VTP

From Wikipedia, the free encyclopedia

VTP stands for VLAN Trunking Protocol, a protocol used for configuring and administering VLANs on Cisco network devices.

VTP operates on Cisco switches in one of three modes:

• Client.
• Server.
• Transparent.

Network administrators can change VLAN information on switches operating in server mode only. After the modifications are applied, they are distributed to all other devices in the VTP domain over trunk links. Devices operating in transparent mode do not apply these advertised modifications to themselves, nor do they advertise their own VLAN configuration. Transparent mode devices running VTP version 2 will forward VTP advertisements that come in on a trunking interface to other devices, but the transparent mode device itself will not act on these advertisements. Devices operating in client mode and other servers mode devices on the same domain automatically apply configuration changes received from the VTP domain.

VTP configurations on a network are monitored by a revision number. If the revision number of an update received on a client or server VTP switch is higher than the previous revision, then the new configuration is applied. Otherwise, the configuration is ignored. When new devices are added to a VTP domain, revision numbers should be reset on the entire domain to prevent conflicts. Utmost caution is advised when dealing with VTP topology changes, logical or physical.

Contents 1 VLAN Pruning 2 VTP security 3 See also 4 External links

[edit] VLAN Pruning

VTP also maintains a map of VLANs and switches, enabling traffic to be directed only to those switches known to have ports on the intended VLAN. This enables more efficient use of trunk bandwidth.

[edit] VTP security

VTP may operate unauthenticated, in which case an attacker can easily inject spoofed VTP packets in order to add/delete VLAN information. Tools such as Yersinia are freely available to do that.

A password can be set for the VTP domain: it is used in conjunction with the MD5 hash function to provide authentication of VTP packets.

However, this optional password authentication should not conceal the fact that it is very risky to use VTP in sensitive environments.

[edit] See also

• Dynamic Trunking Protocol
• GARP VLAN Registration Protocol

[edit] External links

• Cisco documentation: Configuring VTP and Virtual LANs on Catalyst 5000 Series
• Yersinia, a framework for Layer 2 protocols and attacks
• Cisco VLAN Trunking Protocol italian's document
• CCNA Self-Study (ICND Exam): Extending Switched Networks with Virtual LANs > VLAN Trunking Protocol: