VTP version & Transparent mode

marlon23marlon23 Member Posts: 164 ■■□□□□□□□□
Hello,


According to the CiscoPress BCMSN exam cert. guide 4th edition, page 147..

Switch in transparent mode running VTP version 2 is not checking for domain
name match before forwarding VTP advertisements. I have played with this
in the lab and it seems that he doesnt forward advertisements with different
domain name as is his one. ( I can confirm that he is not checking for version
match)

Am I wrong or the book ?

Thanks.
LAB: 7609-S, 7606-S, 10008, 2x 7301, 7204, 7201 + bunch of ISRs & CAT switches

Comments

  • APAAPA Member Posts: 959
    Definately running VTP V2 mode between all your switches......??

    I am 99% certain that transparent switches running VTP V2 Mode don't check for domain name matches but transparent switches running VTP V1 do check for domain name matches before forwarding vtp advertisements......

    CCNA | CCNA:Security | CCNP | CCIP
    JNCIA:JUNOS | JNCIA:EX | JNCIS:ENT | JNCIS:SEC
    JNCIS:SP | JNCIP:SP
  • tech-airmantech-airman Member Posts: 953
    marlon23,
    marlon23 wrote:
    Hello,


    According to the CiscoPress BCMSN exam cert. guide 4th edition, page 147..

    Switch in transparent mode running VTP version 2 is not checking for domain
    name match before forwarding VTP advertisements. I have played with this
    in the lab and it seems that he doesnt forward advertisements with different
    domain name as is his one. ( I can confirm that he is not checking for version
    match)

    What part of the above is from the "CiscoPress BCMSN exam cert. guide 4th edition, page 147.." and what part is your words?
    marlon23 wrote:
    Am I wrong or the book ?

    Thanks.

    The answer depends on the answer to my previous question.
  • NetstudentNetstudent Member Posts: 1,693 ■■■□□□□□□□
    If the book states it, but your having problems implementing it, try the cisco docs as a second reference. The cisco docs also have great configuration examples that you could lab up and see where you went wrong.

    What model switches are you using in your lab? I have had difficult experiences with trunking 3550's and 2900's.
    There is no place like 127.0.0.1 BUT 209.62.5.3 is my 127.0.0.1 away from 127.0.0.1!
  • networker050184networker050184 Mod Posts: 11,962 Mod
    You may want to ensure the switches are trunking. DTP sends the VTP domain name in the advertisement and will not trunk if the VTP domain names are different. I'm not 100% that this applies to transparent, but I believe it does. You may want to hard code them with the switchport mode trunk command to make sure.
    An expert is a man who has made all the mistakes which can be made.
  • MACattackMACattack Member Posts: 121
    From what I have read, if you use vtp ver 1 you should configure it all all switches including transparent, so that it could forward vtp adv. Using vtp v1 it will check the domain name and version number.

    Now, if you use vtp v2 and you have a transparent switch as between the two switch using same domain name and version. You should set the transparent switch as trunk in both direction so that it oculd accept and received the vtp adv sum, subset , request I mean by manually setting it to trunk using switch mode trunk remember a switch is set to dynamic auto by default actually it depends i have searched that cisco 3550 is set to dynamic desirable and cisco 3560 is set to dynamic auto. so if you set to trunk the interface of transparent mdoe switch it will set to trunking mode.

    Now in vtp version 2 you are correct, it does not care at all about vtp domain name not like in vtp ver 1. vTP ver 2 does not check domain name and ver sion number.

    But when a transparent switch received vtp adv with versio 2 and the other neigbhor switch connected to transparent is set to vtp v1 only then some issues will come and it will not sync.

    Got the point now why cisco mentioned that it is better to use switch mode trunk than leaving to default mode.

    Hope this will clear your question.

    I have tried this to dynamips not good but using real switch 2950, 3560, 2900XL which is very very difficult to trunk to new model of switches.
  • mwgoodmwgood Member Posts: 293
    I haven't had the time or inclination to lab this up - but for what it's worth, I did recently see a demonstration while watching the Internetwork Expert class on demand regarding VTP - that the transparent switch does NOT pass on VTP advertisements if the domain name is different.

    Once the name was matched, advertisements were being forwarded.

    They were using VTP version 2.

    This contradicts the BCMSN Exam Cert Guide (my version is the 3rd Edition). When faced with a situation like this - I go for what I saw with my own eyes - the book is wrong.

    BTW - in their demonstration, DTP was explicitly ruled out.
  • dtlokeedtlokee Member Posts: 2,378 ■■■■□□□□□□
    DTP will never form a trunk between switches in different domains regardless of the VTP version or VTP mode.
    SW2(config)#do sh dtp interfac fa0/13
    DTP information for FastEthernet0/13:
      TOS/TAS/TNS:                              TRUNK/AUTO/TRUNK
      TOT/TAT/TNT:                              ISL/NEGOTIATE/ISL
      Neighbor address 1:                       001AE3A88F0F
      Neighbor address 2:                       000000000000
      Hello timer expiration (sec/state):       24/RUNNING
      Access timer expiration (sec/state):      144/RUNNING
      Negotiation timer expiration (sec/state): never/STOPPED
      Multidrop timer expiration (sec/state):   never/STOPPED
      FSM state:                                S6:TRUNK
      # times multi & trunk                     0
      Enabled:                                  yes
      In STP:                                   no
    
      Statistics
      ----------
      1531 packets received (1526 good)
      5 packets dropped
          0 nonegotiate, 0 bad version, 5 domain mismatches, 
          0 bad TLVs, 0 bad TAS, 0 bad TAT, 0 bad TOT, 0 other
      1563 packets output (1563 good)
          1531 native, 32 software encap isl, 0 isl hardware native
      0 output errors
      0 trunk timeouts
      1 link ups, last link up on Mon Mar 01 1993, 00:01:04
      0 link downs
    
    SW2(config)#
    
    Notice in the output "1531 packets received (1526 good)" followed by the 5 packets dropped, and 5 domain mismatches, this indicates the switch is going to ignore any DTP frames from a different domain. The first problem with mismatched domains is there will not be a trunk, and VTP only sends frames out trunk links. If we correct the problem by setting "switchport mode trunk" the trunks will come up.

    After the trunks are created, the debug output for VTP indicates the packets are being dropped by the transparent switch (sw2) from the server (sw1), also SW3 (client) is not receiving any VLAN information from the server
    SW2#debug sw-vlan vtp 
    13:00:18: VTP LOG RUNTIME: Dropping packet received on trunk Fa0/13 - not in domain ccie
    
    13:00:19: VTP LOG RUNTIME: Dropping packet received on trunk Fa0/14 - not in domain ccie
    
    13:00:19: VTP LOG RUNTIME: Dropping packet received on trunk Fa0/15 - not in domain ccie
    
    SW2#                 
    

    After changing the version to V2
    SW1(config)#do sh vtp sta
    VTP Version                     : 2
    Configuration Revision          : 4
    Maximum VLANs supported locally : 1005
    Number of existing VLANs        : 6
    VTP Operating Mode              : Server
    VTP Domain Name                 : ccie
    VTP Pruning Mode                : Disabled
    VTP V2 Mode                     : Enabled
    VTP Traps Generation            : Disabled
    MD5 digest                      : 0x52 0x38 0x6C 0xA0 0xF1 0x4C 0x56 0x42 
    Configuration last modified by 0.0.0.0 at 11-24-07 11:37:21
    Local updater ID is 0.0.0.0 (no valid interface found)
    SW1(config)#
    
    SW2(config-if-range)#do sh vtp sta
    VTP Version                     : 2
    Configuration Revision          : 0
    Maximum VLANs supported locally : 1005
    Number of existing VLANs        : 5
    VTP Operating Mode              : Transparent
    VTP Domain Name                 : cisco
    VTP Pruning Mode                : Disabled
    VTP V2 Mode                     : Enabled
    VTP Traps Generation            : Disabled
    MD5 digest                      : 0x47 0xB9 0xF3 0x51 0xFA 0xB5 0xEF 0xEC 
    Configuration last modified by 0.0.0.0 at 0-0-00 00:00:00
    SW2(config-if-range)#
    
    SW3(config)#do sh vtp sta
    VTP Version                     : 2
    Configuration Revision          : 3
    Maximum VLANs supported locally : 1005
    Number of existing VLANs        : 5
    VTP Operating Mode              : Client
    VTP Domain Name                 : ccie
    VTP Pruning Mode                : Disabled
    VTP V2 Mode                     : Enabled
    VTP Traps Generation            : Disabled
    MD5 digest                      : 0xDD 0x57 0x0A 0xEA 0x87 0x6C 0x78 0xC7 
    Configuration last modified by 0.0.0.0 at 11-24-07 11:30:44
    SW3(config)#
    

    Even though they are all in version 2 mode, the debug output on SW2 (transparent) says this:
    SW2(config-if-range)#
    13:10:43: VTP LOG RUNTIME: Dropping packet received on trunk Fa0/13 - not in domain ccie
    
    13:10:43: VTP LOG RUNTIME: Dropping packet received on trunk Fa0/13 - not in domain ccie
    

    So it would seem the transparent switch in version 2 mode will not accept the frames from the server in a different domain. Let's fix the domain name.
    SW2(config-if-range)#vtp domain ccie
    Changing VTP domain name from cisco to ccie
    % Command exited out of interface range and its sub-modes.
      Not executing the command for second and later interfaces
    SW2(config)#
    13:15:39: VTP LOG RUNTIME: Relaying packet received on trunk Fa0/13 - in TRANSPARENT MODE (nc = false)
    
    13:15:39: VTP LOG RUNTIME: Relaying packet received on trunk Fa0/13 - in TRANSPARENT MODE (nc = false)
    
    13:15:39: VTP LOG RUNTIME: Relaying packet received on trunk Fa0/16 - in TRANSPARENT MODE (nc = false)
    
    13:15:39: VTP LOG RUNTIME: Relaying packet received on trunk Fa0/16 - in TRANSPARENT MODE (nc = false)
    
    SW2(config)#
    

    So what happened? I am not sure :)

    All the docs say that a switch in VTP transparent/ version 2 will relay vtp frames for a different domain, but the debug output seems to indicate otherwise.

    Will need to look into this one further.

    EDIT: it would seem running version 2 implies all the switches in the broadcast domain must be in the same VTP domain for it to truly be running version 2
    Version-Dependent Transparent Mode—In VTP version 1, a VTP transparent switch inspects VTP messages for the domain name and version and forwards a message only if the version and domain name match. Because VTP version 2 supports only one domain, it forwards VTP messages in transparent mode without inspecting the version and domain name.

    The missing piece would be that a switch in v2 mode will drop all frames that do not match the local domain name before any processing can continue.
    The only easy day was yesterday!
  • MACattackMACattack Member Posts: 121
    Wow, you have explained it clearly but for the three books I have read including study guides it doesn't mentioned that a vtp v2 wil only forward vtp adv if it is in same domain name. Okay it mentioned it will relay vtp adv regardless of vtp domain name and version.
  • rkum99rkum99 Member Posts: 1 ■□□□□□□□□□
    http://www.cisco.com/en/US/docs/switches/lan/catalyst3550/software/release/12.1_13_ea1/configuration/guide/swvtp.html

    I think this will answer your questions.

    Best place to verify is www.cisco.com/univercd
    Google search particular topic inside a particular web site,
    example:- VTP site:www.cisco.com/univercd
  • MACattackMACattack Member Posts: 121
    FROM CISCO SITE , Version-Dependent Transparent Mode—

    In VTP version 1, a VTP transparent switch inspects VTP messages for the domain name and version and forwards a message only if the version and domain name match.

    VTP version 2 supports only one domain, it forwards VTP messages in transparent mode without inspecting the version and domain name.


    The text above is not clear as it forgot to mentioned to be able to send vtp adv. by the transparent switch running v2 it should be in the same domain name. It should remove the last text without inspecting domain name from v2.

    I have tested this last night and same output I got from my switch as dtlokee posted yesterday.

    So, what now which one is correct our practical or from Cisco's doc and info?
  • marlon23marlon23 Member Posts: 164 ■■□□□□□□□□
    Hello guys,

    Thanks for all answers, especially to dtlokee for his clear demonstration. For me it was suprising that even a DTP is in role. I'll investigate this VTP2 thing in Cisco :)
    LAB: 7609-S, 7606-S, 10008, 2x 7301, 7204, 7201 + bunch of ISRs & CAT switches
  • dtlokeedtlokee Member Posts: 2,378 ■■■■□□□□□□
    It seems to indicate when you put a switch in transparent mode that is part of a different domain it will actually partition the VTP version 2 domain into 2 domains (even though they have the same domain name.) Therefore it won't relay the VTP messages from one domain to the other.

    I am thinking of it in terms of putting a switch that only supports 802.1D between 2 switches that are using PVST+. It will partition the domain into 2 parts.
    The only easy day was yesterday!
Sign In or Register to comment.