VTP Question... I'm confused.

mattipler · July 2007

Right, when configuring a VTP domain containing 2 switches linked by a trunk port connected to FA0/1 of both switches. If I have one switch as the server and one switch as the client… if I create a new VLAN on the server, that VLAN is propagated to the client via the BPDU’s and created on the client… that’s fine I understand that. What I don’t understand is why if I link, say 8 of the switch ports on the Server to the newly created VLAN, why the corresponding ports on the client switch are also linked to the new VLAN on the client. What if you want different ports on the client switch to be linked to be linked to the new VLAN? Don’t understand how it works… does VLAN port allocation on both switches HAVE to match?

That’s what’s happening on my Boson Netsim and because I’ve explained my question SO badly heres an example below…

Thanks to anyone who responds…

TIPLER IS SERVER – MACKIE IS CLIENT CONNECTED VIA fa0/1 on both ports

Tipler#show vtp status

VTP Version : 2

Configuration Revision : 2

Maximum VLANs supported locally : 64

Number of existing VLANs : 5

VTP Operating Mode : Server

VTP Domain Name : tipler

VTP Pruning Mode : Disabled

VTP V2 Mode : Disabled

VTP Traps Generation : Disabled

MD5 digest : 0xEE 0xB3 0xDC 0x9F 0xE2 0xE0 0x25 0xDF

Configuration last modified by 0.0.0.0 at 3-1-93 04:55:57

Local updater ID is 0.0.0.0 (no valid interface found)

Mackie#show vtp status

VTP Version : 2

Configuration Revision : 2

Maximum VLANs supported locally : 64

Number of existing VLANs : 5

VTP Operating Mode : Client

VTP Domain Name : tipler

VTP Pruning Mode : Disabled

VTP V2 Mode : Disabled

VTP Traps Generation : Disabled

MD5 digest : 0xEE 0xB3 0xDC 0x9F 0xE2 0xE0 0x25 0xDF

Configuration last modified by 0.0.0.0 at 3-1-93 04:55:57

Local updater ID is 0.0.0.0 (no valid interface found)

Tipler#vlan database

Tipler(vlan)#vlan 100 name SUPERHANS

VLAN 100 added:

Name:SUPERHANS

Tipler(vlan)#vlan 200 name BIGSUZE

VLAN 200 added:

Name:BIGSUZE

Tipler(vlan)#exit

APPLY completed.

Exiting....

Tipler#show vlan

VLAN Name Status Ports

----

1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4

Fa0/5, Fa0/6, Fa0/7, Fa0/8

Fa0/9, Fa0/10, Fa0/11, Fa0/12

100 SUPERHANS active

200 BIGSUZE active

1002 fddi-default active

1003 token-ring-default active

1004 fddinet-default active

1005 trnet-default active

VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2

----

----

1 enet 100001 1500 - - - - - 0 0

100 enet 100100 1500 - - - - - 0 0

200 enet 100200 1500 - - - - - 0 0

1002 fddi 101002 1500 - - - - - 0 0

1003 tr 101003 1500 - - - - - 0 0

1004 fdnet 101004 1500 - - - ieee - 0 0

1005 trnet 101005 1500 - - - ibm - 0 0

Mackie#show vlan

VLAN Name Status Ports

----

1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4

Fa0/5, Fa0/6, Fa0/7, Fa0/8

Fa0/9, Fa0/10, Fa0/11, Fa0/12

100 SUPERHANS active

200 BIGSUZE active

1002 fddi-default active

1003 token-ring-default active

1004 fddinet-default active

1005 trnet-default active

VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2

----

----

1 enet 100001 1500 - - - - - 0 0

100 enet 100100 1500 - - - - - 0 0

200 enet 100200 1500 - - - - - 0 0

1002 fddi 101002 1500 - - - - - 0 0

1003 tr 101003 1500 - - - - - 0 0

1004 fdnet 101004 1500 - - - ieee - 0 0

1005 trnet 101005 1500 - - - ibm - 0 0

Tipler#conf t

Enter configuration commands, one per line. End with CNTL/Z.

Tipler(config)#int fa0/2

Tipler(config-if)#switchport mode access

Tipler(config-if)#switchport access vlan 100

Tipler(config-if)#int fa0/3

Tipler(config-if)#switchport mode access

Tipler(config-if)#switchport access vlan 100

Tipler(config-if)#int fa0/4

Tipler(config-if)#switchport mode access

Tipler(config-if)#switchport access vlan 200

Tipler(config-if)#int fa0/5

Tipler(config-if)#switchport mode access

Tipler(config-if)#switchport access vlan 200

Tipler(config-if)#exit

Tipler(config)#exit

Tipler#show vlan

VLAN Name Status Ports

----

1 default active Fa0/1, Fa0/6, Fa0/7, Fa0/8

Fa0/9, Fa0/10, Fa0/11, Fa0/12

100 SUPERHANS active Fa0/2, Fa0/3

200 BIGSUZE active Fa0/4, Fa0/5

1002 fddi-default active

1003 token-ring-default active

1004 fddinet-default active

1005 trnet-default active

VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2

----

----

1 enet 100001 1500 - - - - - 0 0

100 enet 100100 1500 - - - - - 0 0

200 enet 100200 1500 - - - - - 0 0

1002 fddi 101002 1500 - - - - - 0 0

1003 tr 101003 1500 - - - - - 0 0

1004 fdnet 101004 1500 - - - ieee - 0 0

1005 trnet 101005 1500 - - - ibm - 0 0

Mackie#show vlan

VLAN Name Status Ports

----

1 default active Fa0/1, Fa0/6, Fa0/7, Fa0/8

Fa0/9, Fa0/10, Fa0/11, Fa0/12

100 SUPERHANS active Fa0/2, Fa0/3

200 BIGSUZE active Fa0/4, Fa0/5
1002 fddi-default active

1003 token-ring-default active

1004 fddinet-default active

1005 trnet-default active

VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2

----

----

1 enet 100001 1500 - - - - - 0 0

100 enet 100100 1500 - - - - - 0 0

200 enet 100200 1500 - - - - - 0 0

1002 fddi 101002 1500 - - - - - 0 0

1003 tr 101003 1500 - - - - - 0 0

1004 fdnet 101004 1500 - - - ieee - 0 0

1005 trnet 101005 1500 - - - ibm - 0 0

See what I mean!?!?!
[img][/img][img][/img]

widjerd · July 2007

are you using a simulator by chance?

mattipler · July 2007

I am mate I'm using the Boson Netsimulator. Does that have any relevance?

mikearama · July 2007

That's got to be an idiosyncracy of the simulator... or perhaps of 2950's (assuming that's what you're using in the sim). We run VTP on switch stacks of 3750's, and they do not do what you're describing.

Mike

mattipler · July 2007

Nice one... once again, Cheers Mike.

dtlokee · July 2007

Yeah it must be the simulator doing that beacuse VTP only sends the VLAN database, not the port assignments. Also just to calrify somthing you said earlier, the VTP updates are sent as seperate VTP frames, not in the BPDUs. VTP updates are only sent on trunk links and not on access links.

Netstudent · July 2007

I think i remember that happenening with my version of Boson as well. But VTP should not propogate vlan assignments. Only the vlans themselves. I remember Lammle specifying this specifically in sybex under VTP.

I think another good thing to note here is, on real gear it's probably best to run VTP over trunks, not access ports. I'm not sure if VTP is completely exclusive with trunks. I'm not sure if VTP will propagate over an access port if that access port is anything but VLAN1. Maybe someone can explain that in detail.

Here is a excerpt froom Cisco:

"Trunk Down, Which Causes VTP Problems
Remember that VTP packets are carried on VLAN 1, but only on trunks (ISL, dot1q, or LAN emulation [LANE]).

If you make VLAN changes during a time when you have a trunk down or when LANE connectivity is down between two parts of your network, you can lose your VLAN configuration. When the trunk connectivity is restored, the two sides of the network resynchronize. Therefore, the switch with the highest configuration revision number erases the VLAN configuration of the lowest configuration revision switch."

http://www.cisco.com/warp/public/473/21.html#trunk_down

Netstudent · July 2007

AHH DT beat me!

APA · July 2007

Definately a simulator issue......

Implemented VTP domains with 3750's,2950's,2960's.....etc and the vlan port assignment does not propagate only the vlan database information is propagated via the trunks........

Another thing I would like to point out......

If you want to assign switchport modes and vlan access to multiple ports why not use the interface range command.... Saves you from having to type in the commands for every port you want to make changes to....... See below

Switch01(Config)#interface range fastethernet 0/1 - 8
Switch01(Config-if-range)#switchport mode access
Switch01(Config-if-range)#switchport access vlan 1000

The above configures Fe Ports 0/1,0/2,0/3,0/4,0/5,0/6,0/7,0/8 as an access port that belongs to vlan 1000

Saves you from having to enter each interface then typing the switchport mode and vlan membership........

Hope this helps

mattipler · July 2007

Cheers lads that's Crystal clear

... another Boson short-coming!!!

mattipler · July 2007

Oh yeah BDPU's are STP not VTP!!!

Netstudent · July 2007

While on the subject, does anyone know if there is a command to clear the VTP revision number? Will "clear vtp counters" work? Or do you just have to change the vtp domain and then change it back to whatever the exsisting domain is to clear the revision number?

dtlokee · July 2007

clear vtp counters will only clear the information abou number of packets sent and received and that type of data, to reset the revision number, change the mode to transparent

APA · July 2007

I always change the domain name then change it back to what I want it to be........So that it starts with a fresh 0... :P

No big deal... As long as that vtp revision number is lower than my server I am happy.......

Doesn't make sense how a client can overwrite the vlan database if it has a higher revision number......Yes it will even overwrite the servers database!!!!!! Client aren't suppose to be able to write to the database god dammit...... (Before anyone asks the question... test it out.... I certainly raised an eyebrow about it so I decided to test it......)

Netstudent · July 2007

Oh it definately will. I posted an article from cisco about it not to long ago.

APA · July 2007

Does it explain the reasoning for why a client has access to write to the vlan database????

Link to post??? Yes I'm too lazy to search for it :P

Netstudent · July 2007

Because VTP always goes by the revision number. If you put a client on the network that has a higher revision number than a server, it will wipe out the server and everything else.

I also had a ICND practice question that said something like "You have a guy at work who is studying for the CCNA and he disables the trunks to the rest of the switched internetwork and he creates and deletes hundreds of VLANS. When he is done he activates the trunks. What will happen to the VTP domain?"

And the correct answer was that whatever he did would increase the revision number and therefore VTP will update the vlan databases in the servers.

Could you imagine that happening in a large production environment. Good grief that would suck!

Now that i reread that article I see it states exactly what dtlokee said about resetting the revision number.

http://www.techexams.net/forums/viewtopic.php?t=25092

VTP Question... I'm confused.

Comments