VTP version & Transparent mode

Hello,

According to the CiscoPress BCMSN exam cert. guide 4th edition, page 147..

Switch in transparent mode running VTP version 2 is not checking for domain
name match before forwarding VTP advertisements. I have played with this
in the lab and it seems that he doesnt forward advertisements with different
domain name as is his one. ( I can confirm that he is not checking for version
match)

Am I wrong or the book ?

Thanks.

Find more posts tagged with

SAVE $250 on Your CISCO Boot Camp — Use Code "EXAM26"

Exclusively for TechExams members for Infosec Boot Camps starting before April 30, 2026

View CISCO Boot Camps

Comments

APA

Definately running VTP V2 mode between all your switches......??

I am 99% certain that transparent switches running VTP V2 Mode don't check for domain name matches but transparent switches running VTP V1 do check for domain name matches before forwarding vtp advertisements......

tech-airman

marlon23,

marlon23 wrote:

Hello,

According to the CiscoPress BCMSN exam cert. guide 4th edition, page 147..

Switch in transparent mode running VTP version 2 is not checking for domain
name match before forwarding VTP advertisements. I have played with this
in the lab and it seems that he doesnt forward advertisements with different
domain name as is his one. ( I can confirm that he is not checking for version
match)

What part of the above is from the "CiscoPress BCMSN exam cert. guide 4th edition, page 147.." and what part is your words?

marlon23 wrote:

Am I wrong or the book ?

Thanks.

The answer depends on the answer to my previous question.

Netstudent

If the book states it, but your having problems implementing it, try the cisco docs as a second reference. The cisco docs also have great configuration examples that you could lab up and see where you went wrong.

What model switches are you using in your lab? I have had difficult experiences with trunking 3550's and 2900's.

networker050184

You may want to ensure the switches are trunking. DTP sends the VTP domain name in the advertisement and will not trunk if the VTP domain names are different. I'm not 100% that this applies to transparent, but I believe it does. You may want to hard code them with the switchport mode trunk command to make sure.

MACattack

From what I have read, if you use vtp ver 1 you should configure it all all switches including transparent, so that it could forward vtp adv. Using vtp v1 it will check the domain name and version number.

Now, if you use vtp v2 and you have a transparent switch as between the two switch using same domain name and version. You should set the transparent switch as trunk in both direction so that it oculd accept and received the vtp adv sum, subset , request I mean by manually setting it to trunk using switch mode trunk remember a switch is set to dynamic auto by default actually it depends i have searched that cisco 3550 is set to dynamic desirable and cisco 3560 is set to dynamic auto. so if you set to trunk the interface of transparent mdoe switch it will set to trunking mode.

Now in vtp version 2 you are correct, it does not care at all about vtp domain name not like in vtp ver 1. vTP ver 2 does not check domain name and ver sion number.

But when a transparent switch received vtp adv with versio 2 and the other neigbhor switch connected to transparent is set to vtp v1 only then some issues will come and it will not sync.

Got the point now why cisco mentioned that it is better to use switch mode trunk than leaving to default mode.

Hope this will clear your question.

I have tried this to dynamips not good but using real switch 2950, 3560, 2900XL which is very very difficult to trunk to new model of switches.

mwgood

I haven't had the time or inclination to lab this up - but for what it's worth, I did recently see a demonstration while watching the Internetwork Expert class on demand regarding VTP - that the transparent switch does NOT pass on VTP advertisements if the domain name is different.

Once the name was matched, advertisements were being forwarded.

They were using VTP version 2.

This contradicts the BCMSN Exam Cert Guide (my version is the 3rd Edition). When faced with a situation like this - I go for what I saw with my own eyes - the book is wrong.

BTW - in their demonstration, DTP was explicitly ruled out.

dtlokee

DTP will never form a trunk between switches in different domains regardless of the VTP version or VTP mode.

SW2(config)#do sh dtp interfac fa0/13
DTP information for FastEthernet0/13:
  TOS/TAS/TNS:                              TRUNK/AUTO/TRUNK
  TOT/TAT/TNT:                              ISL/NEGOTIATE/ISL
  Neighbor address 1:                       001AE3A88F0F
  Neighbor address 2:                       000000000000
  Hello timer expiration (sec/state):       24/RUNNING
  Access timer expiration (sec/state):      144/RUNNING
  Negotiation timer expiration (sec/state): never/STOPPED
  Multidrop timer expiration (sec/state):   never/STOPPED
  FSM state:                                S6:TRUNK
  # times multi & trunk                     0
  Enabled:                                  yes
  In STP:                                   no

  Statistics
  ----------
  1531 packets received (1526 good)
  5 packets dropped
      0 nonegotiate, 0 bad version, 5 domain mismatches, 
      0 bad TLVs, 0 bad TAS, 0 bad TAT, 0 bad TOT, 0 other
  1563 packets output (1563 good)
      1531 native, 32 software encap isl, 0 isl hardware native
  0 output errors
  0 trunk timeouts
  1 link ups, last link up on Mon Mar 01 1993, 00:01:04
  0 link downs

SW2(config)#

Notice in the output "1531 packets received (1526 good)" followed by the 5 packets dropped, and 5 domain mismatches, this indicates the switch is going to ignore any DTP frames from a different domain. The first problem with mismatched domains is there will not be a trunk, and VTP only sends frames out trunk links. If we correct the problem by setting "switchport mode trunk" the trunks will come up.

After the trunks are created, the debug output for VTP indicates the packets are being dropped by the transparent switch (sw2) from the server (sw1), also SW3 (client) is not receiving any VLAN information from the server

SW2#debug sw-vlan vtp 
13:00:18: VTP LOG RUNTIME: Dropping packet received on trunk Fa0/13 - not in domain ccie

13:00:19: VTP LOG RUNTIME: Dropping packet received on trunk Fa0/14 - not in domain ccie

13:00:19: VTP LOG RUNTIME: Dropping packet received on trunk Fa0/15 - not in domain ccie

SW2#

After changing the version to V2

SW1(config)#do sh vtp sta
VTP Version                     : 2
Configuration Revision          : 4
Maximum VLANs supported locally : 1005
Number of existing VLANs        : 6
VTP Operating Mode              : Server
VTP Domain Name                 : ccie
VTP Pruning Mode                : Disabled
VTP V2 Mode                     : Enabled
VTP Traps Generation            : Disabled
MD5 digest                      : 0x52 0x38 0x6C 0xA0 0xF1 0x4C 0x56 0x42 
Configuration last modified by 0.0.0.0 at 11-24-07 11:37:21
Local updater ID is 0.0.0.0 (no valid interface found)
SW1(config)#

SW2(config-if-range)#do sh vtp sta
VTP Version                     : 2
Configuration Revision          : 0
Maximum VLANs supported locally : 1005
Number of existing VLANs        : 5
VTP Operating Mode              : Transparent
VTP Domain Name                 : cisco
VTP Pruning Mode                : Disabled
VTP V2 Mode                     : Enabled
VTP Traps Generation            : Disabled
MD5 digest                      : 0x47 0xB9 0xF3 0x51 0xFA 0xB5 0xEF 0xEC 
Configuration last modified by 0.0.0.0 at 0-0-00 00:00:00
SW2(config-if-range)#

SW3(config)#do sh vtp sta
VTP Version                     : 2
Configuration Revision          : 3
Maximum VLANs supported locally : 1005
Number of existing VLANs        : 5
VTP Operating Mode              : Client
VTP Domain Name                 : ccie
VTP Pruning Mode                : Disabled
VTP V2 Mode                     : Enabled
VTP Traps Generation            : Disabled
MD5 digest                      : 0xDD 0x57 0x0A 0xEA 0x87 0x6C 0x78 0xC7 
Configuration last modified by 0.0.0.0 at 11-24-07 11:30:44
SW3(config)#

Even though they are all in version 2 mode, the debug output on SW2 (transparent) says this:

SW2(config-if-range)#
13:10:43: VTP LOG RUNTIME: Dropping packet received on trunk Fa0/13 - not in domain ccie

13:10:43: VTP LOG RUNTIME: Dropping packet received on trunk Fa0/13 - not in domain ccie

So it would seem the transparent switch in version 2 mode will not accept the frames from the server in a different domain. Let's fix the domain name.

SW2(config-if-range)#vtp domain ccie
Changing VTP domain name from cisco to ccie
% Command exited out of interface range and its sub-modes.
  Not executing the command for second and later interfaces
SW2(config)#
13:15:39: VTP LOG RUNTIME: Relaying packet received on trunk Fa0/13 - in TRANSPARENT MODE (nc = false)

13:15:39: VTP LOG RUNTIME: Relaying packet received on trunk Fa0/13 - in TRANSPARENT MODE (nc = false)

13:15:39: VTP LOG RUNTIME: Relaying packet received on trunk Fa0/16 - in TRANSPARENT MODE (nc = false)

13:15:39: VTP LOG RUNTIME: Relaying packet received on trunk Fa0/16 - in TRANSPARENT MODE (nc = false)

SW2(config)#

So what happened? I am not sure

All the docs say that a switch in VTP transparent/ version 2 will relay vtp frames for a different domain, but the debug output seems to indicate otherwise.

Will need to look into this one further.

EDIT: it would seem running version 2 implies all the switches in the broadcast domain must be in the same VTP domain for it to truly be running version 2

Version-Dependent Transparent Mode—In VTP version 1, a VTP transparent switch inspects VTP messages for the domain name and version and forwards a message only if the version and domain name match. Because VTP version 2 supports only one domain, it forwards VTP messages in transparent mode without inspecting the version and domain name.

The missing piece would be that a switch in v2 mode will drop all frames that do not match the local domain name before any processing can continue.

MACattack

Wow, you have explained it clearly but for the three books I have read including study guides it doesn't mentioned that a vtp v2 wil only forward vtp adv if it is in same domain name. Okay it mentioned it will relay vtp adv regardless of vtp domain name and version.

rkum99

http://www.cisco.com/en/US/docs/switches/lan/catalyst3550/software/release/12.1_13_ea1/configuration/guide/swvtp.html

I think this will answer your questions.

Best place to verify is www.cisco.com/univercd
Google search particular topic inside a particular web site,
example:- VTP site:www.cisco.com/univercd

MACattack

FROM CISCO SITE , Version-Dependent Transparent Mode—

In VTP version 1, a VTP transparent switch inspects VTP messages for the domain name and version and forwards a message only if the version and domain name match.

VTP version 2 supports only one domain, it forwards VTP messages in transparent mode without inspecting the version and domain name.

The text above is not clear as it forgot to mentioned to be able to send vtp adv. by the transparent switch running v2 it should be in the same domain name. It should remove the last text without inspecting domain name from v2.

I have tested this last night and same output I got from my switch as dtlokee posted yesterday.

So, what now which one is correct our practical or from Cisco's doc and info?

marlon23

Hello guys,

Thanks for all answers, especially to dtlokee for his clear demonstration. For me it was suprising that even a DTP is in role. I'll investigate this VTP2 thing in Cisco

dtlokee

It seems to indicate when you put a switch in transparent mode that is part of a different domain it will actually partition the VTP version 2 domain into 2 domains (even though they have the same domain name.) Therefore it won't relay the VTP messages from one domain to the other.

I am thinking of it in terms of putting a switch that only supports 802.1D between 2 switches that are using PVST+. It will partition the domain into 2 parts.