Solved: vtp question

davegibelli · ‎05-09-2010

I just changed the vtp domain name on a 3750 switch that was in client mode.

Now I cannot login to the swich and the upstream swich only shows vlan 1 as not pruned on the link!

Changing the domain name should not cause anything to chage should it?

Peter Paluch · ‎05-09-2010

Hello Dave,

You have probably VTP Pruning activated in your VTP domain. Is that so?

If yes then you've run into an unpleasant situation. For VTP Pruning to work properly, two switches on a trunk link must be in the same VTP domain to properly advertise the VTP Join packets that contains the list of used and unused VLANs. If a device does not send VTP Join packets, or if these VTP Join packets are considered invalid, the device on the opposite side of the trunk link assumes that no VLANs are used at the other end and it will prune all VLANs from that trunk.

This is probably what happened to you. On a single trunk link, there are two switches in different VTP domains. They send VTP Join packets but they mutually ignore them because each one is originated in a different VTP domain. As a result, none of the two switches accepts the information about active VLANs at the other end, and both switches are pruning the VLANs off that trunk.

The solution is to prevent the switches from pruning VLANs on that particular trunk using the command switchport trunk pruning vlan none on both sides of the trunk link. Unfortunately, if you cannot remotely access the switch stack you will have to enter this command from the console of the switch stack.

Best regards,

Peter

View solution in original post

Reza Sharifi · ‎05-09-2010

Hi,

Changing the VTP domain name should not cause any issue.

HTH

Reza

davegibelli · ‎05-09-2010

I know! but I have lost a stack of 3x 3750 switches...!

Peter Paluch · ‎05-09-2010

Hello Dave,

You have probably VTP Pruning activated in your VTP domain. Is that so?

If yes then you've run into an unpleasant situation. For VTP Pruning to work properly, two switches on a trunk link must be in the same VTP domain to properly advertise the VTP Join packets that contains the list of used and unused VLANs. If a device does not send VTP Join packets, or if these VTP Join packets are considered invalid, the device on the opposite side of the trunk link assumes that no VLANs are used at the other end and it will prune all VLANs from that trunk.

This is probably what happened to you. On a single trunk link, there are two switches in different VTP domains. They send VTP Join packets but they mutually ignore them because each one is originated in a different VTP domain. As a result, none of the two switches accepts the information about active VLANs at the other end, and both switches are pruning the VLANs off that trunk.

The solution is to prevent the switches from pruning VLANs on that particular trunk using the command switchport trunk pruning vlan none on both sides of the trunk link. Unfortunately, if you cannot remotely access the switch stack you will have to enter this command from the console of the switch stack.

Best regards,

Peter

Jon Marshall · ‎05-09-2010

Peter

Would a fix to get onto the VTP client remotely not be simply to disable VTP pruning on the VTP server temporarily ? The client still has it's vlan database intact and once the VTP server stops pruning the trunk link should then forward all vlans.

Edit - or is too late now that the VTP domain name on the client switch has been changed ?

Jon

Peter Paluch · ‎05-09-2010

Jon,

This is a very good question. I have a feeling that deactivating the VTP Pruning on the VTP server switch alone will not help. I must admit that I am not absolutely sure myself, but let me explain my standpoint.

The VTP Pruning is based on a very simple (perhaps even naive) principle: each switch on a common trunk periodically sends VTP Join messages to indicate which VLANs are currently active on it. Consequently, each received VTP Join message is analyzed to see what VLANs are currently active on the other end, and if some of them are found to be inactive, they will be pruned off that trunk. There is a hidden asymmetricity in this process: a switch prunes off those VLANs that are unused at the other end, and vice versa. If no valid VTP Join messages are received, it is equivalent to receiving a VTP Join message in which all VLANs (except VLAN1) are declared inactive.

You suggested deactivating the VTP Pruning on the VTP server. That will cause the "old" VTP domain to stop advertising and processing VTP Join packets altogether. However, the VTP client switch is in a different VTP domain, thus, deactivating the VTP Pruning on the VTP server won't affect this particular setting on the VTP client switch and it will continue running VTP Pruning as before. It will expect to receive VTP Join messages from surrounding switches but they will not even advertise them anymore. Thus, the situation will be very similar - before deactivating the VTP Pruning, the client switch rejected the VTP Join messages because they were originated in a different domain. Now, it will not receive any VTP Join messages at all. The net result will be still the same - the client switch will have all VLANs pruned off its end of the trunk.

If you see the VTP Pruning process working in a different manner then please share your thoughts here! The VTP Pruning is one of the lesser documented features and I've learned most things about it only by trial-and-error.

Best regards,

Peter