Friday, June 1, 2018

Configuring VTP Version 3, MST and EtherChannel on a Cisco Switch

The key benefits for running VTP Version 3 on a Cisco switch environment are:
  • Encrypted VTP password
  • Backward compatibility with VTP version 2
  • Protection mechanism from overwriting a wrong VLAN database with higher revision number 
  • Supports IEEE 802.1Q Extended VLANs 1006 - 4094
  • Supports Private VLAN (PVLAN) propagation
  • Supports Multiple Spanning Tree (MST) propagation
  • Supports Remote SPAN (RSPAN)  

Switch#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Switch(config)#hostname SW01
SW01(config)#vtp version ?
  <1-3>  Set the administrative domain VTP version number

SW01config)#vtp version 3      // NEED TO CONFIGURE VTP DOMAIN FIRST
Cannot set the version to 3 because domain name is not configured
SW01(config)#vtp domain ?
  WORD  The ascii name for the VTP administrative domain.

SW01(config)#vtp domain vtp domain CORE
Changing VTP domain name from NULL to CORE

SW01(config)#vtp mode server ?
  client       Set the device to client mode.
  off          Set the device to off mode.
  server       Set the device to server mode.
  transparent  Set the device to transparent mode.

SW01(config)#vtp mode server ?
  mst      Set the mode for MST VTP instance.
  unknown  Set the mode for unknown VTP instances.
  vlan     Set the mode for VLAN VTP instance.
  <cr>

SW01(config)#vtp mode server mst     // ONLY SUPPORTED IN VTPv3
Device MST VTP mode cannot be changed in VTP version 1

SW01(config)#end
SW01#vtp primary ?
  force  Do not check for conflicting devices
  mst    MST feature
  vlan   Vlan feature
  <cr>

SW01#vtp primary     // NOT STORED IN NVRAM; NEED TO RE-CONFIGURE AGAIN WHEN SWITCH REBOOTS; SECONDARY VTP SERVER/SWITCH DOESN'T AUTOMATICALLY BECOME VTP PRIMARY SERVER
System can be made Primary Server only in VTP version 3

SW01#vtp primary mst
System can be made Primary Server only in VTP version 3

SW01#show vtp status
VTP Version capable             : 1 to 3
VTP version running             : 1
VTP Domain Name                 : CORE
VTP Pruning Mode                : Disabled
VTP Traps Generation            : Disabled
Device ID                       : 003c.109f.4f80
Configuration last modified by 0.0.0.0 at 0-0-00 00:00:00
Local updater ID is 0.0.0.0 (no valid interface found)

Feature VLAN:
--------------
VTP Operating Mode                : Server
Maximum VLANs supported locally   : 1005
Number of existing VLANs          : 5
Configuration Revision            : 0
MD5 digest                        : 0x15 0x89 0x9A 0xAE 0xF4 0x42 0x44 0x7D
                                    0xCA 0x15 0x45 0x7A 0x3B 0xA4 0x2E 0x64

SW01#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
SW01(config)#spanning-tree mode ?
  mst         Multiple spanning tree mode
  pvst        Per-Vlan spanning tree mode
  rapid-pvst  Per-Vlan rapid spanning tree mode

SW01(config)#spanning-tree mode mst
SW01(config)#vtp version 3
SW01(config)#
*Feb  7 03:22:33.292: %SW_VLAN-6-OLD_CONFIG_FILE_READ: Old version 2 VLAN configuration file detected and read OK.  Version 3 files will be written in the future.

SW01(config)#do show vtp status
VTP Version capable             : 1 to 3
VTP version running             : 3
VTP Domain Name                 : CORE
VTP Pruning Mode                : Disabled
VTP Traps Generation            : Disabled
Device ID                       : 003c.109f.4f80

Feature VLAN:
--------------
VTP Operating Mode                : Server
Number of existing VLANs          : 5
Number of existing extended VLANs : 0
Maximum VLANs supported locally   : 4096
Configuration Revision            : 0
Primary ID                        : 0000.0000.0000
Primary Description               :
MD5 digest                        :


Feature MST:
--------------
VTP Operating Mode                : Transparent


Feature UNKNOWN:
--------------
VTP Operating Mode                : Transparent


SW01(config)#vtp mode server mst
Setting device to VTP Server mode for MST.
SW01(config)#end

SW01#vtp primary force       // ENTER IN PRIVILEGE MODE; ONLY ONE PRIMARY SERVER IS ALLOWED; PRIMARY SERVER STATUS LOST WHEN SWITCH REBOOTS
This system is becoming primary server for feature vlan
SW01#
*Feb  7 03:23:34.402: %SW_VLAN-4-VTP_PRIMARY_SERVER_CHG: 003c.109f.4abc has become the primary server for the VLAN VTP feature

SW01#vtp primary mst
This system is becoming primary server for feature mst
No conflicting VTP3 devices found.
Do you want to continue? [confirm]      // PRESS ENTER
SW01#
*Feb  7 03:24:06.016: %SW_VLAN-4-VTP_PRIMARY_SERVER_CHG: 003c.109f.4f80 has become the primary server for the MST VTP feature

SW01(config)#spanning-tree ?
  backbonefast  Enable BackboneFast Feature
  etherchannel  Spanning tree etherchannel specific configuration
  extend        Spanning Tree 802.1t extensions
  logging       Enable Spanning tree logging
  loopguard     Spanning tree loopguard options
  mode          Spanning tree operating mode
  mst           Multiple spanning tree configuration
  pathcost      Spanning tree pathcost options
  portfast      Spanning tree portfast options
  transmit      STP transmit parameters
  uplinkfast    Enable UplinkFast Feature
  vlan          VLAN Switch Spanning Tree

SW01(config)#spanning-tree mst ?
  WORD           MST instance range, example: 0-3,5,7-9
  configuration  Enter MST configuration submode
  forward-time   Set the forward delay for the spanning tree
  hello-time     Set the hello interval for the spanning tree
  max-age        Set the max age interval for the spanning tree
  max-hops       Set the max hops value for the spanning tree

SW01(config)#spanning-tree mst configuration
SW01(config-mst)#?
  abort         Exit region configuration mode, aborting changes
  exit          Exit region configuration mode, applying changes
  instance      Map vlans to an MST instance
  name          Set configuration name
  no            Negate a command or set its defaults
  private-vlan  Set private-vlan synchronization
  revision      Set configuration revision number
  show          Display region configurations

SW01(config-mst)#name CORE
SW01(config-mst)#revison ?
  <0-65535>  Configuration revision number

SW01(config-mst)#revision 1
SW01(config-mst)#instance ?
  <0-4094>  MST instance id

SW01(config-mst)#instance 1 ?
  vlan  Range of vlans to add to the instance mapping

SW01(config-mst)#instance 1 vlan 2-4094    
SW01(config-mst)#exit
SW01(config)#spanning-tree mst 0-1 ?
  WORD           MST instance range, example: 0-3,5,7-9
  configuration  Enter MST configuration submode
  forward-time   Set the forward delay for the spanning tree
  hello-time     Set the hello interval for the spanning tree
  max-age        Set the max age interval for the spanning tree
  max-hops       Set the max hops value for the spanning tree

SW01(config)#spanning-tree mst 0-1 ?
  priority  Set the bridge priority for the spanning tree
  root      Configure switch as root

SW01(config)#spanning-tree mst 0-1 priority ?
  <0-61440>  bridge priority in increments of 4096

SW01(config)#spanning-tree mst 0-1 priority 4096     // SET TO LOWEST PRIORITY TO BECOME ROOT SWITCH

SW01#show spanning-tree mst configuration
Name      [CORE]
Revision  1     Instances configured 2

Instance  Vlans mapped
--------  ---------------------------------------------------------------------
0         1                      // MGMT VLAN; INSTANCE 0 CREATED BY DEFAULT
1         2-4094           // CUSTOMER VLAN
-------------------------------------------------------------------------------


This is the configuration for SW02.

SW02#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
SW02(config)#spanning-tree mode mst
SW02(config)#spanning-tree extend system-id
SW02(config)#spanning-tree mst 0-1 priority 8192      // SECONDARY ROOT SWITCH
SW02(config)#spanning-tree mst configuration
SW02(config-mst)# name CORE
SW02(config-mst)# revision 1
SW02(config-mst)# instance 1 vlan 2-4094
SW02(config-mst)#exit
SW02(config)#vtp domain CORE
Changing VTP domain name from NULL to CORE
SW02(config)#
*Feb  7 03:28:39.961: %SW_VLAN-6-VTP_DOMAIN_NAME_CHG: VTP domain name changed to CORE.
SW02(config)#vtp version 3
SW02(config)#
*Feb  7 03:28:46.010: %SW_VLAN-6-OLD_CONFIG_FILE_READ: Old version 2 VLAN configuration file detected and read OK.  Version 3
    files will be written in the future.
SW02(config)#vtp mode ?
  client       Set the device to client mode.
  off          Set the device to off mode.
  server       Set the device to server mode.
  transparent  Set the device to transparent mode.

SW02(config)#vtp mode server      // DEFAULT VTP MODE
Device mode already VTP Server for VLANS.


I've configured a Layer 2 EtherChannel trunk so VLANs configured on SW01 will automatically propagate to SW02.

SW02(config)#interface range GigabitEthernet1/0/47-48
SW02(config-if-range)#shutdown     // BEST PRACTICE IS TO SHUTDOWN FIRST THE PORTS TO BE CONFIGURED FOR ETHERCHANNEL
SW02(config-if-range)# description ### Trunk: SW01 ###
SW02(config-if-range)# switchport mode trunk
SW02(config-if-range)# channel-group 1 mode desirable
Creating a port-channel interface Port-channel 1

SW02(config-if-range)# no shutdown
SW02(config-if-range)#
SW02(config-if-range)#
*Feb  7 03:31:05.878: %LINK-3-UPDOWN: Interface GigabitEthernet1/0/47, changed state to down
*Feb  7 03:31:05.878: %LINK-3-UPDOWN: Interface GigabitEthernet1/0/48, changed state to down
SW02(config-if-range)#interface Port-channel1        // LAYER 2 ETHERCHANNEL TRUNK
SW02(config-if)# description ### Trunk: SW01 ###
SW02(config-if)# switchport mode trunk
SW02(config-if)#end

SW02#sh run interface g01/0/47
Building configuration...

Current configuration : 133 bytes
!
interface GigabitEthernet1/0/47
 description ### Trunk: SW01 ###
 switchport mode trunk
 channel-group 1 mode desirable
end

SW02#sh run interface g1/0/48
Building configuration...

Current configuration : 133 bytes
!
interface GigabitEthernet1/0/48
 description ### Trunk: SW01 ###
 switchport mode trunk
 channel-group 1 mode desirable
end

SW02#sh run interface po1
Building configuration...

Current configuration : 93 bytes
!
interface Port-channel1
 description ### Trunk: SW01 ###
 switchport mode trunk
end

SW02#show vtp ?
  counters   VTP statistics
  devices    VTP3 domain device information
  interface  VTP interface status and configuration
  password   VTP password
  status     VTP domain status

SW02#show vtp devices
Retrieving information from the VTP domain. Waiting for 5 seconds.

VTP Feature  Conf Revision Primary Server Device ID      Device Description   
------------ ---- -------- -------------- -------------- ----------------------
VLAN         No   2        003c.109f.4f80=003c.109f.4abc   SW01           
MST            Yes  2        003c.109f.4f80=003c.109f.4abc   SW01           

SW02#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
SW02(config)#vlan 100
VTP VLAN configuration not allowed when device is not the primary server for vlan database.     ONLY VTP PRIMARY SERVER CAN ADD/REMOVE VLANS

SW01(config)#interface range GigabitEthernet1/0/47-48
SW01(config-if-range)#shutdown
SW01(config-if-range)#description ### Trunk: SW02 ###
SW01(config-if-range)#switchport mode trunk
SW01(config-if-range)#channel-group 1 mode desirable
Creating a port-channel interface Port-channel 1

SW01(config-if-range)# no shutdown
SW01(config-if-range)#interface Port-channel1
SW01(config-if)# description ### Trunk: SW02 ###
SW01(config-if)# switchport mode trunk
SW01(config-if)#
*Feb  7 03:33:27.837: %LINK-3-UPDOWN: Interface GigabitEthernet1/0/47, changed state to down
*Feb  7 03:33:27.837: %LINK-3-UPDOWN: Interface GigabitEthernet1/0/48, changed state to down
*Feb  7 03:33:30.540: %LINK-3-UPDOWN: Interface GigabitEthernet1/0/47, changed state to up
*Feb  7 03:33:30.698: %LINK-3-UPDOWN: Interface GigabitEthernet1/0/48, changed state to up
*Feb  7 03:33:34.369: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0/47, changed state to up
*Feb  7 03:33:34.499: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0/48, changed state to up
*Feb  7 03:33:35.369: %LINK-3-UPDOWN: Interface Port-channel1, changed state to up
SW01(config-if)#
*Feb  7 03:33:36.367: %LINEPROTO-5-UPDOWN: Line protocol on Interface Port-channel1, changed state to up

SW01#show run interface g1/0/47
Building configuration...

Current configuration : 133 bytes
!
interface GigabitEthernet1/0/47
 description ### Trunk: SW02 ###
 switchport mode trunk
 channel-group 1 mode desirable
end

SW01#show run interface g1/0/48
Building configuration...

Current configuration : 133 bytes
!
interface GigabitEthernet1/0/48
 description ### Trunk: SW02 ###
 switchport mode trunk
 channel-group 1 mode desirable
end

SW01#show run interface p01
Building configuration...

Current configuration : 93 bytes
!
interface Port-channel1
 description ### Trunk: SW02 ###
 switchport mode trunk
end

SW01#show etherchannel ?
  <1-128>       Channel group number
  detail        Detail information
  load-balance  Load-balance/frame-distribution scheme among ports in
                port-channel
  port          Port information
  port-channel  Port-channel information
  protocol      protocol enabled
  summary       One-line summary per channel-group
  |             Output modifiers
  <cr>

SW01#show etherchannel summary
Flags:  D - down        P - bundled in port-channel
        I - stand-alone s - suspended
        H - Hot-standby (LACP only)
        R - Layer3      S - Layer2
        U - in use      f - failed to allocate aggregator

        M - not in use, minimum links not met
        u - unsuitable for bundling
        w - waiting to be aggregated
        d - default port


Number of channel-groups in use: 1
Number of aggregators:           1

Group  Port-channel  Protocol    Ports
------+-------------+-----------+-----------------------------------------------
1      Po1(SU)         PAgP      Gi1/0/47(P) Gi1/0/48(P)

SW01#
*Feb  7 03:34:29.880: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0/47, changed state to down       // I REMOVED THE CABLE ON G1/0/47
*Feb  7 03:34:30.879: %LINK-3-UPDOWN: Interface GigabitEthernet1/0/47, changed state to down

SW01#show etherchannel summary
Flags:  D - down        P - bundled in port-channel
        I - stand-alone s - suspended
        H - Hot-standby (LACP only)
        R - Layer3      S - Layer2
        U - in use      f - failed to allocate aggregator

        M - not in use, minimum links not met
        u - unsuitable for bundling
        w - waiting to be aggregated
        d - default port

Number of channel-groups in use: 1
Number of aggregators:           1

Group  Port-channel  Protocol    Ports
------+-------------+-----------+-----------------------------------------------
1      Po1(SU)         PAgP      Gi1/0/47(D) Gi1/0/48(P)

SW01#show cdp neighbor
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
                  S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone,
                  D - Remote, C - CVTA, M - Two-port Mac Relay

Device ID        Local Intrfce     Holdtme    Capability  Platform  Port ID
SW02            Gig 1/0/48        177              S I   WS-C3850- Gig 1/0/48

Total cdp entries displayed : 1

SW01#
*Feb  7 03:34:56.207: %LINK-3-UPDOWN: Interface GigabitEthernet1/0/47, changed state to up    // PUT BACK CABLE ON G1/0/47
*Feb  7 03:35:00.050: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0/47, changed state to up

SW01#show etherchannel summary
Flags:  D - down        P - bundled in port-channel
        I - stand-alone s - suspended
        H - Hot-standby (LACP only)
        R - Layer3      S - Layer2
        U - in use      f - failed to allocate aggregator

        M - not in use, minimum links not met
        u - unsuitable for bundling
        w - waiting to be aggregated
        d - default port


Number of channel-groups in use: 1
Number of aggregators:           1

Group  Port-channel  Protocol    Ports
------+-------------+-----------+-----------------------------------------------
1      Po1(SU)         PAgP      Gi1/0/47(P) Gi1/0/48(P)

SW01#show cdp neighbor
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
                  S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone,
                  D - Remote, C - CVTA, M - Two-port Mac Relay

Device ID        Local Intrfce     Holdtme    Capability  Platform  Port ID
SW02            Gig 1/0/47        177              S I   WS-C3850- Gig 1/0/47
SW02            Gig 1/0/48        154              S I   WS-C3850- Gig 1/0/48

Total cdp entries displayed : 2