Introduction to VTP (VLAN Trunking Protocol)

VLAN Trunk Protocol (VTP) reduces administration in a switched network. When you configure a new VLAN on one VTP server, the VLAN is distributed through all switches in the domain. This reduces the need to configure the same VLAN everywhere. VTP is a Cisco-proprietary protocol that is available on most of the Cisco Catalyst series products.

VTP Modes

You can configure a switch to operate in any one of these VTP modes:

Server—In VTP server mode, you can create, modify, and delete VLANs and specify other configuration parameters, such as VTP version and VTP pruning, for the entire VTP domain. VTP servers advertise their VLAN configuration to other switches in the same VTP domain and synchronize their VLAN configuration with other switches based on advertisements received over trunk links. VTP server is the default mode.

Client—VTP clients behave the same way as VTP servers, but you cannot create, change, or delete VLANs on a VTP client.

Transparent—VTP transparent switches do not participate in VTP. A VTP transparent switch does not advertise its VLAN configuration and does not synchronize its VLAN configuration based on received advertisements, but transparent switches do forward VTP advertisements that they receive out their trunk ports in VTP Version 2.

Off (configurable only in CatOS switches)—In the three described modes, VTP advertisements are received and transmitted as soon as the switch enters the management domain state. In the VTP off mode, switches behave the same as in VTP transparent mode with the exception that VTP advertisements are not forwarded.



VTP Configuration Guidelines

  • VTP defaults for the Cisco Catalyst switch:
  • VTP domain name: None
  • VTP mode: Server mode
  • VTP pruning: Enabled or disabled (model specific)
  • VTP password: Null
  • VTP version: Version 2
1. A new switch can automatically become part of a domain once it receives an advertisement from a server
2. A VTP client can overwrite a VTP server database if the client has a higher revision number

3. A domain name cannot be removed after it is assigned; it can only be reassigned

Important! When you connect new switch to the network make sure that his revision number is set 0. if the new switch revision number is greater than the server revision number all the VTP clients switch will update their VLAN database from the new switch. it can cause a wipe of all your VLANs in your network!

Client Configuration Revision
Server configuration Revision

So how can I reset the new switch revision number to zero?

it’s easy just change the VTP MODE in the new switch from server to a transpernt mode and back to client mode.


What is VTP Pruning?

  • VTP pruning is disabled by default in Cisco switches. VTP pruning helps to send broadcasts only to those trunk links that actually needs the information. For example, if switch A does not have a port configured for VLAN 7, and broadcast is sent throughout VLAN 7, that broadcast or traffic will not pass through the trunk link to switch A

Configure VTP

Configure SNMPV3 on Cisco Catalyst 2960.

I found that SNMPV3 works only with Cisco ios ver 15.2 and higher.

If your Cisco IOS is not 15.2 or higher you need download it from here.

  1. in this configuration, we will create 3 groups.

GroupRW – have read and write permission
GroupR – have only read permission
Full-Access – to give access to all the snmp Tree view


Lets START…

Switch(config)#snmp-server view Full-Access iso included

In this command, we give read permission to all iso view Tree


Switch(config)#snmp-server enable traps snmp linkdown linkup

This command permits the SNMP service to send traps of link up or down.


Switch(config)#snmp-server group GroupRW v3 priv read Full-Access write Full-Access

With this command, we created and give Read and write permission to the groupRW to all the ISO Tree.


Switch(config)#snmp-server user TestRW GroupRW v3 aut MD5 Master200 priv des Master300

With this command, We created user TestRW in GroupRW with MD5 Hash password “Master200” and DES Encryption password “Master300”.


Switch(config)#snmp-server group GroupRW v3 priv context vlan- match prefix read Full-Access write Full-Access notify Full-Access

We give GroupRW privileges to all VLANs.


Switch(config)#snmp-server group GroupR v3 priv read Full-Access

We created the Seconde group “GroupR” With only Read permission to all the ISO Tree)


Switch(config)#snmp-server user TestR GroupR v3 aut MD5 Slave200 priv des Slave300

We created user TestR in GroupR with MD5 password “Slave200” and DES password “Slave300”.


After defining two types of SNMPV3, one has only read and the other for reading and writing. We need to associate the different types of SNMP V3 with the IP addresses we want.

Switch(config)#snmp-server host X.X.X.X version 3 priv TestRW

We give HOST Ip X.X.X.X permission Read and Write to the switch.

Switch(config)#snmp-server host X.X.X.X version 3 priv TestR

We give HOST Ip X.X.X.X permission only to read to the switch

This is the full config just Copy&Paste.

Switch(config)#snmp-server view Full-Access iso included
Switch(config)#snmp-server enable traps snmp linkdown linkup

Switch(config)#snmp-server group GroupRW v3 priv read Full-Access write Full-Access

Switch(config)#snmp-server user TestRW GroupRW v3 aut MD5 Master200 priv des Master300

Switch(config)#snmp-server group GroupRW v3 priv context vlan- match prefix read Full-Access write Full-Access notify Full-Access

Switch(config)#snmp-server group GroupR v3 priv read Full-Access

Switch(config)#snmp-server user TestR GroupR v3 aut MD5 Slave200 priv des Slave300


Switch(config)#snmp-server host X.X.X.X version 3 priv TestRW
Switch(config)#snmp-server host X.X.X.X version 3 priv TestR

Configure Netflow on Cisco Catalyst WS-C3650-48PD

DR-Switch(config)# flow record record-1
match ipv4 protocol
match ipv4 source address
match ipv4 destination address
match transport source-port
match transport destination-port
match transport icmp ipv4 type
match transport icmp ipv4 code
match flow direction
collect transport tcp flags
collect counter bytes long
collect counter packets long
!
!
DR-Switch(config)#flow exporter exporter-1
destination X.X.X.X
source VlanX
transport udp 9996
!
!
DR-Switch(config)# flow monitor monitor-1
exporter exporter-1
record record-1
!
!
DR-Switch(config)#sampler sampler-1
mode random 1 out-of 10

  • After you finish the configuration you need to apply it on the interface that you want.
%d bloggers like this: