The VLAN Trunking Protocol (VTP) version 3 is backwards compatible with version 2 but not with version 1. VTP version 3 supports Extended VLAN range (1006-4094), Private VLAN (PVLAN), Multiple Spanning Tree (MST), encrypt/hash VTP password and many more.
The main command for checking VTP info in a Cisco switch is show vtp status. The current VTP version is 1.
SW01#show vtp status
VTP Version capable : 1 to 3
VTP version running : 1
VTP Domain Name :
VTP Pruning Mode : Disabled
VTP Traps Generation : Disabled
Device ID : aabb.cc00.0200
Configuration last modified by 0.0.0.0 at 0-0-00 00:00:00
Local updater ID is 0.0.0.0 (no valid interface found)
Feature VLAN:
--------------
VTP Operating Mode : Server
Maximum VLANs supported locally : 1005
Number of existing VLANs : 5
Configuration Revision : 0
MD5 digest : 0x57 0xCD 0x40 0x65 0x63 0x59 0x47 0xBD
0x56 0x9D 0x4A 0x3E 0xA5 0x69 0x35 0xBC
Before changing to VTP version 3, you'll need to set the VTP domain first.
SW01#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
SW01(config)#vtp version ?
<1-3> Set the administrative domain VTP version number
SW01(config)#vtp version 3
Cannot set the version to 3 because domain name is not configured
SW01(config)#
SW01(config)#vtp domain LAB
Changing VTP domain name from NULL to LAB
SW01(config)#
SW01(config)#vtp version 3
SW01(config)#
SW01(config)#vlan 99
VTP VLAN configuration not allowed when device is not the primary server for vlan database.
SW01(config)#
SW01(config)#end
In order to add/create Layer 2 VLANs, set the switch to VTP Primary using the privilege EXEC command vtp primary.
SW01#vtp ?
password Set the password for the VTP administrative domain.
primary Make the system as the primary server
pruning Set the administrative domain to permit pruning.
version Set the adminstrative domain VTP version
SW01#vtp primary ?
force Do not check for conflicting devices
mst MST feature
vlan Vlan feature
<cr>
SW01#vtp primary
This system is becoming primary server for feature vlan
No conflicting VTP3 devices found.
Do you want to continue? [confirm]
SW01#
*Jan 29 02:57:46.373: %SW_VLAN-4-VTP_PRIMARY_SERVER_CHG: aabb.cc00.0200 has become the primary server for the VLAN VTP feature
SW01#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
SW01(config)#vlan 99
SW01(config-vlan)#name TEST
SW01(config-vlan)#end
SW01#show vtp status
VTP Version capable : 1 to 3
VTP version running : 3
VTP Domain Name : LAB
VTP Pruning Mode : Disabled
VTP Traps Generation : Disabled
Device ID : aabb.cc00.0200
Feature VLAN:
--------------
VTP Operating Mode : Primary Server
Number of existing VLANs : 6
Number of existing extended VLANs : 0
Maximum VLANs supported locally : 4096
Configuration Revision : 2
Primary ID : aabb.cc00.0200
Primary Description : SW01
MD5 digest : 0x69 0x34 0x9F 0x61 0x0A 0xF0 0x29 0x1F
0xAE 0xDB 0xFA 0x70 0xCA 0x10 0x50 0x35
Feature MST:
--------------
VTP Operating Mode : Transparent
Feature UNKNOWN:
--------------
VTP Operating Mode : Transparent
SW01#show vlan brief
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Et0/0, Et0/3, Et1/0, Et1/1
Et1/2, Et1/3, Et2/0, Et2/1
Et2/2, Et2/3, Et3/0, Et3/1
Et3/2, Et3/3
99 TEST active
1002 fddi-default act/unsup
1003 trcrf-default act/unsup
1004 fddinet-default act/unsup
1005 trbrf-default act/unsup
The VTP password is shown in plain text. In VTP version 3, you can "hide" or hash the password.
SW01#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
SW01(config)#vtp password cisco123
Setting device VTP password to cisco123
SW01(config)#do show vtp password
VTP Password: cisco123
SW01(config)#vtp password ?
WORD The ascii password for the VTP administrative domain.
SW01(config)#vtp password cisco123 ?
hidden Set the VTP password hidden option
secret Specify the vtp password in encrypted form
<cr>
SW01(config)#vtp password cisco123 hidden
Setting device VTP password
SW01(config)#
SW01(config)#do sh vtp password
VTP Password: DD9E88A11A75B21E42627A20F00FD980
If you're adding another switch, just copy/paste the hashed string and use the keyword secret.
SW02(config)#vtp password DD9E88A11A75B21E42627A20F00FD980 secret
No comments:
Post a Comment