VTP – Solutions Haven

DTP and VTP

Posted on December 10, 2012August 17, 2019 by J P

Problem: Trunk links using DTP aren’t transitioning into a trunk state.

SW02 –


SW02#sh int trunk
SW02#

SW02#sh vtp status
VTP Version                     : running VTP2
Configuration Revision          : 0
Maximum VLANs supported locally : 1005
Number of existing VLANs        : 20
VTP Operating Mode              : Client
VTP Domain Name                 : TEST2
VTP Pruning Mode                : Disabled
VTP V2 Mode                     : Enabled
VTP Traps Generation            : Disabled
MD5 digest                      : 0xEA 0xAD 0xAA 0x55 0xAF 0xF7 0x75 0xE7
Configuration last modified by 0.0.0.0 at 3-1-93 01:27:27

SW02#sh run int fa0/3
Building configuration...
Current configuration : 106 bytes
!
interface FastEthernet0/3
switchport trunk encapsulation dot1q
switchport mode dynamic desirable
end

SW01 –


SW01#sh vtp status
VTP Version                     : running VTP2
Configuration Revision          : 23
Maximum VLANs supported locally : 1005
Number of existing VLANs        : 20
VTP Operating Mode              : Client
VTP Domain Name                 : TEST
VTP Pruning Mode                : Disabled
VTP V2 Mode                     : Enabled
VTP Traps Generation            : Disabled
MD5 digest                      : 0xAE 0xD8 0xC3 0x52 0x44 0xD4 0x77 0xCE
Configuration last modified by 0.0.0.0 at 3-1-93 01:27:27

SW01#sh run int fa0/3
Building configuration...
Current configuration : 106 bytes
!
interface FastEthernet0/3
switchport trunk encapsulation dot1q
switchport mode dynamic desirable
end

In the above commands, the only item that is mismatching is the VTP domain. Is this why the trunk links aren’t forming?

Verificaton:

SW01 –


SW01#sh dtp
Global DTP information
Sending DTP Hello packets every 30 seconds
            Dynamic Trunk timeout is 300 seconds
6 interfaces using DTP

SW01#sh dtp int fa0/3
DTP information for FastEthernet0/3:
TOS/TAS/TNS:                              ACCESS/DESIRABLE/ACCESS
TOT/TAT/TNT:                              802.1Q/802.1Q/802.1Q
Neighbor address 1:                       001794BCE683
Neighbor address 2:                       000000000000
  Hello timer expiration (sec/state):       3/RUNNING 

 Access timer expiration (sec/state):      never/STOPPED
Negotiation timer expiration (sec/state): never/STOPPED
Multidrop timer expiration (sec/state):   never/STOPPED
FSM state:                                S2:ACCESS
# times multi & trunk                     0
Enabled:                                  yes
In STP:                                   no

Statistics
----------
128 packets received (99 good)
29 packets dropped
      0 nonegotiate, 0 bad version, 29 domain mismatches,
0 bad TLVs, 0 bad TAS, 0 bad TAT, 0 bad TOT, 0 other
131 packets output (131 good)
128 native, 3 software encap isl, 0 isl hardware native
0 output errors
1 trunk timeouts, last timeout on Mon Mar 01 1993, 00:54:43
4 link ups, last link up on Mon Mar 01 1993, 00:01:10
3 link downs, last link down on Mon Mar 01 1993, 00:01:08

Conclusion:

If one were to perform a packet capture, one would see that DTP actually transmits the VTP domain between the switches. If the switches cannot agree on the VTP domain, the switch transitions to an access port. If the trunks are already negotiated, the switch takes 300 seconds to timeout to an access port. Which means the trunks will continue to forward traffic properly for the next 5 minutes.

VTP Version 2 and Updates

Posted on December 1, 2012August 17, 2019 by J P

Problem:

Some of the older documentation and study guides state that VTP domains don’t need to match when set to version 2 transparent.

VTP Source 1:

“Version-dependent transparent mode; transparent mode no longer checks domain name. This enables support of more than one domain across a transparent domain.”

Some of the newer documentation states to the contrary.

VTP Source 2:

“Version-Dependent Transparent Mode—In VTP version 1, a VTP transparent switch inspects VTP messages for the domain name and version and forwards a message only if the version and domain name match. Although VTP version 2 supports only one domain, a VTP version 2 transparent switch forwards a message only when the domain name matches.”

Verification:

#########

CORE01#sh vtp status
VTP Version : running VTP2
Configuration Revision : 14
Maximum VLANs supported locally : 1005
Number of existing VLANs : 17
VTP Operating Mode : Server
VTP Domain Name : TEST
VTP Pruning Mode : Enabled
VTP V2 Mode : Enabled
VTP Traps Generation : Disabled
MD5 digest : 0x49 0x30 0x4E 0x43 0x02 0xB2 0x36 0x7A

#########

Make a change to the VTP database and then verify that the Revision number has incremented and has updated across the transparent switch. The transparent switch will not install the update into its vlan database, only pass it along.

#########

CORE01#sh vtp status
VTP Version : running VTP2
Configuration Revision : 15
Maximum VLANs supported locally : 1005
Number of existing VLANs : 17
VTP Operating Mode : Server
VTP Domain Name : TEST
VTP Pruning Mode                            : Disabled
VTP V2 Mode : Enabled
VTP Traps Generation                      : Disabled
MD5 digest                      : 0x02 0x24 0xF4 0xD7 0x11 0x28 0x33 0xFC

SW02#sh vtp status
VTP Version : running VTP2
Configuration Revision : 15
Maximum VLANs supported locally : 1005
Number of existing VLANs : 17
VTP Operating Mode : Client
VTP Domain Name : TEST
VTP Pruning Mode : Disabled
VTP V2 Mode                                     : Enabled
VTP Traps Generation                      : Disabled
MD5 digest                      : 0x02 0x24 0xF4 0xD7 0x11 0x28 0x33 0xFC

#########

Now if the transparent switch’s domain doesn’t match that of the rest of the network, updates will fail to be forwarded.

#########

CORE02#sh vtp status
VTP Version : running VTP2
Configuration Revision : 0
Maximum VLANs supported locally : 1005
Number of existing VLANs : 17
VTP Operating Mode : Transparent
VTP Domain Name : BROKEN
VTP Pruning Mode : Disabled
VTP V2 Mode : Enabled
VTP Traps Generation : Disabled
MD5 digest :0xB3 0x30 0x72 0x9D 0x83 0x74 0xCD 0xAD

#########

When a change is made it the vlan database, it will not update across the broken domain.

#########

CORE01(config)#do sh vtp status
VTP Version : running VTP2
Configuration Revision : 18
Maximum VLANs supported locally : 1005
Number of existing VLANs : 18
VTP Operating Mode : Server
VTP Domain Name : TEST
VTP Pruning Mode : Disabled
VTP V2 Mode : Enabled
VTP Traps Generation : Disabled
MD5 digest : 0xA2 0x09 0xB2 0x86 0xD8 0xC8 0xBE 0x48

SW02#sh vtp status
VTP Version : running VTP2
Configuration Revision : 15
Maximum VLANs supported locally : 1005
Number of existing VLANs : 17
VTP Operating Mode : Client
VTP Domain Name : TEST
VTP Pruning Mode : Disabled
VTP V2 Mode : Enabled
VTP Traps Generation : Disabled
MD5 digest : 0x02 0x24 0xF4 0xD7 0x11 0x28 0x33 0xFC

#########

Conclusion:

Even though the documentation has been corrected in newer version, this doesn’t mean that myth won’t continue to live on. It’s always a good idea to verify what the documentation is saying by setting up a practice lab. Or you may find that certain assumptions are incorrect.

VTP Transparent Mode – Persistent VLANs

Posted on November 18, 2011August 17, 2019 by J P

Why do my VLANs persist even though I run “delete flash:vlan.dat”?

If you are running VTP in transparent mode the VLAN data will show up in the running config.

#########

Switch1#sh run | in vlan
vlan internal allocation policy ascending
Switch1#sh vlan
VLAN Name Status    Ports
—- ——————————– ——— ——————————-
1    default                          active    Fa0/1, Fa0/2, Fa0/3, Fa0/4, Fa0/5, Fa0/6, Gi0/1
180 TESTTHIS           active
190 go                            active
201 WAAS                     active
255 GUEST-WIRELESS active

Switch1#sh vtp status
VTP Version                     : running VTP1 (VTP2 capable)
Configuration Revision          : 0
Maximum VLANs supported locally : 255
Number of existing VLANs        : 9
VTP Operating Mode              : Client
VTP Domain Name                 : test
VTP Pruning Mode                : Disabled
VTP V2 Mode                     : Disabled
VTP Traps Generation            : Disabled

Switch1#config t
Enter configuration commands, one per line. End with CNTL/Z.

Switch1(config)#vtp mode transparent
Setting device to VTP TRANSPARENT mode.
Switch1(config)#end
Switch1#sh vtp status
VTP Version                     : running VTP1 (VTP2 capable)
Configuration Revision          : 0
Maximum VLANs supported locally : 255
Number of existing VLANs        : 9
VTP Operating Mode              : Transparent
VTP Domain Name                 : test
VTP Pruning Mode                : Disabled
VTP V2 Mode                     : Disabled
VTP Traps Generation            : Disabled
Switch1#sh run | in vlan
vlan internal allocation policy ascending
vlan 180
vlan 190
vlan 201
vlan 255

#########

What this means is if you are trying to delete the vlan.dat file and it keeps showing up in your flash: it isn’t because the switch is saving it. The VLANs now exist in the configuration file. Simply do a “no vlan #” in global config and it will be deleted.

#########
Switch1#config t
Enter configuration commands, one per line. End with CNTL/Z.

Switch1(config)#no vlan 180
Switch1(config)#end
Switch1#sh vlan
VLAN Name Status    Ports
—- ——————————– ——— ——————————-
1    default                          active    Fa0/1, Fa0/2, Fa0/3, Fa0/4 Fa0/5, Fa0/6, Gi0/1
190 go                              active
201 WAAS                         active
255 GUEST-WIRELESS   active

#########

The one thing about this change is that the command line does not tell you this is happening. You have to be aware that the change occurs in the background.