Vlan, VTP and Trunking are most fundamentals yet important topics in Layer 2 Networking.
I explain this topic from design, theory and hands-on perspective in my CCIE Enterprise Infrastructure Training.
Before using Vlan, VTP or enabling Trunk in the network, below best practices should be kept in mind.
Of course best practices may not be applicable to every network, so whichever is suitable for your network, on your networking devices, and necessary, then consider them.
- VTP is generally not recommended anymore because of configuration complexity and the potential for catastrophic failure. In other words, a small mistake on the VTP configuration can take whole network down.
- If VTP must be used, VTP Transparent mode is best practice because it decreases the potential for operational error.
- Always configure VTP Domain name and password.
- Manually prune unused VLANs from trunked interfaces to avoid broadcast propagation.
- Don’t keep default VLAN as native VLAN, it protects from VLAN hopping attacks.
- Disable trunks on host ports.
- Don’t put too many host in one VLAN; keep it small to provide manageable fault domain. In the same VLAN all broadcast unknown unicast packets have to be processed by all the nodes.
- If fast convergence is required, don’t use Dynamic Trunking Protocol (DTP). DTP slows down the convergence because switches negotiate the trunking mode.