NM-16ESW and VTP

Unanswered Question
Aug 23rd, 2009
User Badges:

I have two 3725 routers with NM-16ESW module each. I made sure both routers are in VTP server mode, in the same VTP domain and that trunk ports are configured.

When I create VLAN100 on router DLS1, it did not propagate to router DLS2 (through VTP). However, router DLS1 had a higher VTP revision number.

What's wrong?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 3.8 (8 ratings)
Lucien Avramov Sun, 08/23/2009 - 08:57
User Badges:
  • Red, 2250 points or more

Higher revision number means they dont talk to each other.

Check the version they have make sure there is no password.

Once the revision matches, it means it worked

Wassim Aouadi Sun, 08/23/2009 - 09:14
User Badges:

indeed, they have very different revision numbers as you can see on the attached snapshots below.

But I neither configured any VTP password, nor I changed VTP version.

glen.grant Sun, 08/23/2009 - 16:53
User Badges:
  • Purple, 4500 points or more

DLS2 is in transparent mode according to your DLS2.jpg post , can't propagate if one is transparent. Both are not in server mode according to your post.

Lucien Avramov Sun, 08/23/2009 - 20:46
User Badges:
  • Red, 2250 points or more

one has to be server, the other should be actually client else if both are servers they will not add the vlans from each other.

Proper design should be one in server, the other as client or transparent.

Also the MD5 digest is not the same, that involves that the password need to be set.

glen.grant Mon, 08/24/2009 - 03:27
User Badges:
  • Purple, 4500 points or more

I believe the vlans will propagate if you have 2 servers , it does in our setup without any issue . VTP password is not a requirement to make it work just a security paramter if you want to use it . If you aren't going to make a backup of the vlan.dat file anywhere then you are smart to have 2 servers in your setup. Though the size of your setup doesn't really need vtp in my opinion . VTP is really more effective in large setups where you have dozens of vlans that have to be propagated across multiple different switches. Your main problem is one of your switches is transparent thus cannot propagate.

Lucien Avramov Sun, 08/23/2009 - 20:44
User Badges:
  • Red, 2250 points or more

Bonjour Wass,

2 things:

Your main problem is:

-the md5 passwords do not match as the digest is different:

you can either clear the passwords on both, or set the same on both devices:

Switch(config)#no vtp password


SwitchB(config)#vtp password MYPASSWORD

On a side,

-on DLS2, is there a reason why you prefer transparent mode to client mode?

Leo Laohoo Sun, 08/23/2009 - 22:47
User Badges:
  • Super Gold, 25000 points or more
  • Hall of Fame,

    The Hall of Fame designation is a lifetime achievement award based on significant overall achievements in the community. 

  • Cisco Designated VIP,

    2017 LAN, Wireless

If you want the VLAN database to propagate, why is there no VTP password configured?

Lucien Avramov Mon, 08/24/2009 - 22:55
User Badges:
  • Red, 2250 points or more

It can propagate even with no password set on both sides.

Both sides needs to match: either they dont have password set or they have the same password set.

Wassim Aouadi Wed, 08/26/2009 - 09:17
User Badges:

Actually, DLS2 was a VTP Transparent. And what I did is "vtp mode server" on it. But I hurried up and typed "wr mem" and didn't pay attention to the output of the router later.

In fact, I noticed I had a NVRAM write failure. Your post telling me that DLS2 is in transparent mode made me read the output of "sh vtp status" once again, this time carefully :)

So I rebooted the router and fixed it.

thank u guys for your useful insights.


This Discussion