VTP V1 vs V2

Undy

Hey Folks.

This is not something I would do in the real world but more of a lab just to wrap my head around the difference between VTP version 1 and version 2. In the real world, I have always just used V2 and never set a bridge to transparent unless all the local switches were. So anyway:

I am using 3 switches, 2 3550's and 1 2950

Switch1 - 3550 - Server
trunked to (on - nonegotiate)
Switch2 - 3550 - Transparent
trunked to (on - nonnegotiate0
Swtich3 - 2950 - Client

When all are set to VTP Version 1 and the domain is the same across all switches, VLANs created/modified on switch 1 are replicated to Switch3. This was expected.

When all are set to VTP Version 1 and domain on Switch2 is different, VLANs created/modified on switch 1 are NOT replicated to Switch3. This was expected.

The problem becomes: When I change all the switches to V2 The exact same behavior occurs. This is unexpected. With V2 I expected the domain on Switch2 not to matter at all. I expected that the transparent switch would just forward the advertisements no matter what the domain was. If this is not the case, then my understanding of the differences between V1 and V2 is flawed.


Anyone have any ideas? You can see below that Switch1 has a higher revision number, but switch3 clearly doesn't get the subsets.



Switch1#show vtp status
VTP Version : running VTP2
Configuration Revision : 11
Maximum VLANs supported locally : 1005
Number of existing VLANs : 13
VTP Operating Mode : Server
VTP Domain Name : labdom
VTP Pruning Mode : Disabled
VTP V2 Mode : Enabled
VTP Traps Generation : Disabled
MD5 digest : 0xC7 0x5A 0x01 0x9A 0x47 0xBD 0xA7 0xB5
Configuration last modified by 192.168.1.151 at 3-2-93 00:43:13
Local updater ID is 192.168.1.151 on interface Vl1 (lowest numbered VLAN interface found)
Switch1#


Switch2#show vtp status
VTP Version : running VTP2
Configuration Revision : 0
Maximum VLANs supported locally : 1005
Number of existing VLANs : 5
VTP Operating Mode : Transparent
VTP Domain Name : adsf
VTP Pruning Mode : Disabled
VTP V2 Mode : Enabled
VTP Traps Generation : Disabled
MD5 digest : 0x87 0x79 0x62 0x1D 0x90 0xBB 0x7C 0xF7
Configuration last modified by 192.168.1.152 at 3-1-93 00:14:33
Switch2#



Switch3#show vtp status
VTP Version : 2
Configuration Revision : 8
Maximum VLANs supported locally : 250
Number of existing VLANs : 10
VTP Operating Mode : Client
VTP Domain Name : labdom
VTP Pruning Mode : Disabled
VTP V2 Mode : Enabled
VTP Traps Generation : Disabled
MD5 digest : 0xA5 0xE6 0x8F 0xF0 0x55 0xAF 0x99 0x8F
Configuration last modified by 192.168.1.151 at 3-1-93 01:43:37
Switch3#

peanutnoggin

What does your physical topology look like? Can you draw it out in Visio? Is it setup

SW1<->SW2<->SW3 (SW1 & SW3 can only communicate via SW2)

or

SW1<->SW2<->SW3<->SW1(fully redundant)?

Depending upon your setup, this may affect how your VTP will propagate through your trunks for this scenario!!

HTH

-Peanut

tndfr

is it me or your MD5 digest looks a bit different?

Undy

peanutnoggin wrote: »

What does your physical topology look like? Can you draw it out in Visio? Is it setup

SW1<->SW2<->SW3 (SW1 & SW3 can only communicate via SW2)

or

SW1<->SW2<->SW3<->SW1(fully redundant)?

Depending upon your setup, this may affect how your VTP will propagate through your trunks for this scenario!!

HTH

-Peanut

SW1<->SW2<->SW3 (SW1 & SW3 can only communicate via SW2)

Undy

tndfr wrote: »

is it me or your MD5 digest looks a bit different?

I noticed that as well, but the VTP config is identical on SW1 and SW3. Even so, when I change the domain on SW2 to labdom, the changes flow fine. I am assuming the digest created on each switch also includes the revision number, hence the reason why they are different. - But maybe that is not the case. In theory, this should work. Might be too many changes. I will delete the flash:vlan.dat file on each switch, bounce, and start over tonight.

peanutnoggin

According to Cisco, the only difference between VTP V1 & V2 is V2 has support of token ring. When a switch receives a VTP advertisement, the first thing it will check is the domain name. If that is wrong (or different) it will ignore the advertisement. In transparent mode, the switch will ignore updates but forward them to any downstream switch as long as the domain names match and you are using VTP v2.

HTH

-Peanut

tndfr

peanutnoggin wrote: »

According to Cisco, the only difference between VTP V1 & V2 is V2 has support of token ring. When a switch receives a VTP advertisement, the first thing it will check is the domain name. If that is wrong (or different) it will ignore the advertisement. In transparent mode, the switch will ignore updates but forward them to any downstream switch as long as the domain names match and you are using VTP v2.

HTH

-Peanut

from my studies i was under the impression that what the OP is referring to is correct (V2 transparent should forward VTP ads regardless of the domain configured), however reading the cisoc link below there is no mention of it:
Understanding VLAN Trunk Protocol (VTP) - Cisco Systems

Undy

peanutnoggin wrote: »

According to Cisco, the only difference between VTP V1 & V2 is V2 has support of token ring. When a switch receives a VTP advertisement, the first thing it will check is the domain name. If that is wrong (or different) it will ignore the advertisement. In transparent mode, the switch will ignore updates but forward them to any downstream switch as long as the domain names match and you are using VTP v2.

HTH

-Peanut

This makes sense based on the labs I did. My Switch Certification suggest the opposite. From the book:

VTP transparnt switches do not participate in VTP. While in transparent mode, a switch does not advertise its own VLAN configuration, and a switch does not synchronize its VLAN database with received advertisements. In VTP version 1, a transparent mode switch does not even relay VTP information it receives to other switches unless its VTP domain names and VTP version numbers match those of the other switches. In VTP version 2, transparent switches do forward received VTP advertisements out of their trunk ports, acting as VTP relays. This ocurs regardless of the VTP domain name setting.

Undy

tndfr wrote: »

is it me or your MD5 digest looks a bit different?

So I labbed this out a little more. If the config is not up to date the digest will not match. The digest is based on the commands entered into the switch related to VTP. However, this includes VLAN commands. Added a new VLAN changes the digest on all switches participating in the VTP domain.

Makes sense. Since VTP was out of sync, the digests were incorrect.

nareshtechie

Yes, in VTP v2 domain is checked for passing VTP messages. The problem is that if the VTP domain name of adjacent switches doesn't match , then trunking cannot take place.

You should be receiving the following message, even if you set the trunk ports to nonegotiate:
%DTP-5-DOMAINMISMATCH: Unable to perform trunk negotiation on port Gig0/1 because of VTP domain mismatch.

And since trunking won't take place effectively, the VTP messages too cannot be transferred when domain name mismatch is there. But with a domain name empty/blank on the transparent switch, this will work on vTP v2.


Refer: https://supportforums.cisco.com/document/14571/dtp-5-domainmismatch-error-message-displayed-logs-cisco-catalyst-switches

kohr-ah

ZOMBIE THREAD....
Sorry I had to because you brought it back from the dead 5.5 years later.