CCIE 400-101: Layer 2 Technologies - VTPv1, VTPv2, VTP pruning, manual pruning

VTPv1, VTPv2

  • Problem: As the Layer 2 network size grows, managing VLAN information involves large administrative overhead.  Modifying VLAN databases on each switch individually would require a considerable amount time and effort. 
  • VTP was introduced to automate the propagation of VLAN information throughout the switched network.  
  • VTP is a Cisco proprietary protocol that dynamically advertises the properties of VLANs (addition, removal, or other changes).  
  • VTP version 1 and version 2 support only normal-range VLANs (VLAN IDs 1 to 1005).  
  • Extended range VLANs (VLANs 1006 to 4094) are supported only in VTPv3. 
  • A switch can be in only one VTP domain. 
  • By default, the switch is in the VTP null domain until it receives an advertisement for a domain or until a domain name is configured. 
  • Until the management domain name is specified or learned, the VLAN information is not propagated over the network. 
  • The switch inherits the VTP domain name and the VTP configuration revision number. 
  • The switch then ignores advertisements with a different domain name or an earlier configuration revision number.  
  • Before adding a VTP client switch to a VTP domain, always verify that its VTP configuration revision number is lower than the configuration revision number of the other switches in the VTP domain. 
  • If you add a switch that has a revision number higher than the revision number in the VTP domain, it can erase all VLAN information from the VTP domain.
  • The VTP revision number is stored in NVRAM and is not reset if you erase switch configuration and reload it. To reset the VTP revision number to zero, you have two options:
    • Change the switch VTP domain to a fake VTP domain and then change the domain back to the right name.
    • Change the switch VTP mode to transparent and then back to server/client.
  • The revision number on a VTP transparent switch will always be 0.
  • VTP servers and clients save VLANs to the vlan.dat file in flash memory, causing them to retain the VLAN table and revision number after a reload. Switches that are in VTP transparent mode display the VLAN and VTP configurations in the show running-config command output because this information is stored in the configuration text file. 
  • If you do erase startup-config on a VTP transparent switch, you will delete its VLANs. The erase startup-config command does not affect the vlan.dat file on switches in VTP client and server modes. Delete the vlan.dat file and reload the switch to clear the VTP and VLAN information. 
  • There are four VTP roles (and VTP off):
    • VTP Server: you can create, modify, and delete VLANs, and specify other configuration parameters (such as the VTP version) for the entire VTP domain. 
    • VTP Client: behaves like a VTP server and transmits and receives VTP updates on its trunks, but you cannot create, change, or delete VLANs. 
    • VTP Transparent: can create, modify, and delete VLANs locally. However, a VTP transparent switch does not advertise its VLAN configuration and does not synchronize its VLAN configuration based on received advertisements but does forward them to other switches. 
    • VTP Off:  functions in the same manner as a VTP transparent switch, except that it does not forward VTP advertisements.  
  • Each switch in the VTP domain sends periodic advertisements from each trunk port to a reserved multicast address. 
  • VTP advertisements can only be sent over a trunk link.
  • There are four different VTP advertisement types: 
    • Summary Advertisement: By default, Catalyst switches send summary advertisements at 5-minute intervals. Summary advertisements inform adjacent switches of the current VTP domain name and the configuration revision number. When the switch receives a summary advertisement packet, the switch compares the VTP domain name to its own VTP domain name. If the name is different, the switch simply ignores the packet. If the name is the same, the switch then compares the configuration revision to its own revision. If its own configuration revision is higher or equal, the packet is ignored.  If it is lower, an advertisement request is sent.
    • Subset Advertisement: One or several subset advertisements follow the summary advertisement. A subset advertisement contains a list of VLAN information.
    • Advertisement Request: Sent if the switch has been reset, the VTP domain name has changed, or the switch has received a VTP summary advertisement with a higher configuration revision than its own. VTP summary advertisement and subsequent subset advertisements are sent in response.
    • Join Message: Originated by each VTP Server and Client switch periodically every 6 seconds if VTP pruning is enabled. Join messages contain a bit field that, for each VLAN in the normal range, indicates whether the VLAN is active or unused (that is, pruned). 
  • By default, VTP operates in version 1.
  • VTPv2 supports the following features that are not supported by VTPv1:
    • Token Ring
    • Unrecognized TLVs: VTP propagates advertisements even for TLVs it is not able to parse.
    • Version-Dependent Transparent mode: In VTP version 1, a VTP transparent switch inspects VTP messages for the domain name and version and forwards a message only if the version and domain name match. Because VTP version 2 supports only one domain, it forwards VTP messages in transparent mode without inspecting the version and domain name. (This is a myth! See: Old CCIE Myths: VTP.)
    • Consistency checks: things like VLAN names and values are checked only when new information is entered. Consistency checks are not performed when information is read from a new VTP advertisement or NVRAM.
  • The following is a common set of default VTP values on Cisco Catalyst switches:
    • VTP domain name: <Null>
    • VTP mode: Server mode
    • VTP password: None
    • VTP version: Version 1
    • Configuration Revision: 0


Switch1#show vtp status
VTP Version capable             : 1 to 3
VTP version running             : 1
VTP Domain Name                 : 
VTP Pruning Mode                : Disabled
VTP Traps Generation            : Disabled
Device ID                       : aabb.cc00.0100
Configuration last modified by at 11-26-13 13:27:26
Feature VLAN:
VTP Operating Mode                : Server
Maximum VLANs supported locally   : 1005
Number of existing VLANs          : 5
Configuration Revision            : 0
MD5 digest                        : 0x30 0x87 0x7A 0x1B 0x51 0x98 0x28 0x9C 
                                    0x06 0xB7 0x6D 0x83 0x18 0xA9 0xB2 0x99

VTP Pruning

  • VTP pruning offers a dynamic mechanism that automatically configures the allowed VLAN lists on trunks within a VTP domain.
  • Based upon whether or not a switch has ports currently active within a VLAN, the switch dynamically indicates to the remote switch on the other side of a trunk that the traffic within the inactive VLAN not be forwarded across a trunk.
  • VTP pruning blocks unneeded flooded traffic to VLANs on trunk ports that are included in the pruning-eligible list.
  • Only VLANs included in the pruning-eligible list can be pruned (VLANs 2-1001 by default).
  • Extended-range VLANs are pruning-ineligible.
  • VTP pruning is supported in all VTP versions.
  • Enabling VTP pruning on a VTP server enables pruning for the entire management domain.
  • Making VLANs pruning-eligible or pruning-ineligible affects pruning eligibility for those VLANs on that trunk only (not on all switches in the VTP domain).
  • VTP pruning is not designed to function in VTP transparent mode.
  • VTP pruning is disabled by default.
  • Enable VTP pruning on the VTP server with the vtp pruning command. 
  • To configure VTP pruning eligible list on an interface, use the switchport trunk pruning vlan x,y-z. This command is confusing because it is essentially the opposite of editing the VLAN allowed list. If a VLAN is removed from the VTP pruning eligible list, the switch will report it needs traffic for that VLAN, although it has no active ports in that VLAN.
  • VTP pruned VLANs on a trunk are still part of spanning tree. Effectively, VTP pruning does not decrease the number of spanning tree instances.


Switch1#show interface Fa0/24 pruning

Port                Vlans pruned for lack of request by neighbor
Fa0/24              5,7-10,22,43,58,67,79,123,146

Port                Vlan traffic requested of neighbor
Fa0/24              1,5,7-10,22,43,58,67,79,123,146

  • The Vlans pruned for lack of request by neighbor field indicates which VLANs the neighbor did not ask for.
  • The Vlan traffic requested of neighbor field indicates which VLANs the local switch told its neighbor it needs. These VLANs are assigned to certain local ports on the switch itself or the switch is in the Layer 2 transit path for these VLANs.

Manual Pruning

  • By default, trunk ports permit traffic for all VLANs. 
  • VTP pruning can only instruct a switch to not request traffic for specific VLANs. 
  • Manual pruning allows an administrator to explicitly decide which VLANs can traverse across the link. 
  • The command to do this is switchport trunk allowed vlan x,y-z.
  • This is the best method to prune VLANs because it limits the number of spanning tree instances to the number of VLANs allowed on the trunk.


interface FastEthernet0/3
 switchport trunk allowed vlan 10,20,99

S3# show interfaces trunk
Port        Mode    Encapsulation    Status    Native vlan
Fa0/3       on      802.1q           trunking  99
Port        Vlans allowed on trunk
Fa0/3       10,20,99
Port        Vlans allowed and active in management domain
Fa0/3       10,20,99
Port        Vlans in spanning tree forwarding state and not pruned
Fa0/3       10,20,99


Configuring VTP
Understanding VLAN Trunk Protocol (VTP)