Real world uses of VTP Transparent mode

--chris----chris-- Member Posts: 1,518 ■■■■■□□□□□
I have been looking for some real world scenarios where you would want to set this mode on a switch but have not found any good examples.

Anyone see or use this in production before? Why?


Comments

  • azaghulazaghul Member Posts: 569 ■■■■□□□□□□
    We have 40+ sites and 5 data centres, all switches are VTP transparent. For all sites we don't want a VLAN database propagated by accident, and in the DCs we need more that 1024 VLANS.
  • networker050184networker050184 Mod Posts: 11,962 Mod
    Always have used tranparent on all switches.
    An expert is a man who has made all the mistakes which can be made.
  • OfWolfAndManOfWolfAndMan Member Posts: 923 ■■■■□□□□□□
    For IOS 15.x, the standard has been VTP mode off, but transparent is a best practice where I worked at prior to 15.x. It's not so much malicious users trying to propagate an incorrect VLAN database as the VTP password is required. More so, it's the technicians causing VTP chaos because they forgot to change VTP mode to client. Yes, it can happen. No, it's not pretty.
    :study:Reading: Lab Books, Ansible Documentation, Python Cookbook 2018 Goals: More Ansible/Python work for Automation, IPSpace Automation Course [X], Build Jenkins Framework for Network Automation []
  • Node ManNode Man Member Posts: 668 ■■■□□□□□□□
    The possibility of a new engineering accidentally messing up a network is very possible. I cant find it, but I thought I read that Cisco no longer recommends the use of VTP.
  • theodoxatheodoxa Member Posts: 1,340 ■■■■□□□□□□
    If you're using VTPv1 or v2, Transparent effectively disables VTP so that you don't accidentally nuke your VLANs by inserting a switch with a higher revision number into the network. VTPv3 is supported on the newest IOSes (requires a newer switch like a 3560, 3750, etc...) VTPv3 contains various mechanisms to prevent you from accidentally nuking your VLANs as well as the ability to directly disable VTP. VTPv1 and v2 couldn't be turned off. Transparent mode (Forwards VTP Frames, but doesn't Process them) was the closest thing to disabling VTP.
    R&S: CCENT CCNA CCNP CCIE [ ]
    Security: CCNA [ ]
    Virtualization: VCA-DCV [ ]
  • Admiral AkmirAdmiral Akmir Member Posts: 40 ■■□□□□□□□□
    "Friends don't let friends use VTP in production networks." -Keith Barker
  • HeeroHeero Member Posts: 486
    From a practical standpoint, transparent mode basically just disables VTP. On newer switches that support VTPv3, you can actually turn VTP completely off ("vtp mode off stp" or something like that).

    The only VTP implementation that anyone should ever even consider is VTPv3 since it fixes the whole "nuke your entire layer 2 architecture" issue and it can also be used to update MSTP information for the entire layer 2 domain which can be very handy. However, if you can manage the vlans manually, do it. And if you are in a decent sized organization, you are probably better off writing a script to add/remove vlans from a group of devices rather than using VTP.
Sign In or Register to comment.