Join VTP Domain

Unanswered Question
Apr 8th, 2009

A couple issues here, but I need some help figuring out what is best. Scenario is I have two 6513's, two 4510's and two 4507's. The 6513's are in a L3 core configuration with one L2 trunk between them. I have a L3 link to the 4510's and the 4507's. The 4510's and 4507's are all inter-connected via L2 trunks. The 4500 series switches are in one VTP domain, and the 6500's are in a separate VTP domain. The problem is, I have several VLAN's on the 6500's that I now need to pass over to the 4507's and I can set up a Trunk port between them, define the VLAN's in both domains and set the ports to nonegotiate, but I don't think that is the best solution long-term. If I change the VTP Domain name on the 6500's what risks am I taking? The 6500's are set to transparent, and one of the 4510's is set to server, all the rest are client. Thanks in advance for any direction you can give me on this issue.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Giuseppe Larosa Wed, 04/08/2009 - 09:19

Hello Ken,

if the two core C6500 switches are in VTP transparent mode they keep their vlan database local.

if you change the vtp domain name to that of the C45xy the revision number is reset to zero and all the vlan database is lost overwritten by the current vlan database in the serve of the C45xy domain !

I think you have different choices:

or you kept the two C6500 in a different VTP domain in transparent mode and you configure the the trunk ports as nonegotiate (and as trunk port no negotiation can occur at VTP domain boundary).

Or you have to define all the vlans used in the core switches also on the C4510 VTP server. (notice all vlans not only those that you want to propagate to C45xy)

If you do so you can then move the C6500 to the VTP domain make them servers and they will learn all the vlan database from the server.

You need to schedule a maintanance time window and the suggestion is to migrate one C6500 core switch, verify everything is well (vlans, SVIs and so on) and then to make changes on the second core switch.

In the short term it is easier to keep them as VTP transparent in another domain.

if you choice to do so I recommend to make VTP server the second C4510 to have redundancy.

To help protect the network deploy MD5 authentication (if you are not doing it already)

Hope to help

Giuseppe

Actions

This Discussion