Categories
Welcome Center
Education & Development
Discussions
Certification Preparation
Recent Posts
Groups
Free Resources
Ebooks
Free Workshops
Trending Certifications Infographic
Infosec Training
IT & Security Training
Live Boot Camps
Security Awareness Training
About Infosec Institute
Home
Certification Preparation
Cisco
CCST & CCNA (Entry-level & Associate)
Real world uses of VTP Transparent mode
--chris--
I have been looking for some real world scenarios where you would want to set this mode on a switch but have not found any good examples.
Anyone see or use this in production before? Why?
Find more posts tagged with
Save $250 on 2025 certification boot camps from Infosec!
Book now with code EOY2025
Button
Comments
azaghul
We have 40+ sites and 5 data centres, all switches are VTP transparent. For all sites we don't want a VLAN database propagated by accident, and in the DCs we need more that 1024 VLANS.
networker050184
Always have used tranparent on all switches.
OfWolfAndMan
For IOS 15.x, the standard has been VTP mode off, but transparent is a best practice where I worked at prior to 15.x. It's not so much malicious users trying to propagate an incorrect VLAN database as the VTP password is required. More so, it's the technicians causing VTP chaos because they forgot to change VTP mode to client. Yes, it can happen. No, it's not pretty.
Node Man
The possibility of a new engineering accidentally messing up a network is very possible. I cant find it, but I thought I read that Cisco no longer recommends the use of VTP.
theodoxa
If you're using VTPv1 or v2, Transparent effectively disables VTP so that you don't accidentally nuke your VLANs by inserting a switch with a higher revision number into the network. VTPv3 is supported on the newest IOSes (requires a newer switch like a 3560, 3750, etc...) VTPv3 contains various mechanisms to prevent you from accidentally nuking your VLANs as well as the ability to directly disable VTP. VTPv1 and v2 couldn't be turned off. Transparent mode (Forwards VTP Frames, but doesn't Process them) was the closest thing to disabling VTP.
Admiral Akmir
"Friends don't let friends use VTP in production networks." -Keith Barker
Heero
From a practical standpoint, transparent mode basically just disables VTP. On newer switches that support VTPv3, you can actually turn VTP completely off ("vtp mode off stp" or something like that).
The only VTP implementation that anyone should ever even consider is VTPv3 since it fixes the whole "nuke your entire layer 2 architecture" issue and it can also be used to update MSTP information for the entire layer 2 domain which can be very handy. However, if you can manage the vlans manually, do it. And if you are in a decent sized organization, you are probably better off writing a script to add/remove vlans from a group of devices rather than using VTP.
Quick Links
All Categories
Recent Posts
Activity
Unanswered
Groups
Best Of
INFOSEC Boot Camps
$250
OFF
Use code
EOY2025
to receive $250 off your 2025 certification boot camp!
BROWSE BOOT CAMPS
