Monday, October 14, 2013

VLAN Trunking Protocol (VTP) Lab

After successfully setting up spanning tree from my previous blog, it's now time for some Layer 2 VLAN action. Refer to the updated network diagram used for this scenario.


A switch operates in VTP server mode by default. We configure SW2 in client mode with a VTP domain name of LAGURA (case sensitive), and a password of cisco. We verify using the show vtp status command. Notice that we can't add any VLANs under this mode.

The maximum number of  supported VLANs also depends on the switch platform. A Cisco Catalyst 2940 switch (SW2) supports up to 128 VLANs, a 3560 (SW1) supports up to1005 and a 2960 (SW3) supports up to 255. All of my switch are 8-port device.

SW2#show vtp status
VTP Version                     : 2
Configuration Revision          : 0
Maximum VLANs supported locally : 128
Number of existing VLANs        : 5
VTP Operating Mode              : Server
VTP Domain Name                 :
VTP Pruning Mode                : Disabled
VTP V2 Mode                     : Disabled
VTP Traps Generation            : Disabled
MD5 digest                      : 0x57 0xCD 0x40 0x65 0x63 0x59 0x47 0xBD
Configuration last modified by 0.0.0.0 at 0-0-00 00:00:00
Local updater ID is 0.0.0.0 (no valid interface found)
SW2#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
SW2(config)#vtp domain LAGURA
Changing VTP domain name from NULL to LAGURA
SW2(config)#vtp mode client
Setting device to VTP CLIENT mode.
SW2(config)#vtp password cisco
Setting device VLAN database password to cisco
SW2(config)#vlan 10
VTP VLAN configuration not allowed when device is in CLIENT mode.



SW1 and SW3 automatically update its VTP domain name to LAGURA after receiving a VTP advertisement from SW2. We then configure SW3 to operate in VTP transparent mode. Under this mode, the switch doesn't advertise its VLAN and have local significance only. We verify this by issuing a show vlan on adjacent switches.

SW1#show vtp status
VTP Version                     : 2
Configuration Revision          : 0
Maximum VLANs supported locally : 1005
Number of existing VLANs        : 5
VTP Operating Mode              : Server
VTP Domain Name                 : LAGURA
VTP Pruning Mode                : Disabled
VTP V2 Mode                     : Disabled
VTP Traps Generation            : Disabled
MD5 digest                      : 0x57 0xCD 0x40 0x65 0x63 0x59 0x47 0xBD
Configuration last modified by 0.0.0.0 at 0-0-00 00:00:00
Local updater ID is 0.0.0.0 (no valid interface found)


SW3#show vtp status
VTP Version                     : running VTP1 (VTP2 capable)   // DEFAULT VERSION
Configuration Revision          : 0
Maximum VLANs supported locally : 255
Number of existing VLANs        : 5
VTP Operating Mode              : Server
VTP Domain Name                 : LAGURA
VTP Pruning Mode                : Disabled
VTP V2 Mode                     : Disabled
VTP Traps Generation            : Disabled
MD5 digest                      : 0x57 0xCD 0x40 0x65 0x63 0x59 0x47 0xBD
*** MD5 digest checksum mismatch on trunk: Fa0/2 ***
Configuration last modified by 0.0.0.0 at 0-0-00 00:00:00
Local updater ID is 0.0.0.0 (no valid interface found)

SW3#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
SW3(config)#vtp mode transparent
Setting device to VTP TRANSPARENT mode.
SW3(config)#do show vtp status
VTP Version                     : running VTP1 (VTP2 capable)
Configuration Revision          : 0
Maximum VLANs supported locally : 255
Number of existing VLANs        : 5
VTP Operating Mode              : Transparent
VTP Domain Name                 : LAGURA
VTP Pruning Mode                : Disabled
VTP V2 Mode                     : Disabled
VTP Traps Generation            : Disabled
MD5 digest                      : 0x57 0xCD 0x40 0x65 0x63 0x59 0x47 0xBD
*** MD5 digest checksum mismatch on trunk: Fa0/2 ***
Configuration last modified by 0.0.0.0 at 0-0-00 00:00:00
SW3(config)#vlan 99
SW3(config-vlan)#name MARKETING
SW3(config-vlan)#end
*Mar  1 00:19:49.370: %SYS-5-CONFIG_I: Configured from console by consolean
SW3#show vlan

VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
1    default                          active    Fa0/3, Fa0/4, Fa0/5, Fa0/6
                                                Fa0/7, Fa0/8, Gi0/1
99   MARKETING                        active
1002 fddi-default                     act/unsup
1003 token-ring-default               act/unsup
1004 fddinet-default                  act/unsup
1005 trnet-default                    act/unsup

VLAN Type  SAID       MTU   Parent RingNo BridgeNo Stp  BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
1    enet  100001     1500  -      -      -        -    -        0      0
99   enet  100099     1500  -      -      -        -    -        0      0
1002 fddi  101002     1500  -      -      -        -    -        0      0
1003 tr    101003     1500  -      -      -        -    -        0      0
1004 fdnet 101004     1500  -      -      -        ieee -        0      0
1005 trnet 101005     1500  -      -      -        ibm  -        0      0

Remote SPAN VLANs
------------------------------------------------------------------------------


Primary Secondary Type              Ports
------- --------- ----------------- ------------------------------------------


SW1#show vlan

VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
1    default                          active    Fa0/3, Fa0/4, Fa0/5, Fa0/6
                                                Fa0/7, Fa0/8, Gi0/1
1002 fddi-default                     act/unsup
1003 token-ring-default               act/unsup
1004 fddinet-default                  act/unsup
1005 trnet-default                    act/unsup

VLAN Type  SAID       MTU   Parent RingNo BridgeNo Stp  BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
1    enet  100001     1500  -      -      -        -    -        0      0
1002 fddi  101002     1500  -      -      -        -    -        0      0
1003 tr    101003     1500  -      -      -        -    -        0      0
1004 fdnet 101004     1500  -      -      -        ieee -        0      0
1005 trnet 101005     1500  -      -      -        ibm  -        0      0

Remote SPAN VLANs
------------------------------------------------------------------------------


Primary Secondary Type              Ports
------- --------- ----------------- ------------------------------------------


We can now start adding VLANs on the VTP server. After creating two VLANs, the configuration revision number incremented by 2 and number of existing VLANs increased to 7. Also notice that VLANs didn't replicate to SW3 since it is in transparent mode.

SW1#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
SW1(config)#vlan 10
SW1(config-vlan)#name SALES
SW1(config-vlan)#vlan 20
SW1(config-vlan)#name IT
SW1(config-vlan)#end
00:21:18: %SYS-5-CONFIG_I: Configured from console by console         
SW1#show vlan

VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
1    default                          active    Fa0/3, Fa0/4, Fa0/5, Fa0/6
                                                Fa0/7, Fa0/8, Gi0/1
10   SALES                            active
20   IT                               active
1002 fddi-default                     act/unsup
1003 token-ring-default               act/unsup
1004 fddinet-default                act/unsup
1005 trnet-default                    act/unsup

VLAN Type  SAID       MTU   Parent RingNo BridgeNo Stp  BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
1    enet  100001     1500  -      -      -        -    -        0      0
10   enet  100010     1500  -      -      -        -    -        0      0
20   enet  100020     1500  -      -      -        -    -        0      0
1002 fddi  101002     1500  -      -      -        -    -        0      0
1003 tr    101003     1500  -      -      -        -    -        0      0
1004 fdnet 101004     1500  -      -      -        ieee -        0      0
1005 trnet 101005     1500  -      -      -        ibm  -        0      0

Remote SPAN VLANs


Primary Secondary Type              Ports
------- --------- ----------------- ------------------------------------------

SW1#show vtp status
VTP Version                     : 2
Configuration Revision          : 2
Maximum VLANs supported locally : 1005
Number of existing VLANs        : 7
VTP Operating Mode              : Server
VTP Domain Name                 : LAGURA
VTP Pruning Mode                : Disabled
VTP V2 Mode                     : Disabled
VTP Traps Generation            : Disabled
MD5 digest                      : 0x17 0xC7 0x66 0x72 0xBE 0xF9 0x85 0x5E
Configuration last modified by 0.0.0.0 at 3-1-93 00:21:18
Local updater ID is 0.0.0.0 (no valid interface found)


SW3#show vtp status
VTP Version                     : running VTP1 (VTP2 capable)
Configuration Revision          : 0
Maximum VLANs supported locally : 255
Number of existing VLANs        : 6    // INCREMENTED BY 1 AFTER CREATING VLAN 99
VTP Operating Mode              : Transparent
VTP Domain Name                 : LAGURA
VTP Pruning Mode                : Disabled
VTP V2 Mode                     : Disabled
VTP Traps Generation            : Disabled
MD5 digest                      : 0xB4 0xF5 0xE2 0x6E 0xC4 0x17 0x0A 0x8A
*** MD5 digest checksum mismatch on trunk: Fa0/2 ***
Configuration last modified by 0.0.0.0 at 0-0-00 00:00:00
 SW3#show vlan

VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
1    default                          active    Fa0/3, Fa0/4, Fa0/5, Fa0/6
                                                Fa0/7, Fa0/8, Gi0/1
99   MARKETING                        active
1002 fddi-default                     act/unsup
1003 token-ring-default               act/unsup
1004 fddinet-default                  act/unsup
1005 trnet-default                    act/unsup

VLAN Type  SAID       MTU   Parent RingNo BridgeNo Stp  BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
1    enet  100001     1500  -      -      -        -    -        0      0
99   enet  100099     1500  -      -      -        -    -        0      0
1002 fddi  101002     1500  -      -      -        -    -        0      0
1003 tr    101003     1500  -      -      -        -    -        0      0
1004 fdnet 101004     1500  -      -      -        ieee -        0      0
1005 trnet 101005     1500  -      -      -        ibm  -        0      0

Remote SPAN VLANs
------------------------------------------------------------------------------


Primary Secondary Type              Ports
------- --------- ----------------- ------------------------------------------


I've observed the VLANs didn't replicate to SW2, so I went troubleshooting.

SW2#show vtp password
VTP Password: cisco

SW2#show vtp status
VTP Version                     : 2
Configuration Revision          : 0
Maximum VLANs supported locally : 128
Number of existing VLANs        : 5
VTP Operating Mode              : Client
VTP Domain Name                 : LAGURA
VTP Pruning Mode                : Disabled
VTP V2 Mode                     : Disabled
VTP Traps Generation            : Disabled
MD5 digest                      : 0x43 0x8E 0xC5 0xB3 0x8F 0xC3 0x52 0x93
Configuration last modified by 0.0.0.0 at 0-0-00 00:00:00
SW2#show vlan

VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
1    default                          active    Fa0/3, Fa0/4, Fa0/5, Fa0/6
                                                Fa0/7, Fa0/8, Gi0/1
1002 fddi-default                     act/unsup
1003 token-ring-default               act/unsup
1004 fddinet-default                  act/unsup
1005 trnet-default                    act/unsup

VLAN Type  SAID       MTU   Parent RingNo BridgeNo Stp  BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
1    enet  100001     1500  -      -      -        -    -        0      0
1002 fddi  101002     1500  -      -      -        -    -        0      0
1003 tr    101003     1500  -      -      -        -    -        0      0
1004 fdnet 101004     1500  -      -      -        ieee -        0      0
1005 trnet 101005     1500  -      -      -        ibm  -        0      0

Remote SPAN VLANs
------------------------------------------------------------------------------


Primary Secondary Type              Ports
------- --------- ----------------- ------------------------------------------

SW2#show cdp neighbors
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
                  S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone

Device ID        Local Intrfce     Holdtme    Capability  Platform  Port ID
SW1              Fas 0/1            166          S I      WS-C3560-8Fas 0/1
SW3              Fas 0/2            135          S I      WS-C2960PDFas 0/2


I checked again and was confident that my VTP configurations for SW2 were correct. I also thought the VLAN database was corrupted. And sure enough the VLANs showed up afterwards (it took a while though). I've learned from a fellow blogger on his post that VTP indeed takes some time for VLANs to replicate. There's also a cool debug tip demonstrated.

I've also asked a Cisco Switching expert and told me that:

"By default, Catalyst switches issue summary advertisements in five-minute increments. Summary advertisements inform adjacent Catalysts of the current VTP domain name and the configuration revision number.

When the switch receives a summary advertisement packet, the switch compares the VTP domain name to its own VTP domain name. If the name is different, the switch simply ignores the packet. If the name is the same, the switch then compares the configuration revision to its own revision. If its own configuration revision is higher or equal, the packet is ignored. If it is lower, an advertisement request is sent. If you add a new switch in the network it takes 5 minutes so that it hears any advertisement from the server.

If you want the VLAN propagated immediately (means before the advertisements are generated and send again) then you need to create a vlan so that the revision number will change and the new switch will be updated, once the control checkpoints I just described passed."


SW2#show flash

Directory of flash:/

    2  -rwx         738  Mar 01 1993 01:16:13 +00:00  config.text
    4  drwx         192  Mar 01 1993 00:06:13 +00:00  c2940-i6k2l2q4-mz.121-22.EA10a
    3  -rwx         736  Mar 01 1993 01:16:06 +00:00  vlan.dat   // THIS IS WHERE VTP AND THE VLAN DATABASE IS STORED
  404  -rwx          24  Mar 01 1993 01:16:13 +00:00  private-config.text

7612416 bytes total (2191360 bytes free)

SW2#show vtp status
VTP Version                     : 2
Configuration Revision          : 2
Maximum VLANs supported locally : 128
Number of existing VLANs        : 7
VTP Operating Mode              : Client
VTP Domain Name                 : LAGURA
VTP Pruning Mode                : Disabled
VTP V2 Mode                     : Disabled
VTP Traps Generation            : Disabled
MD5 digest                      : 0x0B 0x33 0x0F 0x2D 0x8A 0xC3 0x8E 0x5E
Configuration last modified by 0.0.0.0 at 3-1-93 00:21:18

SW2#show vlan

VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
1    default                          active    Fa0/3, Fa0/4, Fa0/5, Fa0/6
                                                Fa0/7, Fa0/8, Gi0/1
10   SALES                            active
20   IT                               active
1002 fddi-default                     act/unsup
1003 token-ring-default               act/unsup
1004 fddinet-default                  act/unsup
1005 trnet-default                    act/unsup

VLAN Type  SAID       MTU   Parent RingNo BridgeNo Stp  BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
1    enet  100001     1500  -      -      -        -    -        0      0
10   enet  100010     1500  -      -      -        -    -        0      0
20   enet  100020     1500  -      -      -        -    -        0      0
1002 fddi  101002     1500  -      -      -        -    -        0      0
1003 tr    101003     1500  -      -      -        -    srb      0      0
1004 fdnet 101004     1500  -      -      -        ieee -        0      0
1005 trnet 101005     1500  -      -      -        ibm  -        0      0

Remote SPAN VLANs
------------------------------------------------------------------------------


Primary Secondary Type              Ports
------- --------- ----------------- ------------------------------------------