VTP Version 3 Guide

Rashmi Bhardwaj | Blog,Protocol,Routing & Switching

As technologies are enhancing and need for improved versions of protocols becomes imperative, Cisco and other industry vendors keep full-throttle on developing new enhancements in the current products and network services.

One such case is of VTP where network administrators face the key challenge to minimize errors and have scalability in solutions.


Two key tasks are – modification of the VLAN configuration and the MST (Multiple Spanning Tree) environments which require the consistent modification of a group of devices.


Related – Cisco vs HP Vlan Configuration

Cisco Systems offers a unique and proven tool to optimize such tasks; VTP version 3 eases and secures the administration and the deployment in the field.

Introduction to VTP Version 3

The main goal of VTP version 3 remains to synchronize VLANs but it has a number for extras. It’s been around for a while but until recent IOS versions, it wasn’t supported on Cisco Catalyst Switches.

VTP version 3 is the third version of the VLAN trunk protocol and enhances its initial functions well beyond the handling of VLAN matters.

VTP v3 interoperates with VTP version 2 but not VTP version 1. For devices that are capable of running VTP version 2 but are running in VTP version 1 mode, a change to VTP version 2 is required.

Related – VTP Mode and Version Comparison

Before considering VTP version 3 for your network it is recommended that you verify if all switches in the existing or prospective VTP domain are capable of running in VTP version 2 mode.

The best results will be achieved in a homogeneous VTP version 3 environment.

Unique Features of VTP version 3

VTP version 3 supports below given features that are not supported in version 1 or version 2:

  1. Private VLAN support.
  2. Multiple Spanning Tree (MST) Support – VTP version 3 can propagate Multiple Spanning Tree (MST) protocol database information.
  3. VTP primary server and VTP secondary servers.
  4. Support to turn VTP on or off on a per-trunk (per-port) basis.
  5. Support for extended range VLAN (VLANs 1006 to 4094) which was initially upto 1005 until Version 2 of VTP.
  6. Enhanced authentication where Authentication can be configured as hidden or secret.
  7. RSPAN VLANs: remote SPAN VLANs can now be synchronized
  8. VTP can be disabled globally.
  9. Protection from unintended database overrides during insertion of new switches – VTP mode clients, and secondary servers cannot write the VLAN database. There can only be one primary server. The primary server is the only server allowed to write the VLAN database.
  10. In VTP version 3, VLAN configurations are saved in NVRAM in client mode. Earlier version did not save VLAN configurations in NVRAM

VTP Version 3 Operation

VTP version 3 uses the model of device roles. In addition to the 3 roles used in version 1 and 2 i.e. “client”, “server”, and “transparent” role, there is another fourth role which has been introduced – It is called “off” role.

This role is bound to the instance or mode for VTP version 3 operations. (The instance here can be VLAN or MST). Let’s detail on the 4 roles in VTP version 3 –


In this role, the switch uses NVRAM to store the locally created configuration of an instance of VLAN database. VTP transparent switches do not participate in VTP however do forward VTP advertisements that they receive from other switches through their trunk interfaces.

VTP messages are neither sent nor evaluated when received. The local configuration revision number will always be 0 in transparent mode/role. Domain check is not implemented unlike during version1 where it was performed.


A device using local temporary storage space to hold via VTP received information. This information is used to update other devices, such as a device that is working as a server.

Local configuration of devices in the client role is not possible i.e. we cannot create, change, or delete VLANs on a VTP client. After booting, a client device issues a VTP message asking for the configuration of other VTP devices. VLANs are configured on another switch in the domain that is in server mode.


Introduced with CAT OS 7.X, a mode similar to transparent was offered. The difference between transparent and off is the termination of received VTP messages instead of relaying them. With VTP version 3, off mode can be configured globally or on a per-port base. The off mode was formerly only available with CAT OS. The configuration of off on an interface will apply to all VTP instances. Turning VTP to off allows a VTP domain to connect to switches in a different administrative domain. In a global configuration, the off keyword applies to the specified or default instance.


In VTP server mode, you can create, modify, and delete VLANs, and specify other configuration parameters (such as the VTP version) for the entire VTP domain. VTP servers advertise their VLAN configurations to other switches in the same VTP domain and synchronize their VLAN configurations with other switches based on advertisements received over trunk links. VTP v3 expands and enhances the concept of the server role.

Only one server per domain can be prompted to be a primary server. Client and secondary server devices receive a configuration from a primary server. A secondary server stores the received configuration in a local permanent storage space (for example, NVRAM) and updates other devices in the same domain and for the same instance.

Related- VTP Pruning

Sample Configuration

Below is a sample case where we configure switch (SW1) in version 3 of server mode as below:

Step 1 –SW1(config)#vtp version 3 Cannot set the version to 3 because domain name is not configured

v3 cannot be enabled without specifying a domain. Previous versions of VTP took the domain name from its neighbors if one is not specified.

SW1(config)#vtp domain ARUSH Changing VTP domain name from NULL to ARUSH

*Jan  10 00:011:09.612: %SW_VLAN-6-VTP_DOMAIN_NAME_CHG: VTP domain name changed to ARUSH.

SW1(config)#vtp version 3

*Jan  10 00:011:09.636: %SW_VLAN-6-OLD_CONFIG_FILE_READ: Old version 2 VLAN configuration file detected and read OK.  Version 3

files will be written in the future.

SW1(config)#vtp mode server

Setting device to VTP Server mode for VLANS.

SW1(config)#vlan 10

VTP VLAN configuration not allowed when device is not the primary server for vlan database.

Now we will make SW1 as primary server. There can only be one primary server. The primary server is the only server allowed to write the VLAN database:

SW1#vtp primary vlan This system is becoming primary server for feature vlan

No conflicting VTP3 devices found.

Do you want to continue? [confirm]



Leave a Comment

Your email address will not be published. Required fields are marked *

Shopping Cart