Solved: Network down by excessive VLANs (VTP)

ahurtadove · ‎08-06-2010

Hello fellow colleagues,

I have a really interesting question right here, it happened to me yesterday morning and trying to find any explanation was a bit difficult for this matter, maybe some of you guys could help me, here it is:

I had to add three VLANs to a medium sized switched network which had a quite big number of vlans for the size the network was (63 vlans) and I added them in the VTP Server switch for it to propagate them throughout the network. The thing is that two switches in the network were completely out and they were not communicating with anybody and could only see the CDP neighbor table, no telnet, no ssh, no ping, it just wasn't answering.

Knowing the fact that the switches that get to the maximum number of vlans configured (64) turn themselves into VTP Transparent mode doesn't mean that the switch will not communicate with anybody in the network and it does not reset the revision number, so there had to be something else here that affected the switch. I know that my configuration was the starting point but I believe that there was something in the switch previously configured that caused the outage.

Thanks in advance for your kind support

Nagaraja Thanthry · ‎08-06-2010

Hello,

What switch model you were using in your network? Also, can you post the

output of "show vtp status" from the switches in question?

Regards,

NT

View solution in original post

Nagaraja Thanthry · ‎08-06-2010

Hello,

When you turned on the VTP server, did you configure the other two switches

in client mode? What about the VTP domain/password settings? The symptoms

you describe indicate that when you configured the VTP server and assuming

that the other two switches were configured as clients, the VTP information

did not propagate properly. Also, seems like your native vlan on the trunks

was different from your management vlan. Hence you lost connectivity to the

switches. Can you verify:

-- VTP domain name on all client switches and make sure that it matches the

server

-- VTP password on all switches

-- Make the native vlan as the management vlan

Hope this helps.

Regards,

NT

ahurtadove · ‎08-06-2010

Hello Nagaraja,

The network was working fine until I made this configuration, so the first two thigs that you suggest were configured correctly also it did propagate correctly because when I looked into the switch it had 63 vlans and only one was added through VTP and it turned to VTP Transparent when it reached it's maximun (64).

Now, it could have been something about the native vlan but once more, the network was working perfectly just before I made the changes.

Nagaraja Thanthry · ‎08-06-2010

Hello,

What switch model you were using in your network? Also, can you post the

output of "show vtp status" from the switches in question?

Regards,

NT

ahurtadove · ‎08-06-2010

Sorry, I hit the wrong button by giving this as the right answer, please keep helping me.

This are the sh vtp stat from the routers involved, will start with the server.

XX-XXX-core#sh vtp stat
VTP Version                     : running VTP1 (VTP2 capable)
Configuration Revision          : 76
Maximum VLANs supported locally : 1005
Number of existing VLANs        : 63
VTP Operating Mode              : Server
VTP Domain Name                 : XXX
VTP Pruning Mode                : Enabled
VTP V2 Mode                     : Disabled
VTP Traps Generation            : Enabled
MD5 digest                      : 0x04 0x50 0x30 0x5D 0x42 0x65 0xA6 0xEB
Configuration last modified by 10.0.0.1 at 8-5-10 20:42:28
Local updater ID is 10.0.0.1 on interface Vl2 (lowest numbered VLAN interface found)

This is one of the clients

XX_XXX_s17_XXXX#sh vtp status
VTP Version                     : 2
Configuration Revision          : 76
Maximum VLANs supported locally : 64
Number of existing VLANs        : 63
VTP Operating Mode              : Client
VTP Domain Name                 : XXX
VTP Pruning Mode                : Enabled
VTP V2 Mode                     : Disabled
VTP Traps Generation            : Enabled
MD5 digest                      : 0x04 0x50 0x30 0x5D 0x42 0x65 0xA6 0xEB
Configuration last modified by 10.0.0.1 at 8-5-10 20:42:28

this is a WS-C2950-12 with IOS c2950-i6q4l2-mz.121-13.EA1.bin

And the other affected switch:

XX_XXX_s23_c#sh vtp status
VTP Version                     : 2
Configuration Revision          : 76
Maximum VLANs supported locally : 64
Number of existing VLANs        : 63
VTP Operating Mode              : Client
VTP Domain Name                 : XXX
VTP Pruning Mode                : Enabled
VTP V2 Mode                     : Disabled
VTP Traps Generation            : Enabled
MD5 digest                      : 0x04 0x50 0x30 0x5D 0x42 0x65 0xA6 0xEB
Configuration last modified by 10.0.0.1 at 8-5-10 20:42:28

this is a WS-C2950SX-48-SI with IOS c2950-i6q4l2-mz.121-22.EA6.bin

WE SOLVED THIS ISSUE BY DELETING SOME VLANS THAT WERE NOT IN USE ANYMORE BUT I NEED AN EXPLANATION OF THE SWITCH OUTAGE

Nagaraja Thanthry · ‎08-06-2010

Hello,

You are correct in that the switch supports only 64 VLANs. But I am not sure

why it broke communication with rest of the network. Please check the native

VLAN and make sure that your management vlan is the same as native vlan. If

you are configuring VTP, then you might want to configure VTP pruning so the

server can prune unwanted VLANs.

Hope this helps.

Regards,

NT

burleyman · ‎08-06-2010

NT,

I believe the switch supports more than 64 VLAN's I think you ran into a spanning-tree problem as the switch only supports 64 spanning-tree instances but support 128 or 250 VLAN's. So if you have PVST running it would have caused your issue as it could have caused a routing loop. See below..

Supported VLANs

Catalyst 2950 switches that run the standard software image (SI) support 128 VLANs; Catalyst 2950 and Catalyst 2955 switches that run the enhanced software image (EI) 250 VLANs. For the list of switches that support each image, see the release notes. VLANs are identified with a number from 1 to 4094. VLAN IDs 1002 through 1005 are reserved for Token Ring and FDDI VLANs. VTP only learns normal-range VLANs, with VLAN IDs 1 to 1005; VLAN IDs greater than 1005 are extended-range VLANs and are not stored in the VLAN database. The switch must be in VTP transparent mode when you create VLAN IDs from 1006 to 4094.

The switch supports per-VLAN spanning-tree plus (PVST+) and rapid PVST+ with a maximum of 64 spanning-tree instances. One spanning-tree instance is allowed per VLAN. See the "Normal-Range VLAN Configuration Guidelines" section for more information about the number of spanning-tree instances and the number of VLANs. The switch supports IEEE 802.1Q trunking for sending VLAN traffic over Ethernet ports.

Here is the link I got this from.

http://www.cisco.com/en/US/docs/switches/lan/catalyst2950/software/release/12.1_22ea/SCG/swvlan.html#wp1353846

Hope this helps. Please correct me if I am wrong.

Mike