While VTP may sound to make things cooler it also introduces vulnerabilities into the infrastructure if configured incorrectly.VTP pruning is used in conjecture with VTP to ensure that traffic destined to specific VLAN’s are not passed to switches that do not need it.

So the big question is, when a host on VLAN 112 sends broadcast traffic, does every single switch receive the broadcast?

The simple answer is yes, as the distro will forward the broadcast out every trunk link to every access switch except the one it was received on.

If you think about it, that is a big waste of resources.

Unlike VTP Server/Client, Transparent mode does not participate in the VTP domain at all however it transparent mode will pass VTP frame from one switch to the next.

Transparent switches are a perfect solution when placing a managed Cisco switch in the transit path of two VTP enabled switches, this way The VTP Server and VTP client(s) can still communicate through the transparent switch and operate correctly The downfall to transparent switches is that they must have the same VLAN’s they are a transit switch in a VTP domain.

A common implementation with a transparent switch in the transit path of two VTP enabled switches is the requirement for security.

The transparent switch needs to have a specific layer2 or layer 3 enabled VLAN that cannot be anywhere else on the network but still need access to all other VLAN’s.

Another example being a simple edge transparent switch that is considered strictly an access switch and does not trunk nor participate in VTP.

For an example lets say you have a three tier network with Core/Distro/Access layers and you have the VTP server configured on the distribution switches and the VLAN information propagates down to 24 access switches.

To get more detailed lets say a twelve floor building with two access switches per floor.

Lets say VLAN 112 is configured on the twelfth floor however due to VTP propagating the VLAN information to every single access switch, even switches on the first floor will have VLAN 112.