Networking Tutorials

VTP Explained: Central VLAN Management & Its Dangers

VTP (VLAN Trunking Protocol) lets you create a VLAN once on a server switch and have it automatically propagate to all other switches in the domain over trunk links — saving repetitive configuration. Powerful, but carrying a notorious danger that has taken down real networks.

The three modes

  • Server — can create/modify/delete VLANs; changes propagate to the domain
  • Client — receives and applies the database but can't modify it
  • Transparent — ignores VTP for its own VLANs but forwards VTP messages through

The revision-number danger

VTP uses a revision number that increments with each change; switches accept any database with a higher revision. The catastrophe: connect an old switch with a higher revision number (from previous use) and it overwrites the entire domain's VLAN database — potentially deleting production VLANs and blackholing traffic instantly. This has caused real outages.

Common mistakes and the safe practice

Never connect a switch to a production VTP domain without first resetting its revision to zero — change its VTP domain name to something else and back, or set it to transparent mode. Many engineers now avoid VTP entirely (or use VTPv3, which is safer) and configure VLANs manually. See the VTP lab to see propagation in action.

Frequently asked questions

What does VTP do?

It propagates VLAN database changes (create/modify/delete) from a server switch to all switches in the domain over trunks, avoiding repetitive per-switch configuration.

What is the famous VTP danger?

A switch with a higher revision number can overwrite the whole domain's VLAN database — even deleting production VLANs. Always reset a switch's revision before connecting it.

What are the VTP modes?

Server (can modify VLANs and propagate), Client (receives only), and Transparent (ignores VTP for itself but forwards messages).

How do you safely add a switch to a VTP domain?

Reset its revision number to zero first — by changing its VTP domain name to a dummy and back, or setting it to transparent mode — before connecting.

VS
Vipul Sir — Lead Instructor, Attila Technologies20+ years in Cisco networking. Teaching CCNA, CCNP, CCIE & CyberOps in Ahmedabad since 2004.

Want hands-on training?

Learn this on real Cisco lab devices with placement support at Attila Technologies, Ahmedabad.

Start your networking career with Attila Technologies

Hands-on Cisco training, real lab devices and placement support in Ahmedabad.