×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

vtp mode change

Answered Question
Jan 2nd, 2014
User Badges:

Just want tinbe 100% sure..if I Chang my switch configurations to vtp mode off will they keep their current clans? Have only 4 switches and would rather manually manage vlan changes. They are all currently set to client mode.

Correct Answer by devils_advocate about 3 years 7 months ago

1. You should be backing up your switch configs on a regular basis.

2. You should have a document stored offline which lists ALL your VLAN ID's, their corresponding names and Routable IP addresses.

3. You should be using security features like BPDUGuard and setting all host ports to be Access only to prevent rogue Cisco switches from being plugged in and Trunks forming.


If for some reason somebody was able to plug a Cisco switch into your network and it had the same Revision Number, VTP Domain and Password......and the port was able to form a trunk then there is potential for it to overwrite your Vlan database throughout your VTP domain.


These days, this is highly unlikely if you take the correct precautions as mentioned above. VTP updates are only sent through Trunk ports so all switchports should be 'Switchport Mode Access' unless that have been statically set to be a Trunk port as required.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
paul driver Thu, 01/02/2014 - 12:05
User Badges:
  • Green, 3000 points or more

hello


The easiest way is set   the vtp mode to transparent on all switches.


conf t

vtrp mode transparent


res

Paul







Please don't forget to rate any posts that have been helpful.


Thanks.

Jon Marshall Thu, 01/02/2014 - 12:09
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Chris


Just to add to Paul's response. If you use VTP transparent then when you change to VTP transparent the vlans should be written to the running config so you will not lose them.


Jon

chrisgerke Thu, 01/02/2014 - 13:28
User Badges:

Side question. If someone to plugged in a switch to my network that had the same domain and password and higher revision...and it deleted some of my vlans, a simple quick fix would be to check the running config of a port that was set to inactive, as its vlan would still be listed, then recreate that vlan?

paul driver Thu, 01/02/2014 - 15:16
User Badges:
  • Green, 3000 points or more

Hello


If you had change the vtp mode of these 4 switches to transparent mode  and a new switch was added with the specifics you have stated then no vlans would be deleted/added to any of these switches, As switches in transparent mode only forward vtp advertisements and do not act upon them so synchronisation of their vtp database isn't initiated.


res

Paul


Please don't forget to rate any posts that have been helpful.


Thanks.

Correct Answer
devils_advocate Fri, 01/03/2014 - 02:27
User Badges:
  • Gold, 750 points or more
  • Community Spotlight Award,

    Small Business, November 2015

1. You should be backing up your switch configs on a regular basis.

2. You should have a document stored offline which lists ALL your VLAN ID's, their corresponding names and Routable IP addresses.

3. You should be using security features like BPDUGuard and setting all host ports to be Access only to prevent rogue Cisco switches from being plugged in and Trunks forming.


If for some reason somebody was able to plug a Cisco switch into your network and it had the same Revision Number, VTP Domain and Password......and the port was able to form a trunk then there is potential for it to overwrite your Vlan database throughout your VTP domain.


These days, this is highly unlikely if you take the correct precautions as mentioned above. VTP updates are only sent through Trunk ports so all switchports should be 'Switchport Mode Access' unless that have been statically set to be a Trunk port as required.

chrisgerke Sun, 01/05/2014 - 19:26
User Badges:

Side question, with regard to backups, I've been doing the following for my DR documentation....am I missing anything?


SW 3750 STACK

sh ver

sh boot

sh env all

sh inv

sh switch detail

sh cdp nei

sh vlan

sh interfaces

sh interfaces status

sh interfaces trunk

sh ip eigrp neighbors

sh ether-channel detail

sh ip int bri

sh run


SW 4500

sh ver

sh bootflash:

sh env status

sh inv

sh module

sh power

sh cdp nei

sh vlan

sh interfaces

sh interfaces status

sh interfaces trunk

sh ip eigrp neighbors

sh ether-channel detail

sh ip int bri

sh run


ROUTER 2800

sh ver

sh flash:

sh env all

sh inv

sh cdp nei

sh vlans

sh int

sh int status

sh ip int bri

sh ip eigrp nei

sh run


ASA 5520

sh ver

sh inv

sh module all

sh vlan

sh interface detail

sh interface ip bri

sh run


Would you recommend any other settings/commands to capture.

Actions

This Discussion