Options
Strange VTP issue
I wasn't sure if I should put this in CCNA, or CCNP, or which one. However, since I can't decide which to put it in, it's going here 
So I had a weird issue today. One of our technicians calls and asks to turn on a port into VLAN12. Fine, turned it on. The contractor says they cannot ping the device (the contractor is connected to our wireless, which can ping that particular VLAN, or so I thought). I check on the switch, it has the correct ports in the correct VLAN - but I cannot ping the device from the switch.
The switch is in VTP client, but after checking the revision number, it's on Revision 1. I checked the server, Revision 16. I jump back on the client, change it to transparent and back to client, nothing. I check the password, it matches. I check the domain name, it matches.
After a while I changed VTP version (on the client) from 3 to 2, and then back to 3. Boom, it updates.
Has anyone else ever experienced this same issue?
So I had a weird issue today. One of our technicians calls and asks to turn on a port into VLAN12. Fine, turned it on. The contractor says they cannot ping the device (the contractor is connected to our wireless, which can ping that particular VLAN, or so I thought). I check on the switch, it has the correct ports in the correct VLAN - but I cannot ping the device from the switch.
The switch is in VTP client, but after checking the revision number, it's on Revision 1. I checked the server, Revision 16. I jump back on the client, change it to transparent and back to client, nothing. I check the password, it matches. I check the domain name, it matches.
After a while I changed VTP version (on the client) from 3 to 2, and then back to 3. Boom, it updates.
Has anyone else ever experienced this same issue?
2017 Certification Goals:
CCNP R/S
CCNP R/S
Comments
-
Options
MAC_Addy
Member Posts: 1,740 ■■■■□□□□□□
I just changed input no vtp password and then input the password again, and it updated via VTP. Potentially an IOS bug within this version? I'm not entirely sure why it's not updating when changing from vtp mode transparent, back to client.2017 Certification Goals:
CCNP R/S -
Options
Hondabuff
Member Posts: 667 ■■■□□□□□□□
I wasn't sure if I should put this in CCNA, or CCNP, or which one. However, since I can't decide which to put it in, it's going here
So I had a weird issue today. One of our technicians calls and asks to turn on a port into VLAN12. Fine, turned it on. The contractor says they cannot ping the device (the contractor is connected to our wireless, which can ping that particular VLAN, or so I thought). I check on the switch, it has the correct ports in the correct VLAN - but I cannot ping the device from the switch.
The switch is in VTP client, but after checking the revision number, it's on Revision 1. I checked the server, Revision 16. I jump back on the client, change it to transparent and back to client, nothing. I check the password, it matches. I check the domain name, it matches.
After a while I changed VTP version (on the client) from 3 to 2, and then back to 3. Boom, it updates.
Has anyone else ever experienced this same issue?
Add this to list of reasons to not use VTP.“The problem with quotes on the Internet is that you can’t always be sure of their authenticity.” ~Abraham Lincoln -
Options
Cardboard
Member Posts: 43 ■■□□□□□□□□
I've read about the "benefits" of VTP, but it sounds like a way to cover up being lazy to me.
I think of VTP the same way I think of two people playing catch with a stick of dynamite with a burning fuse. You don't want to be the last one who touched it before it blows up.
VTP. Just say no. -
OptionsHondabuff
Member Posts: 667 ■■■□□□□□□□
VTP is just an extra configuration blunder that always comes back to haunt you. If the network is designed correctly you would be routing back to your core and pruning the VLANs from there. Last thing you need is some shmuck getting ahold of an edge switch and seeing all your VLANs you have on your core. They get into an edge switch and set up a SPAN port and sniff your network for an hour they pretty much have the keys to the Kingdom. I have seen a Major university and a Major Corporation get hacked this way. You get some of these Cyber Security students with a Kali box and all hell can break loose.“The problem with quotes on the Internet is that you can’t always be sure of their authenticity.” ~Abraham Lincoln
-
OptionsMAC_Addy
Member Posts: 1,740 ■■■■□□□□□□
In this case, it was very mild on what actually happened. I agree with you HondaBuff - don't use VTP. However. We have our VTP domains split up so if something did happen, it wouldn't ever replicate to the whole of the campus. I am wondering (without searching first) does VTP broadcast the password in clear text?2017 Certification Goals:
CCNP R/S -
OptionsHondabuff
Member Posts: 667 ■■■□□□□□□□
In this case, it was very mild on what actually happened. I agree with you HondaBuff - don't use VTP. However. We have our VTP domains split up so if something did happen, it wouldn't ever replicate to the whole of the campus. I am wondering (without searching first) does VTP broadcast the password in clear text?
Its encrypted with MD5 when transmitted but is clear text on the switch.“The problem with quotes on the Internet is that you can’t always be sure of their authenticity.” ~Abraham Lincoln -
OptionsMAC_Addy
Member Posts: 1,740 ■■■■□□□□□□
That's I saw after posting my comment. VTP in this particular building is weird. I ran a script to disable the password and then enable it back. That cleared up all my VTP woes, for now. Though, I think in the future I shall be disabling VTP down the road.2017 Certification Goals:
CCNP R/S
