidden Set the VTP password hidden option secret Specify the vtp password in encrypted form <cr> Switch1(config)#vtp password NetAcad hidden Switch1(config)#
Now you will need password in addition to VTP domain configuration, in order for switches to synchronize their VLAN databases from VTP primary server.
VTP Off Mode
Normally if VTP is not configured it is be default in NULL domain and does not modifies its VLAN database from any server. However, in VTP version 3 you can configure the switch in VTP Off mode to entirely disable the VLAN database synchronization or just disable any of its feature like (MST, VLAN etc.)
Switch3(config)#vtp mode off mst Switch3(config)#
Above command disables MST updates on entire switch. Optionally, rather than disabling VTP on entire device, you can disable VTP on interface level with “no vtp” command.
Switch3(config)#interface fastethernet 0/15 Switch3(config-if)#no vtp
VTP Version 3 is partially back compatible with previous versions of VTP. Means that in a VTP domain, switches with VTP version 2 configured can synchronize their VLAN database from switch configured with VTP version 3. But if there is password authentication is enabled on switch operating with VTP Version 3, then it would not work.
Thats all for now, in this post we learnt about VTP Version 3 features in details. Hope this is been informative for you & we’d like to thank you for viewing.