00:00:00 - The VLAN trunking protocol is said by some to be, quote, the
00:00:06 - best thing sliced bread, end quote.
00:00:10 - Others claim that VTP, or the VLAN trunking protocol, is, quote,
00:00:16 - invented by terrorists to destroy networks around the world,
00:00:19 - end quote. So where are these two bipolar positions coming from
00:00:25 - on VTP? That's what we're going to talk about here We'll look
00:00:29 - at VTP, the good, the bad and the ugly. Then we'll get in depth
00:00:34 - into what VTP is all about, the modes, what VLAN pruning is,
00:00:38 - how that comes into play, VTP consideration. We'll set up VTP
00:00:42 - between our switches. And then we'll wrap up this whole VLAN
00:00:45 - subseries by talking about common VLAN issues.
00:00:50 - Here's the scoop. The goal of the VLAN trunking protocol is very
00:00:54 - simple. It's to ease your daily administrative burdens of creating
00:01:00 - VLANs. Now, first thing I've got to say about VTP is it was misnamed.
00:01:05 - I can't stand the name VLAN trunking protocol. Because it's not
00:01:10 - a trunking protocol. What are the two protocols we have? ISL,
00:01:15 - 80.21Q. That's it. Period. And ISL is going away. So there really
00:01:20 - is only one trunking protocol we use today. VLAN trunking protocol
00:01:24 - is not a trunking protocol, but what it is is a VLAN replication
00:01:30 - protocol. That's what it should have been called, VRP. Maybe
00:01:33 - that was taken. The way it works is all of your switches, when
00:01:37 - you pull them out of the box and get them connected up, start
00:01:40 - with this very simple system of VTP revision numbers. And that
00:01:44 - is the double edged sword of VTP. Its simplicity is what can
00:01:49 - kill it. Let me give you a demonstration. When you pull your
00:01:52 - switches out of the box, they only have one VLAN, and that is
00:01:55 - VLAN 1. Everybody's at VTP REV 0. So you log into this switch
00:02:01 - up here. Let me get my pen going. You log into this switch up
00:02:05 - here and type in: I want to create VLAN 10.
00:02:10 - So you type in VLAN 10. Enter. All of a sudden your switch goes,
00:02:14 - okay, VLAN changed, clink, VTP REV 1. Let me send a VTP update.
00:02:19 - Goes down to this one. Says, oh, VTP REV 1, REV 1, REV 1. They
00:02:24 - all flip on over to VTP REV 1 and suddenly VLAN 10 magically
00:02:29 - appears on all these switches. We add VLAN 20 up here. Add VLAN
00:02:36 - 20. VTP REV 2, REV 2, REV 2. Goes down to all of these different
00:02:40 - switches and they get revision 2 and add VLAN 20 to their database.
00:02:46 - Now, that's the end result of what we see. We actually see that
00:02:51 - taking place on our switches, but what we don't see is the technical
00:02:56 - details of how that happens behind the scenes. The switches replicate
00:03:02 - their VLAN database to each other, and anytime somebody has a
00:03:05 - later revision number, they're like, oh, great, new database.
00:03:08 - Totally better than mine. I will flush my database, everything
00:03:13 - that I know about, and replace it with yours. So swoosh, those
00:03:16 - two VLANs show up. This database gets flushed and replaced with
00:03:19 - this one. So if I delete VLAN 10, deleted, VTP REV 3, REV 3,
00:03:24 - REV 3, everybody flushes their databases and replaces it with
00:03:28 - the latest and greatest one. So that's the basics of how VTP
00:03:32 - works. Now, let me show you by the way, let me stop right there
00:03:36 - and emphasize the good before I get to the bad. The good side
00:03:41 - of VTP is, think of your organization, or if you have a very
00:03:46 - small company, think of a big one. How many switches do you think
00:03:50 - exist in, say, an enterprise organization? A campus network?
00:03:54 - Maybe 20
00:03:57 - on the very low end. Maybe 50. Maybe 100 different switches in
00:04:01 - all these different locations around the campus. And that's just
00:04:04 - getting started. Now, if I were to have to add a VLAN to all
00:04:08 - 100 switches, without VTP, what that means is I'm going to every
00:04:13 - single switch, sure it's via telenet, but who wants to telenet
00:04:16 - to 100 switches and adding VLAN 100 or whatever it is to every
00:04:20 - single switch in my organization. It can be painful. So VTP eases
00:04:24 - that load for me by just creating it once and it replicates it
00:04:28 - everywhere. That's the good side. The bad side is this: Let's
00:04:34 - say you finish watching the BCMSN series here and you're thinking
00:04:40 - this is awesome; I want to I'm getting into this. I'm going to
00:04:44 - build my own home lab. So you go on eBay and you're searching
00:04:48 - around and you're thinking: You know what, I can see a switch
00:04:51 - here. It says Cisco 2900 XL switch, buy it now price for $20.
00:04:56 - You're like, wow, and you look at the description and it says
00:04:59 - reputable seller used for years in dotcom companies, their loss,
00:05:04 - your gain and you know the eBay lingo. You're like, great, buy
00:05:08 - it now and you make your PayPal payment and it doesn't take long
00:05:12 - and all of a sudden this little switch shows up in the mail.
00:05:15 - And I'm telling you, it's an exciting time. You unbox the switch
00:05:18 - and you get into the switch, and one of my favorite things to
00:05:22 - do when I get stuff off of eBay is to do password recovery, because
00:05:26 - most of the time the people that sell stuff on eBay they don't
00:05:29 - even know what it is. They just like, hey, this looks cool, let's
00:05:32 - sell it on eBay. You log into the switch. It's got a password.
00:05:36 - That immediately should tell you there's a config on this from
00:05:39 - a company. So you do a password recovery on the switch and you
00:05:42 - start looking at their old config.
00:05:45 - I've done this a few times. I'm telling you, if you haven't done
00:05:48 - it, it's great. So you're scanning the config, and you actually
00:05:51 - see how the company's set up and you're all excited. So, anyway,
00:05:55 - you've got this switch at home and you're practicing on some
00:05:59 - labs and maybe it's VTP REV 1302.
00:06:03 - That's just, it's been a dotcom company for years. That's what
00:06:07 - it's at. And before long you're sitting there at home and you're
00:06:10 - like, oh, I gotta go to work. Like, well, I don't really do much
00:06:15 - at work anyway. And you know maybe I could take some of the downtime
00:06:20 - at the office to study and go after my Cisco certification. I'm
00:06:24 - going to bring the switch to work. You're bringing it to work
00:06:26 - and playing with it and creating VLANs and messing with spanning
00:06:30 - tree and learning all kinds of stuff. This story is going somewhere,
00:06:33 - by the way. And all of a sudden you have this brilliant idea.
00:06:38 - You think, you know what, I can make a real network here in my
00:06:44 - cubicle. I can take my switch, plug in a couple of laptops here
00:06:49 - into my switch or my desktop and my laptop or whatever the case
00:06:53 - is, and I can just grab a crossover cable and plug it right there
00:06:56 - into the port in my wall and have a real working network. So
00:07:00 - you do, you plug in that crossover cable and like this is going
00:07:04 - to be great. And all of a sudden you see Bob down the hall kind
00:07:06 - of stick his head up above the cubicle and Bob is like, hey,
00:07:10 - Jim, you able to get on the Internet? And Jim's like no, no,
00:07:16 - I can't. My e mail isn't even working. And as a side note, little
00:07:21 - side bar here, isn't it funny how in just about every business
00:07:25 - around the world, if the Internet goes down, immediately everybody
00:07:29 - knows and everybody panics. But like major servers, accounting
00:07:33 - databases, they can all go away and at least take them a little
00:07:36 - time to know. The moral of the story there, in the Cisco network
00:07:40 - you can hose up anything productive but just don't down the Internet
00:07:43 - access, and at least you've got some time before people start
00:07:46 - whining. So anyway, back to the story. Bob and Jim are above
00:07:50 - yeah, nothing's going on. Meanwhile, you're kind of unplugging
00:07:54 - your crossover cable and shoving everything in a file cabinet.
00:07:57 - Here's what happened. When you connected that crossover cable
00:08:01 - to the port in the wall, this switch, if it was able to negotiate
00:08:06 - a trunk with the other side, sent a VTP update and says, hey,
00:08:11 - everybody, I've got VTP REV 1302.
00:08:14 - And maybe on this switch you've got VLAN 100 and 200 that you've
00:08:18 - created. And this switch is sitting there and it goes: That's
00:08:22 - great. We're on VTP 3. It's like give me your database. So it
00:08:26 - takes that REV 1302, flushes its old database along with all
00:08:31 - its old VLANs. They all go away. All gone. And replace them with
00:08:37 - VLANs 100 and 200. It takes less than a second. It's very fast.
00:08:42 - And wham all the switches in the network lose their existing
00:08:46 - VLANs 10 and 20, and replace them with 100 and 200. Now, the
00:08:50 - problem is all of the ports in your company or this little scenario
00:08:54 - here were assigned to VLAN 10 and VLAN 20. And if a port is assigned
00:08:59 - to a VLAN, and that VLAN just disappears, the port is like, wow,
00:09:05 - where am I? I'm lost. I can't talk to anybody. It literally cannot
00:09:10 - talk to anything. The ports just disappear from the switch. If
00:09:15 - you do a show VLAN to see where the ports are assigned, you won't
00:09:17 - see anything. They're all just gone. All communication goes down.
00:09:21 - So less than a second, the entire network collapses. Now, the
00:09:26 - administrator over here, you know, is in a panic at this point.
00:09:30 - Cell phones ringing and nightmare's going on, and the administrator
00:09:34 - is like what's going on? And it takes a while to figure out,
00:09:37 - because nobody thinks all the VLANs disappear. Oh, by the way,
00:09:39 - as soon as that happened, all of the ports on all of the switches
00:09:43 - turn amber. That's your clue right there that this has happened.
00:09:48 - If a port isn't assigned to a VLAN and it just disappears, it
00:09:52 - goes amber. So if you're looking at a rack of switches and all
00:09:55 - of a sudden everything goes orange, panic. Because that just
00:09:59 - happened, all the VLANs disappeared. So the administrator figures
00:10:03 - out, it's like, oh, no. So he pulls the switch off and restores
00:10:07 - the config from back up and plugs the switch back in. But as
00:10:11 - soon as he does, what happens? Replication down, we are VTP REV
00:10:15 - 1302, you are VTP REV 2 or 3 and wham complete VTP flush again.
00:10:21 - The only way the administrator can fix the VTP database is manually
00:10:26 - recreate it on one of those switches and add all those VLANs
00:10:29 - back in. Now I've been referring just because I didn't have I
00:10:34 - don't want to draw up a huge pen dot scenario, I've been talking
00:10:37 - about two VLANs here. A company may have 10, 20, 30 different
00:10:41 - VLANs they have that's spread across the organization, so the
00:10:44 - administrator has to manually enter those back in and recreate
00:10:48 - them. By this point in time, in terms of downtime, you're typically
00:10:52 - talking about 30 minutes to maybe an hour of complete network
00:10:58 - outage. Now, you can see the double edged sword of VTP. Now,
00:11:04 - this scenario,
00:11:06 - if you know a little bit about VTP, is not as easy to stumble
00:11:11 - into as maybe I've shown it right here. For instance, the eBay
00:11:15 - switch isn't going to typically have the same VTP domain name
00:11:20 - as your organization. We'll see this in just a moment. All the
00:11:23 - switches in order for them to talk have to be assigned to the
00:11:26 - same VTP domain. Where this sort of scenario usually happens
00:11:31 - is a lab environment. A company has a lab environment that they
00:11:34 - have set up for testing and stuff like that. And the goal of
00:11:38 - a lab is to mirror the corporate network as close as possible
00:11:41 - to run some tests before you release things in production. And
00:11:44 - what would typically cause this is a simple problem in the network.
00:11:49 - Hey, we just got ten more employees. You got another switch.
00:11:52 - You look at the inventory, we're like we're out of switch, and
00:11:54 - somebody's like there's one in the lab, go grab the one in the
00:11:57 - lab. Oh, yeah, the one in the lab. And dadum. This scenario happens
00:12:02 - right here, because the lab switch had the existing previous
00:12:05 - configuration on there. So VTP can be your best friend if used
00:12:11 - wisely. Let's look at the details.
00:12:14 - The first thing to understand about VTP is the three different
00:12:18 - modes that it supports. Server, client and transparent.
00:12:23 - If you set up VTP servers which are the default, they have the
00:12:27 - power to change any of the VLAN information and replicate those
00:12:31 - changes to all the other switches in your domain. That's where
00:12:34 - the VTP REV number comes in handy because that helps all the
00:12:37 - switches discover who has the latest copy of the VLAN database
00:12:41 - since it is a multi server environment. The theory goes something
00:12:45 - like this. You should only have one server in your network and
00:12:50 - all the rest of the switches should be, wow, that's a non Cisco
00:12:54 - switch obviously, the rest of them should all be client mode
00:12:59 - switches. You can see that the clients cannot change VLAN information.
00:13:03 - They are locked. If you log into a client and type in I want
00:13:07 - to create VLAN 20, that means that well, I should say it's just
00:13:11 - going to reject you and say sorry this is in VTP client mode,
00:13:14 - you cannot make changes from here. Likewise, the VTP clients
00:13:19 - do not save the VLAN configuration. The servers save that config
00:13:24 - in a file and flash called VLAN.dat. Clients keep it in RAM.
00:13:28 - So every time they reboot they have no VLAN database file and
00:13:31 - they have to rely on the replication from the server to get the
00:13:36 - latest copy of the database. Now, the reason I said the theory
00:13:40 - goes something like this is because unfortunately
00:13:44 - most of the time it remains a theory. As in everybody starts
00:13:48 - off having a great config like this where you've got the one
00:13:51 - server and many clients in your network, but the problem is that
00:13:55 - IT people are lazy. I'll be the first to throw myself under the
00:13:59 - bus with that group. You telenet into a switch. Somebody just
00:14:03 - said hey I need a new VLAN, you go into the switch you type in
00:14:06 - VLAN 100. It says oh, sorry this switch is client mode. You can't
00:14:10 - make that change here. What do you do? You changed over the client
00:14:15 - to the server mode because you're lazy and you don't remember
00:14:19 - where the server is in the network and eventually go back to
00:14:22 - a multi master server model anyway. So the client mode is supposed
00:14:27 - to be good as long as it's backed up by specific company policy
00:14:31 - saying you don't make changes from clients and you don't change
00:14:35 - clients back into servers. The VTP transparent mode you see at
00:14:39 - the bottom there is if you don't want
00:14:43 - to use VTP. That's one of those ones you've been burned. You
00:14:46 - don't want to use VTP ever again. Change all your switches to
00:14:49 - transparent mode. They become essentially rebel switches at that
00:14:53 - point to where if they receive updates from VTP they will say
00:14:57 - I am not going to listen to this. Now, they'll pass it through.
00:15:01 - You can see that second bullet there. It says it passes through
00:15:04 - the VTP updates in VTP version 2 which all Cisco switches support.
00:15:08 - So if you had a situation like
00:15:11 - let's say this is a transparent mode switch and then you had
00:15:14 - another client down here, it could pass the updates through to
00:15:17 - the client, but it won't listen to the updates themselves. You
00:15:21 - can create and delete VLANs and it saves those configurations
00:15:24 - in the VLAN database file in flash, but those VLANs are never
00:15:29 - sent to anybody else. So every switch becomes its own independent
00:15:33 - authority once you move over to transparent
00:15:37 - mode. VTP also has a bonus feature called
00:15:42 - VTP pruning. What this feature does is it allows the switches
00:15:46 - to do some of the work for you in a trimming down where broadcast
00:15:50 - traffic goes. In this example you can see we have three switches
00:15:54 - connected to that middle magic port, which is able to handle
00:15:58 - two switch connections per port, and the top two switches are
00:16:02 - the only ones that have devices in the green VLAN. The bottom
00:16:06 - switch does not. Now, just with the definition of a trunk, the
00:16:10 - trunk passes all VLAN traffic. So if somebody sends a broadcast
00:16:14 - on the green VLAN, the bottom switch gets it even though it doesn't
00:16:17 - have any clients in the green VLAN. VTP pruning uses the VTP
00:16:23 - technology to allow the switches to notify each other if they
00:16:28 - do not have any ports in a specific VLAN. Now, we saw early on,
00:16:33 - I believe in the previous Nugget, when we talked about trunking
00:16:36 - one of the things I mentioned was that you can manually go in
00:16:39 - there and type in these are the allowed VLANs on the ports, whereas
00:16:43 - VTP pruning is an automatic way to do that for you. Now, you
00:16:48 - know my thoughts on things being auto. But at the same time I
00:16:52 - have never run into a problem with VTP pruning other than the
00:16:56 - fact that it has to be run on VTP capable devices. Meaning if
00:17:01 - you go VTP transparent mode you obviously can't use that. Likewise,
00:17:06 - here's another thought for you, VTP pruning only works on VTP
00:17:12 - servers. So your client switches, if you have clients daisychained
00:17:17 - from other clients, they will not be able to do VTP pruning,
00:17:21 - which is another, I guess, you could say incentive to keep all
00:17:25 - your switches VTP servers, which is a bad practice in the first
00:17:29 - place. So follow my logic on that. That's how VTP pruning works.
00:17:35 - I will say most people don't use
00:17:39 - it. So VTP pruning is something that's off by default. You just
00:17:43 - go in and turn it on and it does its
00:17:46 - magic. Last thing I want to mention on VTP pruning, this feature
00:17:50 - prunes the broadcast traffic from reaching the other switches.
00:17:53 - It does not prune out the actual VLANs. For example, I have the
00:17:58 - green, red and blue VLANs here. The green VLAN will still be
00:18:02 - available on the bottom switch down there. It's not like it just
00:18:05 - magically disappears from the switch and only appears when you
00:18:08 - add ports. You'll see it down there, because the replication
00:18:11 - feature is still working. Pruning just eliminates the broadcast
00:18:15 - traffic from reaching that switch since there are no assigned
00:18:17 - ports. Now let's get into the configuration of VTP. I'm going
00:18:22 - to show you a catch that happens on Cisco switches that might
00:18:26 - throw you off with some new switches you get into your organization.
00:18:30 - Step one in configuration is verifying the current VTP status
00:18:35 - on every switch. I can't emphasize how important it is to do
00:18:39 - this, even if you think the switch has no configuration, because
00:18:44 - if you forget to verify the VTP status, it may just be that eBay
00:18:48 - switch that wipes out your network. So let me bring up the console
00:18:53 - connection. Before I do you can see the live topology I have
00:18:57 - going at the bottom there. Switch A connected to B and C. So
00:19:01 - we are on switch A right now, and the key command to verify VTP
00:19:04 - is not a show run, because most VLAN information is not going
00:19:08 - to show up in the show run. It's all stored in flash in this
00:19:12 - file called VLAN.dat which is not there yet because I haven't
00:19:15 - configured this. So I'm going to type in show VTP status.
00:19:21 - That's your number one command for verifying
00:19:25 - VTP. So right up front you can see VTP version is currently 2.
00:19:29 - However, version 2 mode is disabled. It runs version 1 until
00:19:33 - you turn on VTP version 2. That's just the maximum the switch
00:19:36 - can support. This is the key line you're looking for.
00:19:41 - Configuration revision is 0. That means this switch has not received
00:19:47 - any VTP updates and has no VLANs or currently is not running
00:19:52 - a VLAN database that can replicate to other people. As you make
00:19:58 - changes, that's the revision number that keeps going up. Below
00:20:02 - that you see the operating mode right there, which is the server
00:20:06 - mode. That's the default mode every switch is in. And then you
00:20:09 - see the domain name. I want to focus on this. The domain name
00:20:14 - by default is blank. Cisco considers that null. It's at this
00:20:19 - point that the switch will be in its most susceptible state.
00:20:24 - Meaning if I plug it into a network that is running VTP and a
00:20:28 - trunk port is negotiated with me, VTP runs on top of the trunks,
00:20:33 - it will take whatever VTP domain name and password the organization
00:20:38 - has. So what this means is if I plug this switch in, I don't
00:20:43 - even need the VTP domain name or the password. I'm going to get
00:20:49 - all of the VTP updates sent down to me. Tell me that's not crazy.
00:20:53 - Because here's my fear. You forget to hard code a cubicle port
00:21:01 - as an access port. You leave it on the dynamic desirable mode.
00:21:05 - Well, when somebody plugs that in, their switch will negotiate
00:21:08 - a trunk port with your switch and if their VTP domain name is
00:21:12 - set to null or blank, as you can see on the screen right now,
00:21:15 - that means whatever VTP advertisement they receive it will automatically
00:21:20 - configure itself to. So can you imagine all that security you
00:21:24 - thought you had by assigning a VTP domain name and password that
00:21:27 - nobody knew, it's gone because it's sent in clear text over the
00:21:31 - trunk link. Moral of the story, it is so important that you hard
00:21:36 - code every port going into a cubicle as an access port. Do not
00:21:41 - let it negotiate trunks, because if it does, you're doomed. In
00:21:45 - a way. So what I'm going to do I just want to show you how this
00:21:50 - works. I'm going to telenet on over to switch B to show VTP status
00:21:55 - over there.
00:21:57 - You can see server everything is blanked out as well. I'll go
00:22:01 - to switch C and do a show VTP status.
00:22:06 - Blank. Everything is blank. So our organization currently has
00:22:09 - nothing. So step one is going to be configuring the VTP domain
00:22:13 - name. Go into global config mode and type VTP domain and follow
00:22:18 - that up with the name of the domain. We'll call it CBTNugget.
00:22:25 - Enter. You can see right away it says changing from null or blank
00:22:29 - to CBTNugget. I exit back out, do a show VTP status.
00:22:35 - And sure enough CBTNugget it is. Now I'll hop over to V, show
00:22:40 - VTP status over there. Look at that. See what I mean? Immediately,
00:22:45 - poof, since it was null it became the first name that came to
00:22:50 - it. I'm going to jump on over to switch C. Just do that show
00:22:54 - VTP stat. Up arrow. And sure enough it is CBTNugget as well.
00:22:59 - When it is null, it is susceptible. It will become whatever the
00:23:03 - first name is that you advertise. So with that in place, well,
00:23:09 - I guess we don't have too much excitement going on, because I
00:23:12 - have not created any VLANs on here and that is why on my server,
00:23:15 - when I do a show VTP status, my config REV is currently 0. So
00:23:20 - if I go into global config mode and type in VLAN 10, we'll say
00:23:24 - name Sales, VLAN 20, name Accounting,
00:23:33 - VLAN 30, name Isabella. That's the name of my first little daughter.
00:23:39 - And I'll exit out and do a show VTP stat.
00:23:43 - You can see the config REV has moved up to 3 to show a VLAN,
00:23:47 - and there's my three VLANs. Theoretically,
00:23:51 - well, it should be working. If I jump on over to switch B and
00:23:55 - do a show VLAN, poof, the same VLANs pop up. Do a show VTP status,
00:23:59 - you can see the config REV is 3. I know I'm zooming through this.
00:24:03 - Hopefully the video is keeping up. If not, it's the beauty of
00:24:06 - video: Rewind. So the VLANs are replicating over to switch B
00:24:12 - and switch C. You can see the config REV as 3. Show VLAN. And
00:24:21 - there's my VLANs that are showing up. So VTP is working. It is
00:24:26 - operational. Now, a few
00:24:30 - other things. I'm trying to think that's it. That's wait thank
00:24:35 - you. I put a list over here for myself. Configure the domain
00:24:38 - name and password. The password is configured just by going into
00:24:43 - global config mode and typing VTP password. You can see it right
00:24:46 - there. And voila. By the way, also while we're here that's how
00:24:50 - you turn on VTP pruning. VTP version or VTP mode will set
00:24:58 - whoops. What mode it runs in. You can see the transparent server
00:25:02 - and client VTP version is version one or two. The difference
00:25:05 - between version one and two that would be a good thing to know.
00:25:08 - VTP version two adds support for token ring. Whoohoo, just in
00:25:13 - time, right, but it also gives transparent switches the capability
00:25:18 - to forward VTP information through them. If you're running VTP
00:25:22 - version 1, which all switches are running by default, even though
00:25:25 - it says VTP version 2, you can see version 2 mode is disabled.
00:25:30 - If you're running version 1, the transparent mode switches will
00:25:34 - stop VTP broadcast. They absorb them rather than pass them on.
00:25:39 - So let's see. Where am
00:25:42 - I? VTP domain password. VTP mode, we've seen configuring the
00:25:47 - servers, or
00:25:50 - all of them are servers by default. So let me hop back over here.
00:25:55 - I'm going to set these guys up as VTP mode client. You can see
00:25:59 - when I do a show VTP status,
00:26:02 - it is now in client mode. And what that means is this can no
00:26:07 - longer create or delete VLANs from the domain. I'll just type
00:26:11 - in VLAN 40 to create a new one. It will tell me VLAN not allowed
00:26:16 - while the device is in client mode. This is where I was mentioning,
00:26:18 - this is where self discipline comes in, because you want to make
00:26:21 - sure you don't just change it back over to a server and make
00:26:25 - the change because that kind of defeats the purposes of clients.
00:26:29 - VTP version number, I already showed you that. So, hmm,
00:26:35 - just trying to think if there's anything else. VTP just it's
00:26:38 - all about the concepts. Like most things in Cisco, not too much
00:26:42 - to the configuration. Last thing I'll do is hop on over to the
00:26:47 - VTP switch C, change that
00:26:51 - over to VTP mode client. Now, let me show you
00:26:56 - some gotchas. I'm going to type in on switch A show flash. And
00:27:03 - you can see I showed you this right before we got started, there
00:27:06 - was no VLAN.dat file. Now there's a VLAN.dat. All of your VTP
00:27:11 - stuff and VLAN stuff, I'll do a show run include VLAN, you can
00:27:15 - see that there is nothing in the running config about VLANs.
00:27:19 - All of that stuff is stored in that VLAN database file. One of
00:27:24 - the tips that I'll give you now, this is not certification world.
00:27:28 - This is just real world stuff I've run into, one of the tips
00:27:32 - that I will give you is if you're working on a used switch, meaning
00:27:36 - one that's maybe been in production for a while, and you reconfigure
00:27:40 - it to be in a new VTP domain name or joining a new domain of
00:27:43 - switches or something to that effect, I have had it happen where
00:27:48 - I have the domain name, the password, everything exactly correct,
00:27:52 - and, by the way, I should mention as I'm talking, this domain
00:27:56 - name is case sensitive. So it's lower case, upper case does matter.
00:28:00 - I've had everything correct and mode is correct and trunk links
00:28:03 - are operational and it does not replicate. I have found that
00:28:08 - sometimes the VLAN database file cannot handle changes from one
00:28:14 - domain to another. Like if you do a write erase, and this is
00:28:18 - a good rule of thumb, I think of all these things as I go here,
00:28:21 - if you do a write erase to erase the switch, it does not erase
00:28:25 - the VLAN.dat file. So it will maintain its VLANs and it will
00:28:29 - maintain all its VTP stuff. I've found a lot of times if you
00:28:32 - do a write erase and forget to delete the VLAN database file,
00:28:36 - the next time you try to set it up for VTP, it gets corrupted.
00:28:40 - My point in saying all of this, is that if you're having trouble
00:28:45 - with VTP and you know everything is right, you know you've got
00:28:49 - everything set up correctly,
00:28:52 - try this: Delete the VLAN database file. Do a delete/:VLAN.dat.
00:28:59 - It will ask you to confirm, run through a couple times, enter,
00:29:02 - enter and confirm it. You'll have to reboot the switch to clear
00:29:06 - everything out because it's still in RAM. But a lot of times
00:29:10 - I find if you have a used switch and you're moving it between
00:29:12 - VTP domains, that VLAN database file can't handle it and it kind
00:29:16 - of gets corrupted in the sense that it won't work any more for
00:29:21 - the new VTP domain. You've just got to delete it and start over.
00:29:26 - Now that I think about it I just jumped a little ahead of myself.
00:29:29 - I was going to save that for this common VLAN problems slide.
00:29:34 - One of the problems that you might have, and that's down at the
00:29:37 - very bottom, is that VLAN database file gets corrupt. So just
00:29:40 - type in that delete/:/VLAN.dat,
00:29:44 - reboot the switch and that will solve a lot of the VLAN problems.
00:29:47 - I've had that happen a dozen times or so and I've gotten used
00:29:52 - to deleting the VLAN database file on older switches. Let me
00:29:56 - hit the rest of the common VLAN problems you run into as we wrap
00:30:00 - up this VLAN subsection here. First off, number one problem I've
00:30:04 - seen is the native VLAN mismatch. You keep getting all these
00:30:07 - messages across your console: Native VLAN mismatch. We already
00:30:10 - talked about the native VLAN, but a mismatch happens when it's
00:30:13 - assigned differently on both sides of the connections. You want
00:30:16 - to hard code it, so it's the same. Otherwise you end up with
00:30:20 - VLAN information bleeding amongst each other. Meaning if one
00:30:24 - side is VLAN 1 and the other side is VLAN 10, you've essentially
00:30:28 - linked those two VLANs through the native VLAN mismatch. That's
00:30:33 - why it's not a message to ignore. I've been into many networks
00:30:37 - where I log in, you've got a native VLAN mismatch. Oh, I've seen
00:30:41 - that message forever. And I don't know how to fix it. I go you
00:30:44 - want to fix that, because you've essentially bridged VLAN 1 and
00:30:48 - VLAN 10 when you do that since the broadcast for VLAN 10 ends
00:30:52 - up going across into VLAN 1.
00:30:55 - So make sure those are matched. Second, trunk auto negotiation
00:30:59 - message use. My message don't use the auto negotiation.
00:31:03 - The number one problem is auto to auto does not become a trunk.
00:31:07 - And that is by design. The auto mode does not send out VTP sorry,
00:31:15 - DTP messages that tried to negotiate a trunk for the other side.
00:31:20 - So both of them are just sitting there idle saying, okay, is
00:31:23 - somebody going to do something? But nobody does anything. So
00:31:26 - if possible avoid the DTP and set all your trunks to non negotiate.
00:31:31 - That's the best way to hard code everything. The last thing is
00:31:35 - what we just talked about, VTP updates not applying. Number one
00:31:38 - steps is to go through and make sure everything matches. Check
00:31:42 - your domain. Check your password. Check your version on all your
00:31:45 - switches. Are they all running version 1 or 2 or you can't have
00:31:48 - a mix. Verify your trunk links. A lot of people overlook that.
00:31:52 - VTP is called the VLAN trunking protocol. It's not a trunking
00:31:56 - protocol. I already mentioned that. But it does only work over
00:32:00 - trunk links. Make sure you have trunk links between your switches.
00:32:03 - And the last one I already talked about to delete that file and
00:32:07 - reboot as a last resort.
00:32:10 - A lot of stuff on VTP. The good, the bad and the ugly. What do
00:32:14 - you think? I'm curious. I'm really curious. I wish I could take
00:32:17 - a poll. How many of you will use VTP, or are using VTP in your
00:32:23 - organization? And after seeing the ugly, if you will, of VTP,
00:32:27 - how many of you still want to use it? I will say I still use
00:32:32 - it. Just to give you a personal experience, I have had it wipe
00:32:37 - out a network, but I'm telling you for me the advantages outweigh
00:32:42 - the disadvantages. But that's not an opinion for everybody. VTP
00:32:46 - modes, we talked about. Server client, transparent. Transparent
00:32:49 - being disabling VTP. Pruning being the feature you can turn on
00:32:53 - from global config mode, just one command line. VTP pruning,
00:32:57 - enable, and that will turn on pruning for the switches. They
00:33:01 - have to be the server mode VTP switches to enable the pruning.
00:33:05 - We walked through the VLAN configuration step by step and finally
00:33:09 - looked at troubleshooting common VLAN issues as we wrap up this
00:33:13 - VLAN subsection of the BCMSN series. I hope this has been informative
00:33:17 - for you and I'd like to thank you for viewing.