The VLAN Trunking Protocol (VTP) version 3 is backwards compatible with version 2 but not with version 1. VTP version 3 supports Extended VLAN range (1006-4094), Private VLAN (PVLAN), Multiple Spanning Tree (MST), encrypt/hash VTP password and many more.
The main command for checking VTP info in a Cisco switch is show vtp status. The current VTP version is 1.
SW01#show vtp
status
VTP Version
capable : 1 to 3
VTP version running : 1
VTP Domain Name :
VTP Pruning
Mode : Disabled
VTP Traps
Generation : Disabled
Device ID : aabb.cc00.0200
Configuration last
modified by 0.0.0.0 at 0-0-00 00:00:00
Local updater ID is
0.0.0.0 (no valid interface found)
Feature VLAN:
--------------
VTP Operating Mode : Server
Maximum VLANs
supported locally : 1005
Number of existing
VLANs : 5
Configuration
Revision : 0
MD5 digest : 0x57 0xCD 0x40 0x65
0x63 0x59 0x47 0xBD
0x56 0x9D
0x4A 0x3E 0xA5 0x69 0x35 0xBC
Before changing to VTP version 3, you'll need to set the VTP domain first.
SW01#configure terminal
Enter configuration
commands, one per line. End with CNTL/Z.
SW01(config)#vtp
version ?
<1-3>
Set the administrative domain VTP version number
SW01(config)#vtp version 3
Cannot set the version to 3 because domain name is
not configured
SW01(config)#
SW01(config)#vtp
domain LAB
Changing VTP domain name from NULL to LAB
SW01(config)#
SW01(config)#vtp
version 3
SW01(config)#
SW01(config)#vlan
99
VTP VLAN configuration not allowed when device is
not the primary server for vlan database.
SW01(config)#
SW01(config)#end
In order to add/create Layer 2 VLANs, set the switch to VTP Primary using the privilege EXEC command vtp primary.
SW01#vtp ?
password
Set the password for the VTP administrative domain.
primary
Make the system as the primary server
pruning
Set the administrative domain to permit pruning.
version
Set the adminstrative domain VTP version
SW01#vtp primary
?
force
Do not check for conflicting devices
mst
MST feature
vlan
Vlan feature
<cr>
SW01#vtp primary
This system is becoming primary server for feature
vlan
No conflicting VTP3
devices found.
Do you want to
continue? [confirm]
SW01#
*Jan 29 02:57:46.373:
%SW_VLAN-4-VTP_PRIMARY_SERVER_CHG: aabb.cc00.0200 has become the primary server
for the VLAN VTP feature
SW01#configure terminal
Enter configuration
commands, one per line. End with CNTL/Z.
SW01(config)#vlan
99
SW01(config-vlan)#name
TEST
SW01(config-vlan)#end
SW01#show vtp
status
VTP Version
capable : 1 to 3
VTP version running : 3
VTP Domain Name : LAB
VTP Pruning
Mode : Disabled
VTP Traps
Generation : Disabled
Device ID : aabb.cc00.0200
Feature VLAN:
--------------
VTP Operating Mode : Primary Server
Number of existing
VLANs : 6
Number of existing
extended VLANs : 0
Maximum VLANs
supported locally : 4096
Configuration
Revision : 2
Primary ID : aabb.cc00.0200
Primary
Description : SW01
MD5 digest : 0x69 0x34 0x9F 0x61
0x0A 0xF0 0x29 0x1F
0xAE 0xDB
0xFA 0x70 0xCA 0x10 0x50 0x35
Feature MST:
--------------
VTP Operating
Mode : Transparent
Feature UNKNOWN:
--------------
VTP Operating
Mode : Transparent
SW01#show vlan
brief
VLAN Name Status Ports
----
-------------------------------- --------- -------------------------------
1 default active Et0/0, Et0/3, Et1/0, Et1/1
Et1/2, Et1/3, Et2/0, Et2/1
Et2/2, Et2/3, Et3/0, Et3/1
Et3/2, Et3/3
99 TEST active
1002
fddi-default
act/unsup
1003
trcrf-default
act/unsup
1004
fddinet-default
act/unsup
1005
trbrf-default
act/unsup
The VTP password is shown in plain text. In VTP version 3, you can "hide" or hash the password.
SW01#configure terminal
Enter configuration
commands, one per line. End with CNTL/Z.
SW01(config)#vtp
password cisco123
Setting device VTP
password to cisco123
SW01(config)#do
show vtp password
VTP Password: cisco123
SW01(config)#vtp
password ?
WORD
The ascii password for the VTP administrative domain.
SW01(config)#vtp
password cisco123 ?
hidden
Set the VTP password hidden option
secret
Specify the vtp password in encrypted form
<cr>
SW01(config)#vtp password cisco123 hidden
Setting device VTP password
SW01(config)#
SW01(config)#do
sh vtp password
VTP Password: DD9E88A11A75B21E42627A20F00FD980
If you're adding another switch, just copy/paste the hashed string and use the keyword secret.
SW02(config)#vtp
password DD9E88A11A75B21E42627A20F00FD980 secret