Propagating VLAN Information with VTP
Best practices: configuring switches in a VTP domain

Below are some general best practices with regard to configuring VTP in the Enterprise Composite Model:

  • Plan boundaries for the VTP domain; not all switches in the network need information on all VLANs in the network. In the Enterprise Composite model the VTP domain should be isolated to redundant distribution switches and the access switches they serve.
  • Have only one or two switches specifically configured as VTP servers and the remainder as clients.
  • Manually configure VTP on all switches installed in the network so the mode can be specified and the default mode of server on all switches can be overwritten.
  • Configure a password so that no switch can join the VTP domain with domain name only (which can be derived dynamically).
  • When setting up a new domain, configure VTP client switches first so they participate passively then configure servers to update client devices.
  • In an existing domain, if performing VTP cleanup, configure passwords on servers first. Clients may need to maintain current VLAN information until server contains a complete VLAN database. Once the VLAN database on the server is verified as complete, then client passwords can be configured to be the same as the servers. Clients will then accept updates from the server.