cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
997
Views
30
Helpful
9
Replies

NM-16ESW and VTP

Wassim Aouadi
Level 4
Level 4

I have two 3725 routers with NM-16ESW module each. I made sure both routers are in VTP server mode, in the same VTP domain and that trunk ports are configured.

When I create VLAN100 on router DLS1, it did not propagate to router DLS2 (through VTP). However, router DLS1 had a higher VTP revision number.

What's wrong?

9 Replies 9

Lucien Avramov
Level 10
Level 10

Higher revision number means they dont talk to each other.

Check the version they have make sure there is no password.

Once the revision matches, it means it worked

indeed, they have very different revision numbers as you can see on the attached snapshots below.

But I neither configured any VTP password, nor I changed VTP version.

DLS2 is in transparent mode according to your DLS2.jpg post , can't propagate if one is transparent. Both are not in server mode according to your post.

one has to be server, the other should be actually client else if both are servers they will not add the vlans from each other.

Proper design should be one in server, the other as client or transparent.

Also the MD5 digest is not the same, that involves that the password need to be set.

I believe the vlans will propagate if you have 2 servers , it does in our setup without any issue . VTP password is not a requirement to make it work just a security paramter if you want to use it . If you aren't going to make a backup of the vlan.dat file anywhere then you are smart to have 2 servers in your setup. Though the size of your setup doesn't really need vtp in my opinion . VTP is really more effective in large setups where you have dozens of vlans that have to be propagated across multiple different switches. Your main problem is one of your switches is transparent thus cannot propagate.

Bonjour Wass,

2 things:

Your main problem is:

-the md5 passwords do not match as the digest is different:

you can either clear the passwords on both, or set the same on both devices:

Switch(config)#no vtp password

OR

SwitchB(config)#vtp password MYPASSWORD

On a side,

-on DLS2, is there a reason why you prefer transparent mode to client mode?

Leo Laohoo
Hall of Fame
Hall of Fame

If you want the VLAN database to propagate, why is there no VTP password configured?

It can propagate even with no password set on both sides.

Both sides needs to match: either they dont have password set or they have the same password set.

Actually, DLS2 was a VTP Transparent. And what I did is "vtp mode server" on it. But I hurried up and typed "wr mem" and didn't pay attention to the output of the router later.

In fact, I noticed I had a NVRAM write failure. Your post telling me that DLS2 is in transparent mode made me read the output of "sh vtp status" once again, this time carefully :)

So I rebooted the router and fixed it.

thank u guys for your useful insights.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco