some questions about vtp,arp

Answered Question
Dec 5th, 2009
User Badges:
  • Bronze, 100 points or more

Hi every body!


It has been a while since i visited this forum.  A lot of  good changes in just few months!



Let say we have two hosts, h1 and h2 on a segment..


h1--  199.199.199.1/24


h2  -- 199.199.199.2/24         


Arp table at h1 is :


199.199.199.2---mac2  (where mac2 is the mac address of h2)


Now after 5 minutes this entry will be deleted or if h1 receives a frame from h2 before 5 minutes, the timer will restart.


Let say we connect another host say h3 with ip address 199.199.199.2/24( note the h3 has the ip address already assigned to h2).





H1 has the arp table:


199.199.199.2--mac2 (mac2 is the mac address of h2)


H1 receives a frame from h3.


Will h1 removes the entry" 199.199.199.2---mac2  " or h1 will simply add the entry " 199.199.199.2--mac3" in its arp table as shown below:


199.199.199.2-----mac2

199.199.199.2------mac3 ( where mac 3 is the mac address of host3)





===================================================================================



VTP:


vtp messages are sent every 5 minutes   . My book says  the purpose  is if new switch joins the vtp domain, so it could learn vtp, vlan info by these

messages.


But then my book also says when the new switch joins the vtp domain, it sends the advertisement request , the other switch upon receiving the request, sends the vtp summary, subset messages.  Here we see that a new switch is able to learn vtp,vlan info without the need of perodic vtp advertisments every 5 minutes.    So what is the purpose of these perodic vtp advertisements every 5 minutes?



=================================================================================




Let say we have a  switch which is not connected to any switch. I  configure a vlan 2 on the switch. Will this vlan show up in out put  of" show vlan brief" ?


Will this vlan be considered active vlan ,keeping in mind there is no trunk on the switch,?


====================================================================================







Thanks a lot  and have a nice weekend.

Correct Answer by Giuseppe Larosa about 7 years 7 months ago

Hello Sarah,

nice to hear from you.

I hope you are well.


about your questions:

ARP table timeout is more then 5 minutes for example on routers it is 4 hours.


if H3 host sends out a gratuitous ARP saying the MAC address associated to 199.199.199.2 and host1 accepts this kind of messages, MAC3 host1 will update its ARP table.


if host1 receives a frame with MAC DA = mac1, MAC SA= MAC3 carrying an IP packet with source IP address 199.199.199.2 it may update its ARP table or not. This fact of updating the ARP without involving  ARP messages but looking at received traffic is called ARP gleaning and for example some Cisco routers don't support it for IPv4.

I recall ARP gleaning supported in appletalk networks.

A standard PC with a current os may support ARP gleaning.


Gratuituos ARP are the base for some man in the middle attacks at layer2 as noted by Jon.


2) why VTP messages are sent every 5 minutes

well, when VTP was introduced vtp client implementation clearly stated that VTP client should not store the vlan database in any form.

Nowdays, IOS based switches behave differently: they keep a copy of last Vlan database in famous vlan.dat file and allows you to use them even if they are not connected to any VTP server: of course they don't allow to create a new vlan.

VTP uses reasoning like RIP : they repeat all the known information at scheduled intervals.

This allows a downstream switch to detect that it had missed an update (this can happen for different reasons) so it is a safety measure to ensure that vlan databases are kept in sync on all devices. the vtp client that detects a mismatch can request the details of vlan records that have changed.


Hope to help

Giuseppe

Correct Answer by Jon Marshall about 7 years 7 months ago

sarahr202 wrote:


Hi every body!


It has been a while since i visited this forum.  A lot of  good changes in just few months!



Let say we have two hosts, h1 and h2 on a segment..


h1--  199.199.199.1/24


h2  -- 199.199.199.2/24         


Arp table at h1 is :


199.199.199.2---mac2  (where mac2 is the mac address of h2)


Now after 5 minutes this entry will be deleted or if h1 receives a frame from h2 before 5 minutes, the timer will restart.


Let say we connect another host say h3 with ip address 199.199.199.2/24( note the h3 has the ip address already assigned to h2).





H1 has the arp table:


199.199.199.2--mac2 (mac2 is the mac address of h2)


H1 receives a frame from h3.


Will h1 removes the entry" 199.199.199.2---mac2  " or h1 will simply add the entry " 199.199.199.2--mac3" in its arp table as shown below:


199.199.199.2-----mac2

199.199.199.2------mac3 ( where mac 3 is the mac address of host3)





===================================================================================



VTP:


vtp messages are sent every 5 minutes   . My book says  the purpose  is if new switch joins the vtp domain, so it could learn vtp, vlan info by these

messages.


But then my book also says when the new switch joins the vtp domain, it sends the advertisement request , the other switch upon receiving the request, sends the vtp summary, subset messages.  Here we see that a new switch is able to learn vtp,vlan info without the need of perodic vtp advertisments every 5 minutes.    So what is the purpose of these perodic vtp advertisements every 5 minutes?



=================================================================================




Let say we have a  switch which is not connected to any switch. I  configure a vlan 2 on the switch. Will this vlan show up in out put  of" show vlan brief" ?


Will this vlan be considered active vlan ,keeping in mind there is no trunk on the switch,?


====================================================================================







Thanks a lot  and have a nice weekend.


Sarah


Long time no see. How are things with you, is the training going well in the army ?


The arp question -


h1 will overwrite h2 entry with entry from h3. This is actually one of the ways you can hack a network at L2, by diverting traffic.


VTP question -


the 5 minute updates are just way for the VTP server switches to inform the rest of the switches what the current VTP domain name is and what the revision number is. Imagine a situation where an existing switch in the VTP domain temporarily loses it's trunk connection to the VTP server. It then comes back. Only when the 5 min update was received would the switch realise it had a lower configuration number and it would then send a request to the VTP server for an update.


If you create vlan 2 yes it will show up in "sh vlan brief". Yes it should be seen as active.


Jon

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
Correct Answer
Jon Marshall Sat, 12/05/2009 - 16:16
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

sarahr202 wrote:


Hi every body!


It has been a while since i visited this forum.  A lot of  good changes in just few months!



Let say we have two hosts, h1 and h2 on a segment..


h1--  199.199.199.1/24


h2  -- 199.199.199.2/24         


Arp table at h1 is :


199.199.199.2---mac2  (where mac2 is the mac address of h2)


Now after 5 minutes this entry will be deleted or if h1 receives a frame from h2 before 5 minutes, the timer will restart.


Let say we connect another host say h3 with ip address 199.199.199.2/24( note the h3 has the ip address already assigned to h2).





H1 has the arp table:


199.199.199.2--mac2 (mac2 is the mac address of h2)


H1 receives a frame from h3.


Will h1 removes the entry" 199.199.199.2---mac2  " or h1 will simply add the entry " 199.199.199.2--mac3" in its arp table as shown below:


199.199.199.2-----mac2

199.199.199.2------mac3 ( where mac 3 is the mac address of host3)





===================================================================================



VTP:


vtp messages are sent every 5 minutes   . My book says  the purpose  is if new switch joins the vtp domain, so it could learn vtp, vlan info by these

messages.


But then my book also says when the new switch joins the vtp domain, it sends the advertisement request , the other switch upon receiving the request, sends the vtp summary, subset messages.  Here we see that a new switch is able to learn vtp,vlan info without the need of perodic vtp advertisments every 5 minutes.    So what is the purpose of these perodic vtp advertisements every 5 minutes?



=================================================================================




Let say we have a  switch which is not connected to any switch. I  configure a vlan 2 on the switch. Will this vlan show up in out put  of" show vlan brief" ?


Will this vlan be considered active vlan ,keeping in mind there is no trunk on the switch,?


====================================================================================







Thanks a lot  and have a nice weekend.


Sarah


Long time no see. How are things with you, is the training going well in the army ?


The arp question -


h1 will overwrite h2 entry with entry from h3. This is actually one of the ways you can hack a network at L2, by diverting traffic.


VTP question -


the 5 minute updates are just way for the VTP server switches to inform the rest of the switches what the current VTP domain name is and what the revision number is. Imagine a situation where an existing switch in the VTP domain temporarily loses it's trunk connection to the VTP server. It then comes back. Only when the 5 min update was received would the switch realise it had a lower configuration number and it would then send a request to the VTP server for an update.


If you create vlan 2 yes it will show up in "sh vlan brief". Yes it should be seen as active.


Jon

sarahr202 Sun, 12/06/2009 - 12:01
User Badges:
  • Bronze, 100 points or more

Thanks Jon.


I am just done with combat training.  Now i am doing advanced individual training.   As for the training, it was very fun, specially  long marches of 9 miles with 55 pounds on the shoulder, were very tiring and fun at the same time. I used to recall cisco's stuffs on those marches to kill the time.


Here at this training place, we are allowed 1 -hr -internet a day,so i might not be able to reply as promptly as i used to .






" Imagine a situation where an existing switch in the VTP domain temporarily loses it's trunk connection to the VTP server. It then comes back. Only when the 5 min update was received would the switch realise it had a lower configuration number and it would then send a request to the VTP server for an update."


But my book says  soon as a new added switch senses the trunk is up,it will send vtp request message.



Based on the above, it appears to me that   a newly added switch does not need to wait for vtp update to be received before it can send vtp request message.



Thanks Jon and you have a nice day.

Jon Marshall Sun, 12/06/2009 - 12:30
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

sarahr202 wrote:


Thanks Jon.


I am just done with combat training.  Now i am doing advanced individual training.   As for the training, it was very fun, specially  long marches of 9 miles with 55 pounds on the shoulder, were very tiring and fun at the same time. I used to recall cisco's stuffs on those marches to kill the time.


Here at this training place, we are allowed 1 -hr -internet a day,so i might not be able to reply as promptly as i used to .






" Imagine a situation where an existing switch in the VTP domain temporarily loses it's trunk connection to the VTP server. It then comes back. Only when the 5 min update was received would the switch realise it had a lower configuration number and it would then send a request to the VTP server for an update."


But my book says  soon as a new added switch senses the trunk is up,it will send vtp request message.



Based on the above, it appears to me that   a newly added switch does not need to wait for vtp update to be received before it can send vtp request message.



Thanks Jon and you have a nice day.


Sarah


Sounds pretty hard going to me !


The VTP situation i was talking about was not a new switch being added to the network but an existing switch that has already synched it's vlan databse with the VTP server. Then it's trunk temporarily goes down while an update is sent from the VTP server. When it comes back up it still has it's vlan database so it won't query the VTP server, but when it receives the next update it will realise it has a lower revision number and so then request an full update from the VTP server.


Jon

Correct Answer
Giuseppe Larosa Sun, 12/06/2009 - 00:19
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

Hello Sarah,

nice to hear from you.

I hope you are well.


about your questions:

ARP table timeout is more then 5 minutes for example on routers it is 4 hours.


if H3 host sends out a gratuitous ARP saying the MAC address associated to 199.199.199.2 and host1 accepts this kind of messages, MAC3 host1 will update its ARP table.


if host1 receives a frame with MAC DA = mac1, MAC SA= MAC3 carrying an IP packet with source IP address 199.199.199.2 it may update its ARP table or not. This fact of updating the ARP without involving  ARP messages but looking at received traffic is called ARP gleaning and for example some Cisco routers don't support it for IPv4.

I recall ARP gleaning supported in appletalk networks.

A standard PC with a current os may support ARP gleaning.


Gratuituos ARP are the base for some man in the middle attacks at layer2 as noted by Jon.


2) why VTP messages are sent every 5 minutes

well, when VTP was introduced vtp client implementation clearly stated that VTP client should not store the vlan database in any form.

Nowdays, IOS based switches behave differently: they keep a copy of last Vlan database in famous vlan.dat file and allows you to use them even if they are not connected to any VTP server: of course they don't allow to create a new vlan.

VTP uses reasoning like RIP : they repeat all the known information at scheduled intervals.

This allows a downstream switch to detect that it had missed an update (this can happen for different reasons) so it is a safety measure to ensure that vlan databases are kept in sync on all devices. the vtp client that detects a mismatch can request the details of vlan records that have changed.


Hope to help

Giuseppe

sarahr202 Sun, 12/06/2009 - 12:14
User Badges:
  • Bronze, 100 points or more

Thanks Giuseppe.


It was nice to see the familiar names on this new side.  It was funny,  because when i got the laptop after waiting in line for 30 minutes, and i tried to look up cisco net pro side,i kept getting cisco support community page. Then i realised  may be there is no more cisco net pro side.


How are you doing?  i know i missed a lot during these 3 month of military training but i am back now to learn more and hope to become net pro like you and Jon.



You have a good day Giuseppe and once again, thanks for the awesome answer.

Actions

This Discussion