VTP Domain Names

veritas_libertas

I searched through TE and couldn't find a spot where this question was specifically answered. I've just reading up on VLANs in Odom' ICND2 book, and I have to say it's like drinking out of a water hose. I understand that VTP allows VLANs to share configuration settings, and from the way I'm reading it dynamically updates each switch within the domain with the correct VLANs and names for the VLANs. What I'm trying to understand is if we are creating entirely different Broadcast Domains based on which domain is being used.

Please let me know if I got any of this wrong or if I'm on track.

SharkDiver

I'm not 100% sure I understand what you are looking for.

If the domain names match, they will share info. If the domain names don't they won't.
I assume that you could create two different domains, put some switches in one and some in the other and have them share different information, but I'm not sure why you would want to do that.

veritas_libertas

I'm trying to think of how to explain to you what I mean. So imagine you have two VTP Domains (VTP1 and VTP2) each with VLAN 1-5. Would VTP Domain 1's VLAN 1-5 be able to communicate with VTP Domain 2's VLAN 1-5? In other word's could I ping a host in one domain from another domain? I'm trying to understand the purpose of this whole VTP domain. It's feeling more complex than I'm guessing it actually is.

SharkDiver

OK. I got you now.

VTP only distributes VLANs. If you have two hosts in VLAN 3 on two different switches, but one got its info via VTP and the other got it manually, they can still talk to each other regardless of the domain.

If you set up a VTP domain on a switch and have it distribute info via VTP to 3 of your other 4 switches, you can still manually create the vlans on that 4th switch and the hosts will be able to communicate.

Think of VTP as a shortcut and nothing more.

veritas_libertas

What's the point of having more than one VTP domain if they are simply sharing the same VLAN information? Is it used simply to distribute the work load between multiple admins?

networker050184

VTP is there to cut down the configuration of pushing a new VLAN out to all of your switches. Imagine you had 10 switches you have to create a new VLAN on. You could log into each one and type the commands or you can log into a VTP server and create the VLAN one time.

Keep in mind VTP does not influence traffic forwarding. Its strictly for the creation of VLANs.

SharkDiver

I guess that could be one use.

I always just thought of the domain name and password sort of like a username and password.

If someone connects a switch to your network and knows the VTP domain name and VTP password, they can easily take down your network by deleting VLANs.

If they don't know those two things, they can't join the domain and can't change VLAN info on your switches.

veritas_libertas

networker050184 wrote: »

VTP is there to cut down the configuration of pushing a new VLAN out to all of your switches. Imagine you had 10 switches you have to create a new VLAN on. You could log into each one and type the commands or you can log into a VTP server and create the VLAN one time.

Keep in mind VTP does not influence traffic forwarding. Its strictly for the creation of VLANs.

I understand that, but I'm still confused about why you would need more than one VTP domain.

SharkDiver

For exam purposes, all you need to know is that the VTP domain and password must match for the VTP info to be distributed.

wirerat

veritas_libertas wrote: »

I understand that, but I'm still confused about why you would need more than one VTP domain.

Different physical sites. Different "domains" of control.

networker050184

You don't need more than one domain. You could use two domains if you had, say a group of DMZ switches and a group of internal switches and all connect through a common core switched infrastructure. You could have your DMZ VTP domain that shared all the VLANs and an internal VTP domain that shared VLANs, but none were to be shared among them.

Again, keep in mind this is just for administration (creation, deletion) of VLANs. If you create VLAN 3 in both domains they are the same VLAN as far as traffic forwarding is concerned. When traffic is forwarded the only thing that is carried in the header is the VLAN number. No mention of name or VTP domain etc.

veritas_libertas

networker050184 wrote: »

You don't need more than one domain. You could use two domains if you had, say a group of DMZ switches and a group of internal switches and all connect through a common core switched infrastructure. You could have your DMZ VTP domain that shared all the VLANs and an internal VTP domain that shared VLANs, but none were to be shared among them.

That's kind of what I thought might be going on. A VLAN 3 can communicate with VLAN 3 no matter which domain it is in. The real purpose than is to control a certain section, part, of a network. Am I understanding that right Networker?

Thanks for taking the time to address my question.

networker050184

That would be a reason to create more than one domain, yes. Or think of it as an acquisition and merging networks. There may be two domains you have to deal with even if not by an original design.

veritas_libertas

networker050184 wrote: »

That would be a reason to create more than one domain, yes. Or think of it as an acquisition and merging networks. There may be two domains you have to deal with even if not by an original design.

That makes sense.

Thanks to everyone that contributed to helping me make sense of VLANs.

YFZblu

veritas_libertas wrote: »

I understand that, but I'm still confused about why you would need more than one VTP domain.

Great question, one I hadn't thought of
If it helps any, Jeremy in CBT Nuggets said many admins don't even use VTP anyway because half of them have been burned by it in the past, or they're fearful of being burned by it. I don't think you'll come accross an example on the exam in which multiple Domains are utilized.