VLAN Trunking Protocol

Last updated

VLAN Trunking Protocol (VTP) is a Cisco proprietary protocol that propagates the definition of Virtual Local Area Networks (VLAN) on the whole local area network. [1] To do this, VTP carries VLAN information to all the switches in a VTP domain. VTP advertisements can be sent over 802.1Q, and ISL trunks. VTP is available on most of the Cisco Catalyst Family products. Using VTP, each Catalyst Family Switch advertises the following on its trunk ports:

Contents

There are three versions of VTP, namely version 1, version 2, version 3.

The comparable IEEE standard in use by other manufacturers is GVRP or the more recent MVRP.

Implementation details

Example without and with VTP VLAN Trunking Protocol.gif
Example without and with VTP

On Cisco Devices, VTP (VLAN Trunking Protocol) maintains VLAN configuration consistency across a single Layer 2 network. VTP uses Layer 2 frames to manage the addition, deletion, and renaming of VLANs from switches in the VTP client mode. VTP is responsible for synchronizing VLAN information within a VTP domain and reduces the need to configure the same VLAN information on each switch thereby minimizing the possibility of configuration inconsistencies that arise when changes are made.

Upside

VTP provides the following benefits:

Downside

When a new switch is added to the network, by default it is configured with no VTP domain name or password, but in VTP server mode. If no VTP Domain Name has been configured, it assumes the one from the first VTP packet it receives. Since a new switch has a VTP configuration revision of 0, it will accept any revision number as newer and overwrite its VLAN information if the VTP passwords match. However, if you were to accidentally connect a switch to the network with the correct VTP domain name and password but a higher VTP revision number than what the network currently has (such as a switch that had been removed from the network for maintenance and returned with its VLAN information deleted) then the entire VTP Domain would adopt the VLAN configuration of the new switch which is likely to cause loss of VLAN information on all switches in the VTP Domain, leading to failures on the network. Since Cisco switches maintain VTP configuration information separately from the normal configuration, and since this particular issue occurs so frequently, it has become known colloquially as the "VTP Bomb".

Before creating VLANs on the switch that will propagate via VTP, a VTP domain must first be set up. A VTP domain for a network is a set of all contiguously trunked switches with the matching VTP settings (domain name, password and VTP version). All switches in the same VTP domain share their VLAN information with each other, and a switch can participate in only one VTP management domain. Switches in different domains do not share VTP information. Non-matching VTP settings might result in issues in negotiating VLAN trunks, port-channels or Virtual Port Channels.

See also

Related Research Articles

The Spanning Tree Protocol (STP) is a network protocol that builds a loop-free logical topology for Ethernet networks. The basic function of STP is to prevent bridge loops and the broadcast radiation that results from them. Spanning tree also allows a network design to include backup links providing fault tolerance if an active link fails.

A virtual local area network (VLAN) is any broadcast domain that is partitioned and isolated in a computer network at the data link layer. In this context, virtual refers to a physical object recreated and altered by additional logic, within the local area network. Basically, a VLAN behaves like a virtual switch or network link that can share the same physical structure with other VLANs while staying logically separate from them. Between network devices, VLANs work by applying tags to network frames and handling these tags in networking systems – creating the appearance and functionality of network traffic that is physically on a single network but acts as if it is split between separate networks. In this way, VLANs can keep network applications separate despite being connected to the same physical network, and without requiring multiple sets of cabling and networking devices to be deployed.

A virtual private network (VPN) is a mechanism for creating a secure connection between a computing device and a computer network, or between two networks, using an insecure communication medium such as the public Internet.

Cisco Discovery Protocol (CDP) is a proprietary data link layer protocol developed by Cisco Systems in 1994 by Keith McCloghrie and Dino Farinacci. It is used to share information about other directly connected Cisco equipment, such as the operating system version and IP address. CDP can also be used for On-Demand Routing, which is a method of including routing information in CDP announcements so that dynamic routing protocols do not need to be used in simple networks.

IEEE 802.1Q, often referred to as Dot1q, is the networking standard that supports virtual local area networking (VLANs) on an IEEE 802.3 Ethernet network. The standard defines a system of VLAN tagging for Ethernet frames and the accompanying procedures to be used by bridges and switches in handling such frames. The standard also contains provisions for a quality-of-service prioritization scheme commonly known as IEEE 802.1p and defines the Generic Attribute Registration Protocol.

<span class="mw-page-title-main">Link aggregation</span> Using multiple network connections in parallel to increase capacity and reliability

In computer networking, link aggregation is the combining of multiple network connections in parallel by any of several methods. Link aggregation increases total throughput beyond what a single connection could sustain, and provides redundancy where all but one of the physical links may fail without losing connectivity. A link aggregation group (LAG) is the combined collection of physical ports.

<span class="mw-page-title-main">Cisco Catalyst</span> Ethernet switch product line

Catalyst is the brand for a variety of network switches, wireless controllers, and wireless access points sold by Cisco Systems. While commonly associated with Ethernet switches, a number of different types of network interfaces have been available throughout the history of the brand. Cisco acquired several different companies and rebranded their products as different versions of the Catalyst product line. The original Catalyst 5000 and 6000 series were based on technology acquired from Crescendo Communications. The 1700, 1900, and 2800 series Catalysts came from Grand Junction Networks, and the Catalyst 3000 series came from Kalpana in 1994.

<span class="mw-page-title-main">EtherChannel</span> Computer networking link aggregation technology

EtherChannel is a port link aggregation technology or port-channel architecture used primarily on Cisco switches. It allows grouping of several physical Ethernet links to create one logical Ethernet link for the purpose of providing fault-tolerance and high-speed links between switches, routers and servers. An EtherChannel can be created from between two and eight active Fast, Gigabit or 10-Gigabit Ethernet ports, with an additional one to eight inactive (failover) ports which become active as the other active ports fail. EtherChannel is primarily used in the backbone network, but can also be used to connect end user machines.

Cisco Inter-Switch Link (ISL) is a Cisco proprietary link layer protocol that maintains VLAN information in Ethernet frames as traffic flows between switches and routers, or switches and switches. ISL is Cisco's VLAN encapsulation protocol and is supported only on some Cisco equipment over the Fast and Gigabit Ethernet links. It is offered as an alternative to the IEEE 802.1Q standard, a widely used VLAN tagging protocol, although the use of ISL for new sites is deprecated by Cisco.

The Multiple Spanning Tree Protocol (MSTP) and algorithm, provides both simple and full connectivity assigned to any given virtual LAN (VLAN) throughout a bridged local area network. MSTP uses bridge protocol data unit (BPDUs) to exchange information between spanning-tree compatible devices, to prevent loops in each Multiple Spanning Tree instance (MSTI) and in the common and internal spanning tree (CIST), by selecting active and blocked paths. This is done as well as in Spanning Tree Protocol (STP) without the need of manually enabling backup links and getting rid of switching loop danger.

<span class="mw-page-title-main">Router on a stick</span> Router that has a single connection to a network

A router on a stick, also known as a one-armed router, is a router that has a single physical or logical connection to a network. It is a method of inter-VLAN routing where one router is connected to a switch via a single cable. The router has physical connections to the broadcast domains where one or more VLANs require the need for routing between them.

A switch virtual interface (SVI) represents a logical layer-3 interface on a switch.

Multiple Registration Protocol (MRP), which replaced Generic Attribute Registration Protocol (GARP), is a generic registration framework defined by the IEEE 802.1ak amendment to the IEEE 802.1Q standard. MRP allows bridges, switches or other similar devices to register and de-register attribute values, such as VLAN identifiers and multicast group membership across a large local area network. MRP operates at the data link layer.

The Dynamic Trunking Protocol (DTP) is a proprietary link layer protocol developed by Cisco Systems for the purpose of negotiating trunking on a link between two VLAN-aware switches, and for negotiating the type of trunking encapsulation to be used. VLAN trunks formed using DTP may utilize either IEEE 802.1Q or Cisco ISL trunking protocols.

<span class="mw-page-title-main">Private VLAN</span> Computer network security technique

Private VLAN, also known as port isolation, is a technique in computer networking where a VLAN contains switch ports that are restricted such that they can only communicate with a given uplink. The restricted ports are called private ports. Each private VLAN typically contains many private ports, and a single uplink. The uplink will typically be a port connected to a router, firewall, server, provider network, or similar central resource.

The VLAN Query Protocol (VQP) was developed by Cisco and allows end-devices on LANs to be authenticated via their MAC address and an appropriate VLAN attributed to the port, using a VLAN Management Policy Server (VMPS). VQP is a Cisco-only protocol that is supported only by older switches running CatOS. Many vendors have turned to support dynamic VLAN assignments using the 802.1x authentication protocol with a Radius server that has additional attributes designating the VLAN.

VLAN hopping is a computer security exploit, a method of attacking networked resources on a virtual LAN (VLAN). The basic concept behind all VLAN hopping attacks is for an attacking host on a VLAN to gain access to traffic on other VLANs that would normally not be accessible. There are two primary methods of VLAN hopping: switch spoofing and double tagging. Both attack vectors can be mitigated with proper switch port configuration.

Virtual Link Trunking (VLT) is a name that has been used for at least two proprietary network protocols. A link aggregation protocol developed by Force10 and an early VLAN tagging capability from 3Com.

<span class="mw-page-title-main">Broadcast, unknown-unicast and multicast traffic</span> Computer networking concept

Broadcast, unknown-unicast and multicast traffic is network traffic transmitted using one of three methods of sending data link layer network traffic to a destination of which the sender does not know the network address. This is achieved by sending the network traffic to multiple destinations on an Ethernet network. As a concept related to computer networking, it includes three types of Ethernet modes: broadcast, unicast and multicast Ethernet. BUM traffic refers to that kind of network traffic that will be forwarded to multiple destinations or that cannot be addressed to the intended destination only.

References