Vtp Version 3 - Cisco Catalyst 2960 series Configuration Manual

VTP Version 3

• Version-Dependent Transparent Mode—In VTP version 1, a VTP transparent switch inspects VTP
• Consistency Checks—In VTP version 2, VLAN consistency checks (such as VLAN names and values)
Related Topics
Enabling the VTP Version, on page 29
VTP Version 3
VTP version 3 supports these features that are not supported in version 1 or version 2:
• Enhanced authentication—You can configure the authentication as hidden or secret. When hidden, the
• Support for extended range VLAN (VLANs 1006 to 4094) database propagation—VTP versions 1 and
• Support for any database in a domain—In addition to propagating VTP information, version 3 can
• VTP primary server and VTP secondary servers—A VTP primary server updates the database information
• The option to turn VTP on or off on a per-trunk (per-port) basis—You can enable or disable VTP per
Catalyst 2960-X Switch VLAN Configuration Guide, Cisco IOS Release 15.0(2)EX
18
messages for the domain name and version and forwards a message only if the version and domain name
match. Although VTP version 2 supports only one domain, a VTP version 2 transparent switch forwards
a message only when the domain name matches.
are performed only when you enter new information through the CLI or SNMP. Consistency checks are
not performed when new information is obtained from a VTP message or when information is read from
NVRAM. If the MD5 digest on a received VTP message is correct, its information is accepted.
secret key from the password string is saved in the VLAN database file, but it does not appear in plain
text in the configuration. Instead, the key associated with the password is saved in hexadecimal format
in the running configuration. You must reenter the password if you enter a takeover command in the
domain. When you enter the secret keyword, you can directly configure the password secret key.
2 propagate only VLANs 1 to 1005. If extended VLANs are configured, you cannot convert from VTP
version 3 to version 1 or 2.
VTP pruning still applies only to VLANs 1 to 1005, and VLANs 1002 to 1005 are still
Note
reserved and cannot be modified.
propagate Multiple Spanning Tree (MST) protocol database information. A separate instance of the VTP
protocol runs for each application that uses VTP.
and sends updates that are honored by all devices in the system. A VTP secondary server can only back
up the updated VTP configurations received from the primary server to its NVRAM.
By default, all devices come up as secondary servers. You can enter the vtp primary privileged EXEC
command to specify a primary server. Primary server status is only needed for database updates when
the administrator issues a takeover message in the domain. You can have a working VTP domain without
any primary servers. Primary server status is lost if the device reloads or domain parameters change,
even when a password is configured on the switch.
port by entering the [no] vtp interface configuration command. When you disable VTP on trunking
ports, all VTP instances for that port are disabled. You cannot set VTP to off for the MST database and
on for the VLAN database on the same port.
Configuring VTP
OL-29065