Table of Contents
VTP is Cisco proprietary protocol and abbreviation for VLAN Trunking Protocol. It propagates VLAN information throughout a network. VTP reduces administration in a switched network. When we configure a new VLAN on one VTP server, the VLAN is distributed through all switches in the domain. This reduces the need to configure the same VLAN everywhere.
Understanding the concept: VTP Bomb
Now let’s understand how VTP can be disaster in a network – but before that it’s imperative to know that Switch with higher VTP revision number in the LAN will cause VLAN information to be overwritten in all switches. This happens since it is considered that latest VLAN information is available with switch which has highest VTP revision number.
It could happen somebody would disconnect a switch from a production LAN environment, make a test lab on it by deleting/changing VLANs and then reconnecting the same switch back to the LAN. In that case the revision number would get increased and VLANs would be deleted/changed from all switches which are in LAN.
Now, the entire network effectively “dies” and this term is known as a “VTP Bomb” where a switch with higher revision number creates havoc in network by propagating incorrect database to the domain and the overwriting the stable database.
Key Concepts to Summarize
- VTP Revision Number: VTP uses a revision number to track changes to the VLAN configuration. A higher revision number indicates a newer configuration, which is automatically propagated to other switches.
- Cause of VTP Bombing: If a new switch with an out-of-date or default VLAN configuration but a high revision number is connected to the network, it can overwrite the VLAN configurations of other switches. This can lead to VLAN misconfigurations, network outages, and disruptions.
Impact of VTP Bombing
- All existing VLAN configurations on the network may be lost or replaced with the erroneous configuration.
- Network traffic could be disrupted as VLANs are removed, added, or reconfigured incorrectly.
- Restoring the proper VLAN configuration might require manual intervention or backup restoration.
What is the Resolution?
VTP Version 3 (VTPv3) which was introduced in Cisco NX-OS release 7.2(0) has the resolution to the issue of VTP bombing.
With VTP version 3, only a switch can be a primary server which is allowed to update other devices in LAN. Secondary servers will update its database from the Primary exclusively. This resolves the issue faced in VTP bombing in VTP version 1 and 2.
Prevention Techniques
- Set VTP Mode to Transparent: This prevents the switch from participating in VTP updates but still allows VLANs to be configured locally.
- Monitor Revision Numbers: Regularly check and track VTP revision numbers across switches.
- Use VTP Domain Passwords: Applying a password to the VTP domain can help prevent unauthorized switches from joining and propagating changes.
- Ensure Proper Configuration Before Connecting New Switches: Always verify the VTP revision number and VLAN configuration before introducing new hardware into the network.
This issue can cause significant disruptions, so it’s critical to implement best practices to mitigate risks in VTP-managed environments.
Continue Reading:
VTP Modes and Versions: VTP v1, VTP v2 and VTP v3
ABOUT THE AUTHOR
I am here to share my knowledge and experience in the field of networking with the goal being – “The more you share, the more you learn.”
I am a biotechnologist by qualification and a Network Enthusiast by interest. I developed interest in networking being in the company of a passionate Network Professional, my husband.
I am a strong believer of the fact that “learning is a constant process of discovering yourself.”
– Rashmi Bhardwaj (Author/Editor)
