VTP

Someone asked me recently, "why would you not use VTP". Thought I could give a short blurb here.

VTP - VLAN Trunking Protocol

Cisco uses VTP (other vendors have MVRP (standards based) for the same thing) to share vlans among switches. If you had 30 switches in a building, that all needed to have a a vlan added, logging into 30 switches to add the vlan is certainly more work than doing it on a single switch.

First you decide what switches you think will need to all share the same vlans, and add them to the VTP domain. Set the VTP password, and set all but one or two of the switches to client mode (not necessary but helps keep things simpler if you always make changes to a single switch). You can then log into any of the server mode switches and add or remove a vlan, and the change will be propagated to the entire domain.

Transparent mode, a third option, allows you to add or remove vlans (like server mode) but will never send out it's own database to propagate the network.

Now back to the original question, why would you not want to use VTP.
1. You are a control freak and want to make sure you control every change individually.
2. The switches all need different vlans, they share very few. Having 20 different VTP domains with only 4 or 5 switches per domain would be more work keeping the domains straight than simply logging in and making the changes individually.
3. Too Many Vlans - 2950 switches and before, I believe (I know 3500s for sure), only support 64 vlans. If VTP propagates more than 64 vlans to those switches, random vlans are chosen to not be added. If a vlan that that switch needs is missing, you have problems.
4. If you are adding a switch to a production network, ALWAYS ALWAYS change to an unused domain and delete vlan.dat to erase the vlans. Verify that show vtp stat shows a 0 (or lower than your production network) revision number or you will lose all your vlans.


Common misconceptions:
1. Switches in Client mode can't overwrite the config on one in server mode
The vlan database used is decided entirely upon the revision number. Every time you add or remove a vlan, the revision number is increased by one and "should" be higher than all the other switches. Because it is higher it is passed out as the new database. If you bring in a switch in client mode with the same domain name and higher revision number, the entire database of all the other switches is lost forever, including those in server mode.
2. Only Client mode switches receive updates
Client mode only means that you cannot add or remove vlans directly to that switches command line. Apart from that, Server and Client modes are identical, they all receive updates.
3. Switches in Transparent mode do not pass any VTP updates
Transparent mode means the switch will not pass any copies of it's own database, if you connect two switches to the transparent with different revision numbers, the transparent switch will pass that info between them.