Below are some general best practices with regard to configuring VTP in the
Enterprise Composite Model:
- Plan boundaries for the VTP domain; not all switches in the network need
information on all VLANs in the network. In the Enterprise Composite model the
VTP domain should be isolated to redundant distribution switches and the access
switches they serve.
- Have only one or two switches specifically configured as VTP servers and
the remainder as clients.
- Manually configure VTP on all switches installed in the network so the mode
can be specified and the default mode of server on all switches can be
overwritten.
- Configure a password so that no switch can join the VTP domain with domain
name only (which can be derived dynamically).
- When setting up a new domain, configure VTP client switches first so they
participate passively then configure servers to update client devices.
- In an existing domain, if performing VTP cleanup, configure passwords on
servers first. Clients may need to maintain current VLAN information until
server contains a complete VLAN database. Once the VLAN database on the server
is verified as complete, then client passwords can be configured to be the same
as the servers. Clients will then accept updates from the server.