Sunday, May 25, 2008

Passing VTP advertisements through a VTP V2 transparent switch

I was sure that i had it working in the past, but recently Antonie Henning made me rethink about it:

Yes,all the books and doccd says this should work. I have tried different combinations. From making all devices V2, to only the transparent sw V2 and the other V1. Reloading the switches after making changes. Making the 3550 the transparent switch to making a 3560 the transparent switch. Also tried dot1q and isl trunking.

According to Maxim Kurushkin from IE:
Yes. Wrong description on Cisco site.
I have opened Cisco TAC and Cisco has answered that “VTP transparent switch with VTP version 2 also ignores the VTP advertisement if it has different VTP domain name”


So i gave it a quick test:


SW1 <===> SW2 <===> SW3


All connections are hardcoded 802.1q trunks with DTP disabled. We don't want DTP messing around with trunk forming.

SW1 is VTP server in domain DOMAIN-A
SW2 is VTP transparent in domain DOMAIN-B
SW3 is VTP client in domain DOMAIN-A


SW1#sh vtp status
VTP Version : 2
Configuration Revision : 1
Maximum VLANs supported locally : 36
Number of existing VLANs : 5
VTP Operating Mode : Server
VTP Domain Name : DOMAIN-A
VTP Pruning Mode : Disabled
VTP V2 Mode : Disabled
VTP Traps Generation : Disabled
MD5 digest : 0x7F 0x8B 0x11 0xB1 0x95 0xC3 0x9D 0xE5
Configuration last modified by 0.0.0.0 at 3-1-02 00:05:45
Local updater ID is 0.0.0.0 (no valid interface found)

SW2#sh vtp status
VTP Version : 2
Configuration Revision : 0
Maximum VLANs supported locally : 36
Number of existing VLANs : 5
VTP Operating Mode : Transparent
VTP Domain Name : DOMAIN-B
VTP Pruning Mode : Disabled
VTP V2 Mode : Disabled
VTP Traps Generation : Disabled
MD5 digest : 0xEC 0xD4 0xED 0x49 0x32 0xEC 0x9E 0x41
Configuration last modified by 0.0.0.0 at 3-1-02 00:29:50

SW3
#sh vtp status
VTP Version : 2
Configuration Revision : 1
Maximum VLANs supported locally : 36
Number of existing VLANs : 5
VTP Operating Mode : Client
VTP Domain Name : DOMAIN-A
VTP Pruning Mode : Disabled
VTP V2 Mode : Disabled
VTP Traps Generation : Disabled
MD5 digest : 0x7F 0x8B 0x11 0xB1 0x95 0xC3 0x9D 0xE5
Configuration last modified by 0.0.0.0 at 3-1-02 00:05:45


While SW2 is running in V1 mode (SW1 & SW3 versions do not have any effect), VTP advertisements from SW1 and SW3 should be dropped, because they are in a different domain.

Using "debug sw-vlan vtp events/packets", we can see that this is indeed happening:


SW1#
VTP LOG RUNTIME: Transmit vtp summary, domain DOMAIN-A, rev 1, followers 0, tlv blk size 5 (inc #tlv field),



SW2#
VTP LOG RUNTIME: Dropping packet received on trunk Fa1/0 - not in domain DOMAIN-A

VTP LOG RUNTIME: Dropping packet received on trunk Fa1/1 - not in domain DOMAIN-A



SW3#
VTP LOG RUNTIME: Transmit vtp summary, domain DOMAIN-A, rev 1, followers 0, tlv blk size 5 (inc #tlv field),


We now change SW2 to V2 mode :


SW2#conf t
Enter configuration commands, one per line. End with CNTL/Z.
SW2(config)#vtp version 2
SW2(config)#^Z
SW2#

SW2#sh vtp status
VTP Version : 2
Configuration Revision : 0
Maximum VLANs supported locally : 36
Number of existing VLANs : 5
VTP Operating Mode : Transparent
VTP Domain Name : DOMAIN-B
VTP Pruning Mode : Disabled
VTP V2 Mode : Enabled
VTP Traps Generation : Disabled
MD5 digest : 0x05 0x0E 0x89 0xDC 0xAA 0x67 0x21 0xC2
Configuration last modified by 0.0.0.0 at 3-1-02 00:35:27


and we check the debugs again (VTP sends advertisements every 5', so you might need to wait a little) :


SW1#
VTP LOG RUNTIME: Transmit vtp summary, domain DOMAIN-A, rev 1, followers 0, tlv blk size 5 (inc #tlv field),



SW2#
VTP LOG RUNTIME: Relaying packet received on trunk Fa1/0 - in TRANSPARENT MODE (nc = false)



SW3#
VTP LOG RUNTIME: Summary packet received, domain = DOMAIN-A, rev = 1, followers = 0, length 77, trunk Fa1/1


This time VTP messages are relayed out all trunk ports. We also create a new vlan on SW1 in order to force the generation of a new VTP message:


SW1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
SW1(config)#vlan 100
SW1(config-vlan)#^Z
SW1#
VTP LOG RUNTIME: Transmit vtp summary, domain DOMAIN-A, rev 2, followers 1, tlv blk size 5 (inc #tlv field),



SW2#
VTP LOG RUNTIME: Relaying packet received on trunk Fa1/0 - in TRANSPARENT MODE (nc = false)



SW3#
VTP LOG RUNTIME: Summary packet received, domain = DOMAIN-A, rev = 2, followers = 1, length 77, trunk Fa1/1


Yep, everything is working as expected (configuration revision got increased by 1):


SW1#sh vtp status
VTP Version : 2
Configuration Revision : 2
Maximum VLANs supported locally : 36
Number of existing VLANs : 6
VTP Operating Mode : Server
VTP Domain Name : DOMAIN-A
VTP Pruning Mode : Disabled
VTP V2 Mode : Disabled
VTP Traps Generation : Disabled
MD5 digest : 0xF0 0x70 0x20 0xF6 0x98 0x76 0xF4 0xEB
Configuration last modified by 0.0.0.0 at 3-1-02 00:43:18
Local updater ID is 0.0.0.0 (no valid interface found)


SW2#sh vtp status
VTP Version : 2
Configuration Revision : 0
Maximum VLANs supported locally : 36
Number of existing VLANs : 5
VTP Operating Mode : Transparent
VTP Domain Name : DOMAIN-B
VTP Pruning Mode : Disabled
VTP V2 Mode : Enabled
VTP Traps Generation : Disabled
MD5 digest : 0x05 0x0E 0x89 0xDC 0xAA 0x67 0x21 0xC2
Configuration last modified by 0.0.0.0 at 3-1-02 00:35:27


SW3#sh vtp status
VTP Version : 2
Configuration Revision : 2
Maximum VLANs supported locally : 36
Number of existing VLANs : 6
VTP Operating Mode : Client
VTP Domain Name : DOMAIN-A
VTP Pruning Mode : Disabled
VTP V2 Mode : Disabled
VTP Traps Generation : Disabled
MD5 digest : 0xF0 0x70 0x20 0xF6 0x98 0x76 0xF4 0xEB
Configuration last modified by 0.0.0.0 at 3-1-02 00:43:18



Update 17 June 2008
: 2 bugs were identified regarding the above. The latest correct behavior is to drop VTP messages of different domain. More details will follow.

5 comments:

  1. Tassos, that is correct. This does work on the older switches, but not on the latest code.
    http://last40days.wordpress.com/2008/05/26/15-days-to-go/

    ReplyDelete
  2. The before output is showing all 3 switches in VTP v2.

    Raj

    ReplyDelete
  3. @Antonie,

    You're right. I tried it on some 3750s and the v2 transparent switch didn't pass the vtp advertisements.
    I have opened a tac case in order to have all the documents corrected or the behavior fixed.


    @Anonymous,

    The "2" you're seeing at the 1st line of "sh vtp status" shows whether VTP v2 is supported or not.

    ReplyDelete
  4. Update 17 June 2008: 2 bugs were identified regarding the above. The latest correct behavior is to drop VTP messages of different domain. More details will follow.

    ReplyDelete
  5. Update 10 July 2008:
    A new bug was opened, regarding NM16-ESW and VTPv2.

    ReplyDelete

 
Creative Commons License
This work is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 United States License.
Creative Commons License
This work is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 Greece License.