VTP Advertisements

Each Cisco switch participating in VTP advertises VLANs (only VLANs 1 to 1005), revision numbers, and VLAN parameters on its trunk ports to notify other switches in the management domain. VTP advertisements are sent as multicast frames. The switch intercepts frames sent to the VTP multicast address and processes them with its supervisory processor. VTP frames are forwarded out trunk links as a special case.

Because all switches in a management domain learn of new VLAN configuration changes, a VLAN must be created and configured on only one VTP server switch in the domain.

By default, management domains are set to use nonsecure advertisements without a password. You can add a password to set the domain to secure mode. The same password must be configured on every switch in the domain so that all switches exchanging VTP information use identical encryption methods.

VTP switches use an index called the VTP configuration revision number to keep track of the most recent information. Every switch in a VTP domain stores the configuration revision number that it last heard from a VTP advertisement. The VTP advertisement process always starts with configuration revision number 0 (zero).

When subsequent changes are made on a VTP server, the revision number is incremented before the advertisements are sent. When listening switches (configured as members of the same VTP domain as the advertising switch) receive an advertisement with a greater revision number than is stored locally, the advertisement overwrites any stored VLAN information.

Because of this, it is very important to always force any newly added network switches to have revision number 0 before being attached to the network. Otherwise, a switch might have stored a revision number that is greater than the value currently in use in the domain.

The VTP revision number is stored in NVRAM and is not altered by a power cycle of the switch. Therefore, the revision number can be initialized to 0 only by using one of the following methods:

■ Change the switch's VTP mode to transparent and then change the mode back to server

■ Change the switch's VTP domain to a bogus name (a nonexistent VTP domain), and then change the VTP domain back to the original name.

If the VTP revision number is not reset to 0, the switch might enter the network as a VTP server and have a pre-existing revision number (from a previous life) that is higher than in previous legitimate advertisements. The new switch's VTP information would be seen as more recent, so all other switches in the VTP domain would gladly accept its database of VLANs and overwrite their good VLAN database entries with null or deleted VLAN status information.

In other words, a new server switch might inadvertently cause every other working switch to flush all records of every VLAN in production. The VLANs would be deleted from the VTP database and from the switches, causing any switch port assigned to them to become inactive. This is referred to as a VTP synchronization problem. For critical portions of your network, you should consider using transparent VTP mode to prevent the synchronization problem from ever becoming an issue.

TIP It might seem intuitive that a switch acting as a VTP server could come online with a higher configuration revision number and wreak havoc on the whole domain. You should also be aware that this same thing can happen if a VTP client comes online with a higher revision, too!

Even though it seems as if a client should strictly listen to advertisements from servers, a client can and does send out its own advertisements. When it first powers up, a client sends a summary advertisement from its own stored database. It realizes that it has a greater revision number if it receives an inferior advertisement from a server. Therefore, it sends out a subset advertisement with the greater revision number, which VTP servers will accept as more up-to-date information.

VTP advertisements can originate as requests from client-mode switches that want to learn about the VTP database at bootup. Advertisements also can originate from server-mode switches as VLAN configuration changes occur.

VTP advertisements can occur in three forms:

■ Summary advertisements—VTP domain servers send summary advertisements every 300 seconds and every time a VLAN database change occurs. The summary advertisement lists information about the management domain, including VTP version, domain name, configuration revision number, time stamp, MD5 encryption hash code, and the number of subset advertisements to follow. For VLAN configuration changes, summary advertisements are followed by one or more subset advertisements with more specific VLAN configuration data. Figure 6-1 shows the summary advertisement format.

Figure 6-1 VTP Summary Advertisement Format

Version (1 byte)


Number of subset advertisements to follow (1 byte)

Domain name length (1 byte)

Management Domain Name (zero-padded to 32 bytes)

Configuration Revision Number (4 bytes)

Updater Identity (orginating IP address: 4 bytes)

Update Time Stamp (12 bytes)

MD5 Digest hash code (16 bytes)

■ Subset advertisements—VTP domain servers send subset advertisements after a VLAN configuration change occurs. These advertisements list the specific changes that have been performed, such as creating or deleting a VLAN, suspending or activating a VLAN, changing the name of a VLAN, and changing a VLAN's Maximum Transmission Unit (MTU). Subset advertisements can list the following VLAN parameters: status of the VLAN, VLAN type (such as Ethernet or Token Ring), MTU, length of the VLAN name, VLAN number, Security Association Identifier (SAID) value, and VLAN name. VLANs are listed individually in sequential subset advertisements. Figure 6-2 shows the VTP subset advertisement format.

Figure 6-2 VTP Subset Advertisement and VLAN Info Field Formats

VTP Subset Advertisement

Version (1 byte)


Subset sequence number

Domain name length (1 byte)

Management Domain Name (zero-padded to 32 bytes)

Configuration Revision Number (4 bytes)

VLAN Info Field 1 (see below)

VLAN Info Field N

VTP VLAN Info Field





Info Length

VLAN Status


VLAN Name Length


MTU Size

802.10 SAID

VLAN Name (padded with zeros to multiple of 4 bytes)

■ Advertisement requests from clients—A VTP client can request any VLAN information it lacks. For example, a client switch might be reset and have its VLAN database cleared, and its VTP domain membership might be changed, or it might hear a VTP summary advertisement with a higher revision number than it currently has. After a client advertisement request, the VTP domain servers respond with summary and subset advertisements to bring it up-to-date. Figure 6-3 shows the advertisement request format.

Figure 6-3 VTP Advertisement Request Format





(Adv request) (1 byte)

Reserved (1 byte)

Domain name length (1 byte)

Management Domain Name (zero-padded to 32 bytes)

Starting advertisement to request

Catalyst switches in server mode store VTP information separately from the switch configuration in NVRAM. VLAN and VTP data are saved in the vlan.dat file on the switch's Flash memory file system. All VTP information, including the VTP configuration revision number, is retained even when the switch power is off. In this manner, a switch can recover the last known VLAN configuration from its VTP database after it reboots.

TIP Remember that even in VTP client mode, a switch will store the last known VTP information—including the configuration revision number. Don't assume that a VTP client will start with a clean slate when it powers up.

Was this article helpful?

+1 0

Post a comment