CSCO11584685 Thu, 07/22/2010 - 03:37
User Badges:

for VTP to work properly. you would need to do the following.


Configure Domain, Password and VTP version on each switch. (they should match)


Usually, when you bring up new switches, their domain will be empty space. so they would take/accept the domain from the first server with domain name. It is important that vtp works properly, specially if your trunks are not hard coded (the negotiation might fail).

milan.kulik Thu, 07/22/2010 - 03:49
User Badges:
  • Red, 2250 points or more

Hi,


usually, those errors are caused by VTP password mismatch (or missing), see

http://www.cisco.com/en/US/tech/tk389/tk689/technologies_tech_note09186a0080890613.shtml#topic15


If you configured a VTP password, then removed it a moved all switches to VTP transparent mode and you are still receiving the MD5 error messages, I'd try to reload the switches.

It sometimes happen the VLAN/VTP info is kept in the  switch memory incorrectly.


BR,

Milan

CSCO11584685 Thu, 07/22/2010 - 12:24
User Badges:

my advice to you is, dont delete vlan.dat. you dont want network outage. now here what you should do.


1-Make your 4 access switches in the same Domain as your Core switches. and Apply the password on all your Switches (I understand you put them on Core only).


2-About the different VTP version. I'll try to make them all Version 2. If it gives you error (in access switches) when changing vtp version from 1 to 2. then you would need to delete the vlan.dat and set up the vtp configurations all over again.


This is why, i would advice you to do step one. check if if your vlans are getting updated through out your network, and you are not getting any errors. If you still having some issues, then doing step 2 will be the next thing.


sully

milan.kulik Thu, 07/22/2010 - 13:34
User Badges:
  • Red, 2250 points or more

Hi,


I agree with

"1-Make your 4 access switches in the same Domain as your Core switches. and Apply the password on all your Switches (I understand you put them on Core only)."


ad


"2-About the different VTP version. I'll try to make them all Version 2. If it gives you error (in access switches) when changing vtp version from 1 to 2. then you would need to delete the vlan.dat and set up the vtp configurations all over again."

AFAIK, the only difference between VTP  ver 1 nad ver 2 is VTP ver 2 supports Token Ring.

It should be possible to run both in the same LAN. If you want to have the same version, it should be no problem running ver 1 on all your switches if some of them are not supporting ver 2.

Deleting vlan.dat is really the last chance.


ad


"This is why, i would advice you to do step one. check if if your vlans are getting updated through out your network, and you are not getting any errors. If you still having some issues, then doing step 2 will be the next thing."

As long as you keep your access switches in transparent mode, the VLANs will NOT get updated through out your network.

But be careful and check the VTP configuration revision number on all switches before moving them from transparent to client or server.

There's a feature called "VTP bomb" - if the VTP revision number is higher on a switch (even a client one) newly connected to a VTP domain, it will become an update source for the VTP domain. So it can easily remove a VLAN from the LAN.


BR,

Milan

CSCO11584685 Thu, 07/22/2010 - 16:52
User Badges:

"But be careful and check the VTP configuration revision number on all  switches before moving them from transparent to client or server.

There's  a feature called "VTP bomb" - if the VTP revision number is higher on a  switch (even a client one) newly connected to a VTP domain, it will  become an update source for the VTP domain. So it can easily remove a  VLAN from the LAN."


As long as they are transparent, the revision will be zero. so there will be no issue changing them to server or client. I would worry bout what you said when connecting a switch to production network without checking its vtp revision. Changing it to transparent will make revision number to become zero.

milan.kulik Fri, 07/23/2010 - 00:26
User Badges:
  • Red, 2250 points or more

Hi,


ad "As long as they are transparent, the revision will be zero."

I was not 100% sure. In the past, this was not always working - bugs possibly.

Hopefully it's OK with the latest IOS.

Still I'd recommend checking the revision number before any change in VTP.


BR,

Milan

Actions

This Discussion