Strange VTP issue

I wasn't sure if I should put this in CCNA, or CCNP, or which one. However, since I can't decide which to put it in, it's going here

So I had a weird issue today. One of our technicians calls and asks to turn on a port into VLAN12. Fine, turned it on. The contractor says they cannot ping the device (the contractor is connected to our wireless, which can ping that particular VLAN, or so I thought). I check on the switch, it has the correct ports in the correct VLAN - but I cannot ping the device from the switch.

The switch is in VTP client, but after checking the revision number, it's on Revision 1. I checked the server, Revision 16. I jump back on the client, change it to transparent and back to client, nothing. I check the password, it matches. I check the domain name, it matches.

After a while I changed VTP version (on the client) from 3 to 2, and then back to 3. Boom, it updates.

Has anyone else ever experienced this same issue?

Find more posts tagged with

Comments

MAC_Addy

I just changed input no vtp password and then input the password again, and it updated via VTP. Potentially an IOS bug within this version? I'm not entirely sure why it's not updating when changing from vtp mode transparent, back to client.

Hondabuff

MAC_Addy wrote: »

I wasn't sure if I should put this in CCNA, or CCNP, or which one. However, since I can't decide which to put it in, it's going here

So I had a weird issue today. One of our technicians calls and asks to turn on a port into VLAN12. Fine, turned it on. The contractor says they cannot ping the device (the contractor is connected to our wireless, which can ping that particular VLAN, or so I thought). I check on the switch, it has the correct ports in the correct VLAN - but I cannot ping the device from the switch.

The switch is in VTP client, but after checking the revision number, it's on Revision 1. I checked the server, Revision 16. I jump back on the client, change it to transparent and back to client, nothing. I check the password, it matches. I check the domain name, it matches.

After a while I changed VTP version (on the client) from 3 to 2, and then back to 3. Boom, it updates.

Has anyone else ever experienced this same issue?

Add this to list of reasons to not use VTP.

MAC_Addy

Yup. I agree. It's a piece.

Cardboard

I've read about the "benefits" of VTP, but it sounds like a way to cover up being lazy to me.

I think of VTP the same way I think of two people playing catch with a stick of dynamite with a burning fuse. You don't want to be the last one who touched it before it blows up.

VTP. Just say no.

Hondabuff

VTP is just an extra configuration blunder that always comes back to haunt you. If the network is designed correctly you would be routing back to your core and pruning the VLANs from there. Last thing you need is some shmuck getting ahold of an edge switch and seeing all your VLANs you have on your core. They get into an edge switch and set up a SPAN port and sniff your network for an hour they pretty much have the keys to the Kingdom. I have seen a Major university and a Major Corporation get hacked this way. You get some of these Cyber Security students with a Kali box and all hell can break loose.

MAC_Addy

In this case, it was very mild on what actually happened. I agree with you HondaBuff - don't use VTP. However. We have our VTP domains split up so if something did happen, it wouldn't ever replicate to the whole of the campus. I am wondering (without searching first) does VTP broadcast the password in clear text?

Hondabuff

MAC_Addy wrote: »

In this case, it was very mild on what actually happened. I agree with you HondaBuff - don't use VTP. However. We have our VTP domains split up so if something did happen, it wouldn't ever replicate to the whole of the campus. I am wondering (without searching first) does VTP broadcast the password in clear text?

Its encrypted with MD5 when transmitted but is clear text on the switch.

MAC_Addy

That's I saw after posting my comment. VTP in this particular building is weird. I ran a script to disable the password and then enable it back. That cleared up all my VTP woes, for now. Though, I think in the future I shall be disabling VTP down the road.