Compare cert salaries and plan your next career move
networker050184 wrote: » Both Clients and Servers advertise the VLAN information. The only difference is that you can not create or modify VLANs on the client. So, if a server receives a summary advertisement from a client with a higher revision number it will synchronize its data base to that client.
notgoing2fail wrote: » Is there a reset command for lowering the revision number?
notgoing2fail wrote: » argh!! thanks... Some quick questions... 1) When I create a vlan on SWITCH#1, I thought that vlan info was going to be advertised to SWITCH#2 and SWITCH#2 would also have the new vlan info? It doesn't seem to be working... 2) Is there a reset command for lowering the revision number?
ConstantlyLearning wrote: » 1) What exactly are you doing and what's not working?
notgoing2fail wrote: » So on SWITCH#1 I tried creating a new vlan called: vlan 150. I thought that SWITCH#2 would also get the VTP update and also have vlan 150? When I tried creating vlan 150 on SWITCH#1, I got this error..VLAN 1003 parent VLAN missing APPLY VLAN changes failed. This is vlan 1003: 1003 trcrf-default So what the heck does vlan 1003 have anything to do with me wanting to create a vlan called: vlan 150?
networker050184 wrote: » Did you delete the vlan.dat file?
networker050184 wrote: » An SVI (VLAN interface) is not the same as a VLAN in the database. Just because you have one doesn't mean you have the other.
notgoing2fail wrote: » My concern though is, what if this was a production environment? I mean, I would have been screwed!!!???
mikej412 wrote: » It depends -- do you consider being unemployed as being screwed? The funny thing is that some people do wait until they are in a production environment to figure this stuff out. Anyway -- this is one of the reasons why you want 3 switches in your CCNA Lab. One Server, one client, and one transparent (usually in the middle of the other two.
notgoing2fail wrote: » So I consoled in and checked the vlan status. As it turns out, SWITCH#1 lost it's custom vlan 150 and it's own revision went from 2 to 7, exactly matching SWITCH#2. But how is this possible when SWITCH#1 was set to server mode and SWITCH#2 was set to client mode???
mikej412 wrote: » Anyway -- this is one of the reasons why you want 3 switches in your CCNA Lab. One Server, one client, and one transparent (usually in the middle of the other two.
Forsaken_GA wrote: » You've just learned why most admins will not deploy VTP in a production network. The risk of it doing something you didn't expect and blowing up your VLAN database is simply not worth the risk. And yet the CCNA wants you to learn it anyway, virtually assuring that some wet behind the ears network admin is going to have a resume generating event because of something he read in a book
APA wrote: » If you want to have some real fun.... turn on VTP pruning with the topology Mike gave you above. You can see some nasty effects of running a transparent switch between a server\client topology Also... if your VTP database isn't synchronizing... also check that VTP passwords are the same on all devices in the VTP domain. However in your scenario you managed to wipe the server config with the client DB so one would assume that your VTP passwords are matching. Use 'show vtp password' to verfiy (Note some older IOS images don't support this command)
chmorin wrote: » Ah revision numbers. Let the VTP packet spoofing begin. (Another security issue with VLAN's. IMO the perks outweigh the cons though.)
notgoing2fail wrote: » Ohhh, so you'd rather have VTP than to manage each switch individually?
Forsaken_GA wrote: » Once you have your network in place, you won't often be messing with the vlan setup, most of the administrative overhead is in initial deployment. It takes me about 5 minutes to provision a new vlan, and most of that is the VRRP setup, which has to be done regardless. I usually only have to touch 3 devices (the access switch, the aggregation switch, and the distribution switch). And if I screw up, I only have to touch the same amount of devices to revert my changes. I'll take that any day over the chance that VTP might screw up and blank my vlan setup, guaranteeing that I'll have to touch virtually every device in the network, and have a not so pleasant conversation with my boss to boot.
notgoing2fail wrote: » It really makes me wonder how many features are really implemented in production. So for the CCNA Security, I'm reading about NAC, Cisco CSA blah blah, how it's great and how PCs that aren't compliant don't get on the network.... But at the end of the day, is this actually implemented as sold? I'm sure every company has different policies...
Forsaken_GA wrote: » I'm sure folks that purchase and implement a whole Cisco solution probably deploy some of this stuff. There are a few different free implementations of NAC, so the cisco solution is less appealing, and don't even get me started on CSA.... the operating systems it supports is limited (last time I checked, there was no MacOS desktop agent, which means about half the executives at our company would be out), and I find that Cisco client software tends to absolutely suck. Actually, I take that one step further and just in general say that Cisco software sucks, outside of the IOS images driving their hardware anyway. CiscoWorks drives me up the wall. Everyone's got to remember that yes, when it comes to network certification, Cisco may be the de facto standard, but they are not vendor neutral. They're going to cheer for their solutions, even though it's not necessarily the best solution
Compare salaries for top cybersecurity certifications. Free download for TechExams community.
