Friday, February 2, 2024

Cisco Switch VTP Version 3

The VLAN Trunking Protocol (VTP) version 3 is backwards compatible with version 2 but not with version 1. VTP version 3 supports Extended VLAN range (1006-4094), Private VLAN (PVLAN), Multiple Spanning Tree (MST), encrypt/hash VTP password and many more.

The main command for checking VTP info in a Cisco switch is show vtp status. The current VTP version is 1.

SW01#show vtp status

VTP Version capable             : 1 to 3

VTP version running             : 1

VTP Domain Name                 :

VTP Pruning Mode                : Disabled

VTP Traps Generation            : Disabled

Device ID                       : aabb.cc00.0200

Configuration last modified by 0.0.0.0 at 0-0-00 00:00:00

Local updater ID is 0.0.0.0 (no valid interface found)

 

Feature VLAN:

--------------

VTP Operating Mode                : Server

Maximum VLANs supported locally   : 1005

Number of existing VLANs          : 5

Configuration Revision            : 0

MD5 digest                        : 0x57 0xCD 0x40 0x65 0x63 0x59 0x47 0xBD

                                    0x56 0x9D 0x4A 0x3E 0xA5 0x69 0x35 0xBC

 

 

Before changing to VTP version 3, you'll need to set the VTP domain first.

 

SW01#configure terminal

Enter configuration commands, one per line.  End with CNTL/Z.

SW01(config)#vtp version ?

  <1-3>  Set the administrative domain VTP version number

 

SW01(config)#vtp version 3

Cannot set the version to 3 because domain name is not configured

SW01(config)#

SW01(config)#vtp domain LAB

Changing VTP domain name from NULL to LAB

SW01(config)#

SW01(config)#vtp version 3

SW01(config)#

SW01(config)#vlan 99

VTP VLAN configuration not allowed when device is not the primary server for vlan database.

SW01(config)#

SW01(config)#end

 

 

In order to add/create Layer 2 VLANs, set the switch to VTP Primary using the privilege EXEC command vtp primary.

 

SW01#vtp ?

  password  Set the password for the VTP administrative domain.

  primary   Make the system as the primary server

  pruning   Set the administrative domain to permit pruning.

  version   Set the adminstrative domain VTP version

 

SW01#vtp primary ?

  force  Do not check for conflicting devices

  mst    MST feature

  vlan   Vlan feature

  <cr>

 

SW01#vtp primary

This system is becoming primary server for feature vlan

No conflicting VTP3 devices found.

Do you want to continue? [confirm]

SW01#

*Jan 29 02:57:46.373: %SW_VLAN-4-VTP_PRIMARY_SERVER_CHG: aabb.cc00.0200 has become the primary server for the VLAN VTP feature

 

 

SW01#configure terminal

Enter configuration commands, one per line.  End with CNTL/Z.

SW01(config)#vlan 99

SW01(config-vlan)#name TEST

SW01(config-vlan)#end

 

SW01#show vtp status

VTP Version capable             : 1 to 3

VTP version running             : 3

VTP Domain Name                 : LAB

VTP Pruning Mode                : Disabled

VTP Traps Generation            : Disabled

Device ID                       : aabb.cc00.0200

 

Feature VLAN:

--------------

VTP Operating Mode                : Primary Server

Number of existing VLANs          : 6

Number of existing extended VLANs : 0

Maximum VLANs supported locally   : 4096

Configuration Revision            : 2

Primary ID                        : aabb.cc00.0200

Primary Description               : SW01

MD5 digest                        : 0x69 0x34 0x9F 0x61 0x0A 0xF0 0x29 0x1F

                                    0xAE 0xDB 0xFA 0x70 0xCA 0x10 0x50 0x35

 

 

Feature MST:

--------------

VTP Operating Mode                : Transparent

         

 

Feature UNKNOWN:

--------------

VTP Operating Mode                : Transparent

 

 

SW01#show vlan brief

 

VLAN Name                             Status    Ports

---- -------------------------------- --------- -------------------------------

1    default                          active    Et0/0, Et0/3, Et1/0, Et1/1

                                                Et1/2, Et1/3, Et2/0, Et2/1

                                                Et2/2, Et2/3, Et3/0, Et3/1

                                                Et3/2, Et3/3

99   TEST                             active   

1002 fddi-default                     act/unsup

1003 trcrf-default                    act/unsup

1004 fddinet-default                  act/unsup

1005 trbrf-default                    act/unsup

 

The VTP password is shown in plain text. In VTP version 3, you can "hide" or hash the password.

SW01#configure terminal

Enter configuration commands, one per line.  End with CNTL/Z.

SW01(config)#vtp password cisco123

Setting device VTP password to cisco123

SW01(config)#do show vtp password

VTP Password: cisco123

 

SW01(config)#vtp password ?

  WORD  The ascii password for the VTP administrative domain.

 

SW01(config)#vtp password cisco123 ?

  hidden  Set the VTP password hidden option

  secret  Specify the vtp password in encrypted form

  <cr>

 

SW01(config)#vtp password cisco123 hidden

Setting device VTP password 

SW01(config)#

SW01(config)#do sh vtp password         

VTP Password: DD9E88A11A75B21E42627A20F00FD980

 

 

If you're adding another switch, just copy/paste the hashed string and use the keyword secret.

 

SW02(config)#vtp password DD9E88A11A75B21E42627A20F00FD980 secret

 

No comments:

Post a Comment