Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
5456
Views
0
Helpful
6
Replies

vtp mode change

Go to solution
chrisgerke
Level 1
Level 1

‎01-02-2014 11:39 AM - edited ‎03-07-2019 05:21 PM

Just want tinbe 100% sure..if I Chang my switch configurations to vtp mode off will they keep their current clans? Have only 4 switches and would rather manually manage vlan changes. They are all currently set to client mode.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
devils_advocate
Level 7
Level 7
In response to chrisgerke

‎01-03-2014 02:27 AM

1. You should be backing up your switch configs on a regular basis.

2. You should have a document stored offline which lists ALL your VLAN ID's, their corresponding names and Routable IP addresses.

3. You should be using security features like BPDUGuard and setting all host ports to be Access only to prevent rogue Cisco switches from being plugged in and Trunks forming.

If for some reason somebody was able to plug a Cisco switch into your network and it had the same Revision Number, VTP Domain and Password......and the port was able to form a trunk then there is potential for it to overwrite your Vlan database throughout your VTP domain.

These days, this is highly unlikely if you take the correct precautions as mentioned above. VTP updates are only sent through Trunk ports so all switchports should be 'Switchport Mode Access' unless that have been statically set to be a Trunk port as required.

View solution in original post

0 Helpful
6 Replies 6

Go to solution
paul driver
VIP
VIP

‎01-02-2014 12:05 PM

hello

The easiest way is set   the vtp mode to transparent on all switches.

conf t

vtrp mode transparent

res

Paul

Please don't forget to rate any posts that have been helpful.

Thanks.


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame

‎01-02-2014 12:09 PM

Chris

Just to add to Paul's response. If you use VTP transparent then when you change to VTP transparent the vlans should be written to the running config so you will not lose them.

Jon

0 Helpful

Go to solution
chrisgerke
Level 1
Level 1
In response to Jon Marshall

‎01-02-2014 01:28 PM

Side question. If someone to plugged in a switch to my network that had the same domain and password and higher revision...and it deleted some of my vlans, a simple quick fix would be to check the running config of a port that was set to inactive, as its vlan would still be listed, then recreate that vlan?

0 Helpful

Go to solution
paul driver
VIP
VIP
In response to chrisgerke

‎01-02-2014 03:16 PM

Hello

If you had change the vtp mode of these 4 switches to transparent mode  and a new switch was added with the specifics you have stated then no vlans would be deleted/added to any of these switches, As switches in transparent mode only forward vtp advertisements and do not act upon them so synchronisation of their vtp database isn't initiated.

res

Paul

Please don't forget to rate any posts that have been helpful.

Thanks.


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful

Go to solution
devils_advocate
Level 7
Level 7
In response to chrisgerke

‎01-03-2014 02:27 AM

1. You should be backing up your switch configs on a regular basis.

2. You should have a document stored offline which lists ALL your VLAN ID's, their corresponding names and Routable IP addresses.

3. You should be using security features like BPDUGuard and setting all host ports to be Access only to prevent rogue Cisco switches from being plugged in and Trunks forming.

If for some reason somebody was able to plug a Cisco switch into your network and it had the same Revision Number, VTP Domain and Password......and the port was able to form a trunk then there is potential for it to overwrite your Vlan database throughout your VTP domain.

These days, this is highly unlikely if you take the correct precautions as mentioned above. VTP updates are only sent through Trunk ports so all switchports should be 'Switchport Mode Access' unless that have been statically set to be a Trunk port as required.

0 Helpful

Go to solution
chrisgerke
Level 1
Level 1
In response to devils_advocate

‎01-05-2014 07:26 PM

Side question, with regard to backups, I've been doing the following for my DR documentation....am I missing anything?

SW 3750 STACK

sh ver

sh boot

sh env all

sh inv

sh switch detail

sh cdp nei

sh vlan

sh interfaces

sh interfaces status

sh interfaces trunk

sh ip eigrp neighbors

sh ether-channel detail

sh ip int bri

sh run

SW 4500

sh ver

sh bootflash:

sh env status

sh inv

sh module

sh power

sh cdp nei

sh vlan

sh interfaces

sh interfaces status

sh interfaces trunk

sh ip eigrp neighbors

sh ether-channel detail

sh ip int bri

sh run

ROUTER 2800

sh ver

sh flash:

sh env all

sh inv

sh cdp nei

sh vlans

sh int

sh int status

sh ip int bri

sh ip eigrp nei

sh run

ASA 5520

sh ver

sh inv

sh module all

sh vlan

sh interface detail

sh interface ip bri

sh run

Would you recommend any other settings/commands to capture.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card