+ Reply to Thread
Results 1 to 8 of 8
  1. Senior Member --chris--'s Avatar
    Join Date
    Jul 2013
    Location
    Metro Detroit
    Posts
    1,387

    Certifications
    ITIL F, C|EH
    #1

    Default Real world uses of VTP Transparent mode

    I have been looking for some real world scenarios where you would want to set this mode on a switch but have not found any good examples.

    Anyone see or use this in production before? Why?


    Reply With Quote Quote  

  2. SS -->
  3. Senior Member
    Join Date
    Jun 2009
    Location
    Gosford, Australia
    Posts
    567

    Certifications
    CCNA, CCDA, CCNA:Voice(IIUC), CCNP:Voice
    #2
    We have 40+ sites and 5 data centres, all switches are VTP transparent. For all sites we don't want a VLAN database propagated by accident, and in the DCs we need more that 1024 VLANS.
    Reply With Quote Quote  

  4. Went to the dark side.... Moderator networker050184's Avatar
    Join Date
    Jul 2007
    Posts
    11,643

    Certifications
    CCNA, CCNP, CCIP, JNCIA-JUNOS, JNCIS-SP, JNCIP-SP, MCA200
    #3
    Always have used tranparent on all switches.
    An expert is a man who has made all the mistakes which can be made.
    Reply With Quote Quote  

  5. Roaming teh Bytes OfWolfAndMan's Avatar
    Join Date
    Oct 2013
    Location
    Grandma's basement
    Posts
    869

    Certifications
    A/L/P/S+, CCNP R&S, CCDA, CCDP, CCNA R&S/Sec, ACIS ERS 8K & VSP 9K, BS: IT Security
    #4
    For IOS 15.x, the standard has been VTP mode off, but transparent is a best practice where I worked at prior to 15.x. It's not so much malicious users trying to propagate an incorrect VLAN database as the VTP password is required. More so, it's the technicians causing VTP chaos because they forgot to change VTP mode to client. Yes, it can happen. No, it's not pretty.
    Reading: Lab Books, Ansible Documentation Goals: Bash Shell/Python Automation Refinement [], CCIE R&S Written [X], AWS Certified Solutions Architect Associate (Maybe) [] CCIE R&S Counter: Somewhere between zero and infinity
    Reply With Quote Quote  

  6. Senior Member Node Man's Avatar
    Join Date
    Dec 2012
    Location
    LV426
    Posts
    600

    Certifications
    CCENT, CCNA R&S, CCNP-R&S, CE-A
    #5
    The possibility of a new engineering accidentally messing up a network is very possible. I cant find it, but I thought I read that Cisco no longer recommends the use of VTP.
    Reply With Quote Quote  

  7. Senior Member
    Join Date
    Jan 2013
    Location
    Florida
    Posts
    1,321

    Certifications
    CCNP: R&S, CIW: Web Foundations; MCTS: Active Directory; MCP: 2000 Professional; CNA: NetWare 5; CompTIA A+
    #6
    If you're using VTPv1 or v2, Transparent effectively disables VTP so that you don't accidentally nuke your VLANs by inserting a switch with a higher revision number into the network. VTPv3 is supported on the newest IOSes (requires a newer switch like a 3560, 3750, etc...) VTPv3 contains various mechanisms to prevent you from accidentally nuking your VLANs as well as the ability to directly disable VTP. VTPv1 and v2 couldn't be turned off. Transparent mode (Forwards VTP Frames, but doesn't Process them) was the closest thing to disabling VTP.
    Reply With Quote Quote  

  8. Member
    Join Date
    Feb 2014
    Posts
    40

    Certifications
    CCENT
    #7
    "Friends don't let friends use VTP in production networks." -Keith Barker
    Reply With Quote Quote  

  9. Senior Member
    Join Date
    Dec 2009
    Location
    Illinois
    Posts
    482

    Certifications
    A+, CCNA:S, CCNP
    #8
    From a practical standpoint, transparent mode basically just disables VTP. On newer switches that support VTPv3, you can actually turn VTP completely off ("vtp mode off stp" or something like that).

    The only VTP implementation that anyone should ever even consider is VTPv3 since it fixes the whole "nuke your entire layer 2 architecture" issue and it can also be used to update MSTP information for the entire layer 2 domain which can be very handy. However, if you can manage the vlans manually, do it. And if you are in a decent sized organization, you are probably better off writing a script to add/remove vlans from a group of devices rather than using VTP.
    Reply With Quote Quote  

+ Reply to Thread

Social Networking & Bookmarks