Options
What's the minimum requirement for VTP to work?
workfrom925
Member Posts: 196
in CCNA & CCENT
Does VTP work by default on Cisco switches? Or at least a vtp domain name is required?
Right now I have three switches connected to each other. All of them are in VTP server mode without VTP domain name. Trunking seems to be working. I created VLAN 10, 20, 30, and 100 manually on each switch. Then I created a few extra VLAN in one individual switch, but they don't seem to show up on the other switches.
BTW, is encapsulation method n-802.1q in S3 (Cisco 3550) the same as 802.1q in S1 and S2 (Cisco 2950)?
=======
S3#show int trunk
Port Mode Encapsulation Status Native vlan
Fa0/2 desirable n-802.1q trunking 1
Port Vlans allowed on trunk
Fa0/2 1-4094
Port Vlans allowed and active in management domain
Fa0/2 1,10,12,20,30
Port Vlans in spanning tree forwarding state and not pruned
Fa0/2 1,10,12,20,30
S3#
S2>en
S2#show int trunk
Port Mode Encapsulation Status Native vlan
Fa0/1 desirable 802.1q trunking 1
Port Vlans allowed on trunk
Fa0/1 1-4094
Port Vlans allowed and active in management domain
Fa0/1 1,10,20,30,100
Port Vlans in spanning tree forwarding state and not pruned
Fa0/1 1,10,20,30,100
S2#
S1>
S1>ena
S1#show int trunk
Port Mode Encapsulation Status Native vlan
Fa0/1 on 802.1q trunking 1
Fa0/2 on 802.1q trunking 1
Port Vlans allowed on trunk
Fa0/1 1-4094
Fa0/2 1-4094
Port Vlans allowed and active in management domain
Fa0/1 1,10,20,22,30,33,100
Fa0/2 1,10,20,22,30,33,100
Port Vlans in spanning tree forwarding state and not pruned
Fa0/1 10,20,22,30,33
Fa0/2 10,20,22,30,33
S1#
Right now I have three switches connected to each other. All of them are in VTP server mode without VTP domain name. Trunking seems to be working. I created VLAN 10, 20, 30, and 100 manually on each switch. Then I created a few extra VLAN in one individual switch, but they don't seem to show up on the other switches.
BTW, is encapsulation method n-802.1q in S3 (Cisco 3550) the same as 802.1q in S1 and S2 (Cisco 2950)?
=======
S3#show int trunk
Port Mode Encapsulation Status Native vlan
Fa0/2 desirable n-802.1q trunking 1
Port Vlans allowed on trunk
Fa0/2 1-4094
Port Vlans allowed and active in management domain
Fa0/2 1,10,12,20,30
Port Vlans in spanning tree forwarding state and not pruned
Fa0/2 1,10,12,20,30
S3#
S2>en
S2#show int trunk
Port Mode Encapsulation Status Native vlan
Fa0/1 desirable 802.1q trunking 1
Port Vlans allowed on trunk
Fa0/1 1-4094
Port Vlans allowed and active in management domain
Fa0/1 1,10,20,30,100
Port Vlans in spanning tree forwarding state and not pruned
Fa0/1 1,10,20,30,100
S2#
S1>
S1>ena
S1#show int trunk
Port Mode Encapsulation Status Native vlan
Fa0/1 on 802.1q trunking 1
Fa0/2 on 802.1q trunking 1
Port Vlans allowed on trunk
Fa0/1 1-4094
Fa0/2 1-4094
Port Vlans allowed and active in management domain
Fa0/1 1,10,20,22,30,33,100
Fa0/2 1,10,20,22,30,33,100
Port Vlans in spanning tree forwarding state and not pruned
Fa0/1 10,20,22,30,33
Fa0/2 10,20,22,30,33
S1#
Comments
-
Optionstheodoxa
Member Posts: 1,340 ■■■■□□□□□□
Trunks are created automatically by DTP (Dynamic Trunking Protocol) which is separate protocol from VTP. I seem to remember that when I assigned a VTP Domain to even one switch all the others would (this was unexpected) assign themselves to the same VTP Domain [if they were not already configured with a VTP Domain.] Try setting the VTP Domain on any one switch and see what happens.R&S: CCENT → CCNA → CCNP → CCIE [ ]
Security: CCNA [ ]
Virtualization: VCA-DCV [ ] -
Optionsvanquish23
Member Posts: 224
If it makes you feel any better...the old CCNA exam is expiring and the new CCNA R:/S does not have VTP anymore.He who SYNs is of the devil, for the devil has SYN'ed and ACK'ed from the beginning. For this purpose, that the ACK might destroy the works of the devil.
-
Optionstheodoxa
Member Posts: 1,340 ■■■■□□□□□□
I believe that n-802.1q means that 802.1Q Trunking was "negotiated" on the link as opposed to let's say both ends being statically set to 802.1Q Trunking using the "switchport mode trunk" command.R&S: CCENT → CCNA → CCNP → CCIE [ ]
Security: CCNA [ ]
Virtualization: VCA-DCV [ ] -
Optionspamccabe
Member Posts: 315 ■■■□□□□□□□
Yes, VTP works by default. You can check the VTP behavior by issuing the 'show int fa 0/2 switchport' command. This command will have a field called: Administrative Mode: dynamic auto. (this is the default in my situation, yours may be different) Now, dynamic auto does not negotiate trunk links. If asked, it will create a trunk, but until that happens it will function in access mode. By your output, I believe your interfaces fa 0/1 and fa 0/2 default behavior is dynamic desirable. A dynamic desirable int will attempt to create a trunk port. It will always try to negotiate with the other end, so two desirable ports will form a trunk port.
-
Optionsworkfrom925
Member Posts: 196
vanquish23 wrote: »If it makes you feel any better...the old CCNA exam is expiring and the new CCNA R:/S does not have VTP anymore.
Hi. Do you know why the new CCNA doesn't have VTP any more? Is Cisco doing away with VTP? It should't be because the topic is too hard. It's a lot easier than some other topics. -
Options
networker050184
Mod Posts: 11,962 Mod
Probably because hardly anyone uses it in the real world because it's way more trouble than it's worth.An expert is a man who has made all the mistakes which can be made. -
Optionsworkfrom925
Member Posts: 196
networker050184 wrote: »Probably because hardly anyone uses it in the real world because it's way more trouble than it's worth.
Really? Hold on! In the Cisco material that I'm reading for CCNA, it says it's great for duplicating VLANs among switches in a network. I also see it as a great feature to avoid repeating VLAN set-up procedures in switches.
If it's not used in the real world, how do people duplicate VLANs in the real world? -
Optionstheodoxa
Member Posts: 1,340 ■■■■□□□□□□
workfrom925 wrote: »Really? Hold on! In the Cisco material that I'm reading for CCNA, it says it's great for duplicating VLANs among switches in a network. I also see it as a great feature to avoid repeating VLAN set-up procedures in switches.
If it's not used in the real world, how do people duplicate VLANs in the real world?
The only real value [duplication wise] is keeping the VLAN names the same. Sure, it will duplicate all the VLANs to all the switches, but it can't assign ports to VLANs. But, if you assign a port to a non-existent VLAN, the switch will simply create it for you. So, in reality all VTP saves you is from having to name all the VLANs on each switch. If you're fine with names like VLAN0010, VLAN0020, etc...VTP really isn't doing anything.
By running VTP, you are in effect placing a live bomb on your network that could easily wipe out your VLANs and/or create a significant security risk.R&S: CCENT → CCNA → CCNP → CCIE [ ]
Security: CCNA [ ]
Virtualization: VCA-DCV [ ] -
Optionsnetworker050184
Mod Posts: 11,962 Mod
workfrom925 wrote: »If it's not used in the real world, how do people duplicate VLANs in the real world?
You can just as easily, and much more safely, push out VLAN config to all your devices with a script or network management platform.An expert is a man who has made all the mistakes which can be made. -
Optionsvanquish23
Member Posts: 224
workfrom925 wrote: »Hi. Do you know why the new CCNA doesn't have VTP any more? Is Cisco doing away with VTP? It should't be because the topic is too hard. It's a lot easier than some other topics.
You will start to get into spanning tree (rapid) mostly in the real world these days. Faster convergence time. When a switch goes down and you have to reconfigure it, it would cause issues like VTP and migrates security risks. When using VTP with 4 switches, the first to are configured as Server, then the other two client. Well when you forget to configure VTP client, instead server, that switches gets all VLAN updates and causes switch loops.He who SYNs is of the devil, for the devil has SYN'ed and ACK'ed from the beginning. For this purpose, that the ACK might destroy the works of the devil. -
OptionsNetworkVeteran
Member Posts: 2,338 ■■■■■■■■□□
True.Sure, it will duplicate all the VLANs to all the switches, but it can't assign ports to VLANs. But, if you assign a port to a non-existent VLAN, the switch will simply create it for you.
Well, not exactly. VTP has a few more, and arguably more important perks--So, in reality all VTP saves you is from having to name all the VLANs on each switch. If you're fine with names like VLAN0010, VLAN0020, etc...VTP really isn't doing anything.
1. Consider you add VLAN30 to access switch 1 and 2. Distribution switches separate them. Will those distribution switches forward traffic for VLAN30 between the access switches? No! VLAN30 doesn't exist on the distribution switches.
2. Suppose your script auto-creates VLAN30 on all your switches. Traffic for VLAN30 will now be flooded across all the trunk links that are STP-Forwarding. VTP can do better by pruning VLANs off trunk links where it doesn't need to be.
3. VTP allows you to suspend a VLAN across all your switches with one command.
True.By running VTP, you are in effect placing a live bomb on your network that could easily wipe out your VLANs
