VLAN Server/Client question

Answered Question
Jan 8th, 2010

I have scoured the Cisco docs for a solution, but I still don't know how to solve my problem.

I have one Cat4500 with a SupII+ engine in my LAN that is set as Server, as well as another similar 4500 set as Client. There are about 30 other Catalyst switches that are also VTP Slaves.

The Network Admin I had a year ago had left the network with several switches in Master mode, some in transparent and some in slave. In other words, a complete administrative mess.

I went around to every switch and set the VTP Domain the same, and all the switches are set to Client. Any VLAN addition/change I make on the Server gets properly replicated to the Client switches, except for the 4500.

The config on the problem switch still contains VLAN information, but I am unsure how I can remove it, or even if.

Catalyst_4506_Slave#sho config

.

.

.

interface Vlan1
ip address 166.110.130.31 255.255.252.0
standby 1 ip 166.110.128.254
standby 1 priority 254
standby 1 preempt
!
interface Vlan10
ip address 192.168.10.2 255.255.255.0
ip access-group 10 in
ip helper-address 166.110.128.16
standby 10 ip 192.168.10.254
standby 10 priority 254
standby 10 preempt
!
interface Vlan11
ip address 165.156.14.2 255.255.255.0
ip helper-address 166.110.128.16
standby 11 ip 165.156.14.254
standby 11 priority 254
standby 11 preempt
!
interface Vlan20
ip address 192.168.20.2 255.255.255.0
ip helper-address 166.110.128.16
standby 20 ip 192.168.20.254
standby 20 priority 254
standby 20 preempt
!
interface Vlan30
ip address 192.168.30.2 255.255.255.0
ip helper-address 166.110.128.16
standby 30 ip 192.168.30.254
standby 30 priority 254
standby 30 preempt
!
interface Vlan31
ip address 192.168.31.2 255.255.255.0
ip helper-address 166.110.128.16
standby 31 ip 192.168.31.254
standby 31 priority 254
standby 31 preempt
!
interface Vlan32
ip address 192.168.32.1 255.255.255.0
ip helper-address 166.110.128.16
ip helper-address 166.110.128.19
shutdown
standby 32 ip 165.156.32.254
standby 32 priority 255
standby 32 preempt
!

If I add a VLAN to the Server, it doesn't appear on this Client.

Catalyst_4506_Server#sho vlan

VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
1    default                          active    Gi2/2, Fa2/4, Fa2/5, Fa2/7
2    Energy                           active    Fa2/33, Fa2/34
10   Guest                            active
11   Process                          active    Fa3/15, Fa5/48, Fa6/2, Fa6/13
20   Printers                         active    Fa3/25
30   Desktops30                       active    Fa3/21, Fa5/35
31   Desktops31                       active
32   HPThinClients                    active
33   ApplMGMT                         active    Fa2/6, Fa3/3
35   Meltshop                         active
40   Servers                          active    Fa2/9, Fa2/19
45   Avaya                            active    Fa3/5, Fa3/7, Fa3/9, Fa3/11
50   Wireless                         active
55   Video                            active
65   ClusterHeartbeat                 active
70   Ascom                            active
75   Management                       active
85   Frame                            active
100  ILO                              active    Fa2/10, Fa2/11
900  CORE2ASA                         active    Fa2/28
901  ASA_FAILOVER                     active    Fa2/29, Fa3/1
902  Internet                         active    Fa2/30

Catalyst_4506_Clientl#show vlan

VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
1    default                          active    Fa2/1, Fa2/2, Fa2/3, Fa2/5
2    Energy                           active    Fa4/1
10   Guest                            active
11   Process                          active    Fa4/38, Fa4/39, Fa4/40, Fa4/41
20   Printers                         active
30   Desktops30                       active    Fa3/7
31   Desktops31                       active    Fa3/35
35   Meltshop                         active
40   Servers                          active    Fa4/48
45   Avaya                            active    Fa2/2, Fa2/3, Fa2/14, Fa2/29
50   Wireless                         active
55   ASAFailover                      active
60   ThinClients                      active
65   ClusterHeartbeat                 active
70   Ascom                            active
75   Management                       active
900  CORE2ASA                         active    Fa4/35
901  ASA_FAILOVER                     active    Fa4/36
902  T1toASAOutside                   active    Fa4/37

Catalyst_4506_Slave#sho vtp status
VTP Version                     : 2
Configuration Revision          : 1
Maximum VLANs supported locally : 1005
Number of existing VLANs        : 23
VTP Operating Mode              : Client
VTP Domain Name                 : IRMNet
VTP Pruning Mode                : Disabled
VTP V2 Mode                     : Enabled
VTP Traps Generation            : Enabled
MD5 digest                      : 0x92 0xCD 0x80 0xF5 0x2F 0x25 0xD2 0xD7
Configuration last modified by 166.110.130.31 at 1-5-10 12:45:37

Catalyst_4506_Main#sho vtp status
VTP Version                     : 2
Configuration Revision          : 14
Maximum VLANs supported locally : 1005
Number of existing VLANs        : 26
VTP Operating Mode              : Server
VTP Domain Name                 : IRMNet
VTP Pruning Mode                : Disabled
VTP V2 Mode                     : Enabled
VTP Traps Generation            : Enabled
MD5 digest                      : 0xDF 0xC0 0x99 0xD3 0x12 0xE5 0xE3 0x23
Configuration last modified by 166.110.128.230 at 1-5-10 06:09:55
Local updater ID is 166.110.128.230 on interface Vl1 (lowest numbered VLAN interface found)

What would be the reason why VLAN modifications are not being replicated to the Slave 4500? On the same issue, am I ok to remove the VLAN information from the config and delete the vlan.dat?

Any suggestions would be appreciated. This is driving me nuts.

Thanks

Robert

I have this problem too.
0 votes
Correct Answer by Leo Laohoo about 6 years 10 months ago

For VLAN instances to be distributed from the server to the client it must adhere to the following rules-of-thumb:

1.  VTP domain name must be the same;
2.  VTP password must be the same; and
3.  VTP server do the write/erase and changes while VTP clients receive updates.

"If I add a VLAN to the Server, it doesn't appear on this Client."

I've seen this once and the only way I've resolved this was to delete the VLAN database, reboot the switch.  The config remained the same so the VTP domain name, password and mode were retained.

I'm with Glen here.  Unless you have someone to be a fallguy, I'd leave the vlan.dat alone unless you are sure you won't get your tuch kicked all the way to Pittsburg.   

Correct Answer by glen.grant about 6 years 10 months ago

  I would not delete the vlan.dat unless you plan on starting from scratch and that will kill anyone on the box .Are you talking about removing the layer 2 config or all the layer 3 SVI's that are shown ?   As you can see the vtp revision are not the same so they are not talking .  Does the vtp setup use a password ?  Are they the same ?   The vtp domain name looks like its right on both . On the trunk make sure both sides are the same as to  what is being allowed acrosss the trunk between the server and the client ,  vtp domain name  (looks ok )  and the vtp password and the native vlan is the same .  You take a look here and see if this helps at all .

http://www.cisco.com/en/US/tech/tk389/tk689/technologies_tech_note09186a0080890613.shtml

Correct Answer by Peter Paluch about 6 years 10 months ago

Robert,

Is there perhaps a VTP password configured on the 4500? The password can be displayed using the show vtp password command. The password must match the VTP password as used on remaining switches, or, if no VTP password is used on other switches, it must also be removed from the 4500 (using the no vtp password global configuration command).

The VTP protocol datagrams are sent only through trunk links - double check whether the 4500 is properly performing trunking with its neighboring switches (for example, using the show interfaces trunk command).

Also, making sure that the VTP revision number is reset on the 4500 may be helpful. The VTP revision number can be reset by setting your 4500 switch into VTP Transparent mode and then back to the VTP Server/Client (according to your needs). Make sure that all other switches have a higher but mutually identical VTP revision number and that this number increases monotonically on all other switches when you add, rename or remove a VLAN.

If all this does not help then perhaps some debugging may be helpful. Have a look at the output of the following debug commands:

  • debug sw-vlan vtp events
  • debug sw-vlan vtp packets

Make a change into the VLAN database on a different VTP Server switch and see what the 4500 says when the debugs are activated.

Best regards,

Peter

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (3 ratings)
Loading.
Correct Answer
Peter Paluch Fri, 01/08/2010 - 06:58

Robert,

Is there perhaps a VTP password configured on the 4500? The password can be displayed using the show vtp password command. The password must match the VTP password as used on remaining switches, or, if no VTP password is used on other switches, it must also be removed from the 4500 (using the no vtp password global configuration command).

The VTP protocol datagrams are sent only through trunk links - double check whether the 4500 is properly performing trunking with its neighboring switches (for example, using the show interfaces trunk command).

Also, making sure that the VTP revision number is reset on the 4500 may be helpful. The VTP revision number can be reset by setting your 4500 switch into VTP Transparent mode and then back to the VTP Server/Client (according to your needs). Make sure that all other switches have a higher but mutually identical VTP revision number and that this number increases monotonically on all other switches when you add, rename or remove a VLAN.

If all this does not help then perhaps some debugging may be helpful. Have a look at the output of the following debug commands:

  • debug sw-vlan vtp events
  • debug sw-vlan vtp packets

Make a change into the VLAN database on a different VTP Server switch and see what the 4500 says when the debugs are activated.

Best regards,

Peter

Correct Answer
glen.grant Fri, 01/08/2010 - 07:04

  I would not delete the vlan.dat unless you plan on starting from scratch and that will kill anyone on the box .Are you talking about removing the layer 2 config or all the layer 3 SVI's that are shown ?   As you can see the vtp revision are not the same so they are not talking .  Does the vtp setup use a password ?  Are they the same ?   The vtp domain name looks like its right on both . On the trunk make sure both sides are the same as to  what is being allowed acrosss the trunk between the server and the client ,  vtp domain name  (looks ok )  and the vtp password and the native vlan is the same .  You take a look here and see if this helps at all .

http://www.cisco.com/en/US/tech/tk389/tk689/technologies_tech_note09186a0080890613.shtml

Correct Answer
Leo Laohoo Sat, 01/09/2010 - 14:23

For VLAN instances to be distributed from the server to the client it must adhere to the following rules-of-thumb:

1.  VTP domain name must be the same;
2.  VTP password must be the same; and
3.  VTP server do the write/erase and changes while VTP clients receive updates.

"If I add a VLAN to the Server, it doesn't appear on this Client."

I've seen this once and the only way I've resolved this was to delete the VLAN database, reboot the switch.  The config remained the same so the VTP domain name, password and mode were retained.

I'm with Glen here.  Unless you have someone to be a fallguy, I'd leave the vlan.dat alone unless you are sure you won't get your tuch kicked all the way to Pittsburg.   

ROBERT CROOKS Mon, 01/11/2010 - 05:37

A sincere Thank You to all who answered.

Peter was the first who suggested to check the password on the Server, and that turned out to be the problem.

Why on earth would you create a VTP Domain and password the server and not the clients is beyond me.

And my employees wonder why I ask them to document things...

It's hard to get good help these days....

Actions

This Discussion

Related Content