[[cisco:config:vtp-the-vlan-trunking-protocol]]
 
Zuletzt angesehen: » DreamBox 8000 HDTV » Dreambox Modelle » WPA2 Hack mit oder ohne MAC Filter » Netzwerk Anschlussarten » IBM ThinkPad T40 - Akku Kapazität erhöhen und Akku Laufzeit auffrischen » Microsoft Windows Vista SP2 - Tipps und Tricks » ClamAV zur Spambekämpfung nutzen » Cisco Router - DSL as Backup Line » Apache Module mod_rewrite Tutorial (Part 4) » Cisco VTP - VLAN Trunking Protocol
Inhaltsverzeichnis

Cisco VTP - VLAN Trunking Protocol

VLAN Trunking Protocol (VTP) is a Cisco Layer 2 messaging protocol that manages the addition, deletion, and renaming of VLANs on a network-wide basis. Virtual Local Area Network (VLAN) Trunk Protocol (VTP) reduces administration in a switched network. When you configure a new VLAN on one VTP server, the VLAN is distributed through all switches in the domain. This reduces the need to configure the same VLAN everywhere. VTP is a Cisco-proprietary protocol that is available on most of the Cisco Catalyst Family products.

VTP ensures that all switches in the VTP domain are aware of all VLANs. There are occasions, however, when VTP can create unnecessary traffic. All unknown unicasts and broadcasts in a VLAN are flooded over the entire VLAN. All switches in the network receive all broadcasts, even in situations where few users are connected in that VLAN. VTP pruning is a feature used to eliminate (or prune) this unnecessary traffic.


By default, all Cisco Catalyst switches are configured to be VTP servers. This is suitable for small-scale networks where the size of the VLAN information is small and easily stored in all switches (in NVRAM). In a large network, a judgment call must be made at some point when the NVRAM storage needed is wasted, because it is duplicated on every switch. At this point, the network administrator should choose a few well-equipped switches and keep them as VTP servers. Everything else participating in VTP can be turned into a client. The number of VTP servers should be chosen so as to provide the degree of redundancy desired in the network.

Modes of Operation

Server

In VTP server mode, you can create, modify, and delete VLANs and specify other configuration parameters (such as VTP version and VTP pruning) for the entire VTP domain. VTP servers advertise their VLAN configuration to other switches in the same VTP domain and synchronize their VLAN configuration with other switches based on advertisements received over trunk links. VTP server is the default mode.

Transparent

VTP transparent switches do not participate in VTP. A VTP transparent switch does not advertise its VLAN configuration and does not synchronize its VLAN configuration based on received advertisements. However, in VTP version 2, transparent switches do forward VTP advertisements that they receive out their trunk ports.

Client

VTP clients behave the same way as VTP servers, but you cannot create, change, or delete VLANs on a VTP client.

Advertisements

Summary Advertisements

When the switch receives a summary advertisement packet, it compares the VTP domain name to its own VTP domain name. If the name is different, the switch simply ignores the packet. If the name is the same, the switch then compares the configuration revision to its own revision. If its own configuration revision is higher or equal, the packet is ignored. If it is lower, an advertisement request is sent.

Subset Advertisements

When you add, delete, or change a VLAN in a switch, the server switch where the changes were made increments the configuration revision and issues a summary advertisement, followed by one or several subset advertisements. A subset advertisement contains a list of VLAN information. If there are several VLANS, more than one subset advertisement may be required in order to advertise them all.

A switch needs a VTP advertisement request in the following situations:

  • The switch has been reset.
  • The VTP domain name has been changed.
  • The switch has received a VTP summary advertisement with a higher configuration revision than its own.

Upon receipt of an advertisement request, a VTP device sends a summary advertisement, followed by one or more subset advertisements.

VLAN Pruning

VTP can prune unneeded VLANs from trunk links. VTP maintains a map of VLANs and switches, enabling traffic to be directed only to those switches known to have ports on the intended VLAN. This enables more efficient use of trunk bandwidth.

Each switch will advertise which VLANs it has active to neighboring switches. The neighboring switches will then „prune“ VLANs that are not active across that trunk, thus saving bandwidth. If a VLAN is then added to one of the switches, the switch will then re-advertise it's active VLANs so that pruning can be updated by its neighbors. For this to work, VLAN pruning must be enabled on both ends of the trunk. It is easiest to enable VLAN pruning for an entire VTP management domain by simply enabling it on one of the VTP servers for that domain. To enable VLAN pruning for a VTP domain, enter the following command on a VTP server for that domain… 

VTP_Server_Sw1(config)# vtp pruning

This will then propagate to all switches in the vtp domain.

VTP security

VTP may operate unauthenticated, in which case an attacker can easily inject spoofed VTP packets in order to add/delete VLAN information. Tools such as Yersinia are freely available to do that. A password can be set for the VTP domain: it is used in conjunction with the MD5 hash function to provide authentication of VTP packets. However, this optional password authentication should not conceal the fact that it is very risky to use VTP in sensitive environments.

VTP Problems

When inserting a vtp client or server with a higher config revision number, the other switches will delete their configuration information and take the VLAN information from the inserted switch. The only way to get the deleted information back is to add the missing VLANs and delete the unwanted VLANs. To avoid this you should set the switch you're inserting into the network to transparent mode because that resets the configuration number, then switch it back to client or server mode. Another way of resetting the configuration number is to change the domain name to something else, like „test“, then change it back.

Another problem can happen when you are inserting a switch with a different VTP domain name.

VTP can affect DTP (Dynamic Trunking Protocol) - switches will not form trunks unless they have matching VTP domain names (see diagram).

As you can see in the image above switch B is on a different VTP domain than A and C. If on switch A more VLANs were added switch C wouldn't get the update because switch B would drop all the messages. To fix this, if you want to add switch B into the same cloud as the others then you would have to change the domain name to Cisco and then they would all synchronize to switch A. But you would have to re add any VLANs deleted on switch B.

Configuration

To configure an IOS based switch to be a VTP server, issue the following commands: 

SwitchA# vlan database 
SwitchA(vlan)# vtp domain vtpdom 
SwitchA(vlan)# vtp server 
SwitchA(vlan)# exit

These commands configure the switch to be a VTP server in the VTP domain vtpdom. The changes are saved and the revision number is incremented when the exit command is issued.

To configure a VTP client, run the following commands: 

SwitchB# vlan database
SwitchB(vlan)# vtp domain vtpdom
SwitchB(vlan)# vtp client
SwitchB(vlan)# exit

To disable VTP, set the vtp mode to transparent as such: 

SwitchC# vlan database
SwitchC(vlan)# vtp transparent
SwitchC(vlan)# exit

To monitor the VTP operation and status, use either: 

SwitchA# show vtp status
SwitchA# show vtp counters
cisco/config/vtp-the-vlan-trunking-protocol.txt · Zuletzt geändert: 12.09.2009 12:46 (Externe Bearbeitung)
 
Recent changes RSS feed Creative Commons License Donate Powered by PHP Valid XHTML 1.0 Valid CSS Driven by DokuWiki No Bad-Bot!
Guestbook