I'm preparing a procedure for switch (C2950 - C3550) replacements in case of failure.
This includes configuration of the replacement switch.
At the time of the replacement, the only way to configure is via the console connection. To do so, I use the configuration retreived earlier (typically the same as the output of "show run").
I'm puzzled how to copy VTP:VLAN information however,
as the VLAN configuration file (CiscoWorks) is not in ASCII format for console or telnet use.
Can anybody point me to an "how-to" description (or give one) ?
On the 2950 and 3550 the VLAN file is located in flash as the file named vlan.dat. It is NOT a text file and can not be pasted into the switch at the executive or configuration prompt, but it could be copied into flash via TFTP, but this is not recommended or documented.
Depending on how you are running VTP, this is could be a non-issue. If you are installing a NEW switch as a client switch and it has NO VTP configuration information (i.e. no configuration revision number) then it will accept VTP updates from other switches and the VLAN database will be propagated. Check the following for more VTP information.
We could debate VTP here for days, but the bottom line is BE CAREFUL If you do this change the mode of the device to VTP transparent then to VTP client to insure that the VTP configuration revision number is 0.
Now if you are running in VTP transparent mode (i.e. not using VTP), then the VLANs will be in the configuration file and when you save the configuration file, the commands to create the VLANs in the switch will also copy to the vlans into the configuration and SHOULD put them into the database. Note vlan 986 in the following sample:
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
no ip domain-lookup
vtp mode transparent
Bottom line. You may not need to manage the VLAN file at all depending on how you implement VTP.
Your clarification is consistent with our checks carried out already.
However, the switches are indeed in vtp client or (more often) server mode.
When rolling out the switches, a standard sequence for configuration was entered, something like :
vtp mode client
vtp name vtp-domain1
vtp mode client
vtp mode server
The purpose of this sequence was to ensure that the existing VLANs of the vtp domain were not cleared in the other switches of the same vtp domain.
However, I was looking for a way to get such a sequence out of the switch or the configuration, which seems not very possible.
For the time being, I'll prepare several vtp configurations (one per vtp domain), to be loaded after the standard configuration.
Your clarification seems to confirm this method
You're correct by default the switch is in server mode. A NEW (out of the box) switch will not overwrite a VTP domain because the VTP configuration revision number is 0 and it is in a null domain.
The way I understand it, you are concerned with making sure a NEW switch will have the proper configuration and the appropriate VLANs. Let me ask you a couple of questions.
How many VTP domains do you have and are they separated by routers or Layer 3 interfaces?
Do you use VTP to propagate VLANs to other switches?
The number of VTP domains in the network is about 6.
The network itself consists of access switches (C2950-12 and C2950G12 models for a total of about 50 switches), which are connected to the routers in a linear way, i.e. 10 or less switches are interconnected in a linear structure, both ends of which are connected to the L3 switches (C6500 in hybrid mode).
As the total number of VLANs (over 100 now) exceeds the C2950-12 limit, the purpose of the different vtp domains is to limit the VLAN definitions to the VLANs with actual connections in an access structure.
The VTP domains have been chosen to correspond to the 6 access structures.
A second reason for limiting VLAN processing in an access structure is to limit traffic for VLANs external to the access structure itself (PVSTP BPDUs). Such limitation helps limiting the traffic over the trunks between the switches (Ethernet tunnelled over SDH). Therefore traffic to/from the access structures is limited in the L3 switches by limiting the list of VLANs on the concerned trunks.
VTP is used to ensure that the switches in a linear structure support pass on traffic for any new VLAN defined in one of the switches (e.g. because an additional network application).
Does this seem like a reasonable solution.
if I understand correctly, you are using VTP to spread VLAN info through your network.
If your problem concerns only new switches rolling out to your netwrok, why don't you just create a startup-config file containing "VTP domain your_domain" and "VTP mode server" commands and load it into the new switch startup-config via tftp during the initial configuration phase (i.e. after taking the switch from the box)?
When the switch is moved to the correct place and rebooted, it would get the correct VLAN info via VTP.
Thank you for the suggestion, but I'm involved in preparing scenario's for maintenance staff regarding replacement of a defective switch by a spare switch.
As the network is split up in several VTP domains (due to restrictions on number of VLANs supported in c2950-12 switches), it is not possible to preconfigure the spare switch with vtp information.
I had hoped to be able to fetch the vtp configuration from CiscoWorks (RME) but this only states that VLAN information has successfully been fetched from the switches in the network. I do not seem to be able to save this information in a file suitable for configuration.
Hence my fallback to some predefined configuration files (one per vtp domain) to be loaded after the configuration has been loaded.
are only C2950 and C3550 involved?
If yes, there are
vtp domain .....
vtp mode ......
config command available since 12.1(9)EA1.
So I would just let the maintenance staff to configure the IP address of the spare switch and connect it to the network, load the correct config including vtp domain and mode info from RME to the startup config, reload the switch and let VTP to spread the VLAN info.
Thank you, your suggestion will probably solve the problem.
I was thinking of a way in which CiscoWorks RME intervention was not necessary, as the CiscoWorks site is not always manned.
However, I have asked the responsible for the firewall environment to open up access to the CiscoWorks server from the outside, (only for a limited set of people), and with http proxying.
This should enable me to log in from home and follow-up the replacement with the configuration download from RME.
I consider your solution the end of this conversation.
Paul De Valck