VTP Flashcards
What does VTP stand for?
Vlan Trunking Protocol
Is VTP used for Router?
No - VTP is only for switches
If VTP is in Version 1 and is connected to a Version 3 Switch, what will it do?
It will change it’s VTP version to 2, if capable. VTP v1 devices will automatically upgrade itself to v2 if
- Detects it is connected to v2 member
- Detects it is connected to a v3 member
Under what circumstances will VTP auto upgrade to v3?
Never - Currently v3 will never auto upgrade. You must manually configure vtpv3
While configuring a vlan you see this error.
(config)#vlan 2000
“%PM-2-VLAN_ADD:Failed to add VLAN 2000
Why are you see this? What can you do to resolve this issue?
Extended vlan range is 1006-4094. You can normally only use in two cases. When VTP is configured in Transparent mode and when VTP is version 3.
To go along with vlans and NOT VTP.
While configuring a vlan you see these errors.
(config)#vlan 1006
“%Failed to create VLAN 1006 VLAN(s) not available in port manager.
%Failed to commit extended VLAN(s) changes.
%PM-4-Ext_VLAN_Inuse: VLAN 1006 currently in use by FastEthernet 0/19
%SW_VLAN-4-VLAN_Create_Fail: Failed to create VLAN(s) 1006: VLAN (s) not available in port manager”
What does this tell you and what do you need to do to resolve it?
This tells us that VLAN X is taken up by the internal VLANs. To see this use “show vlan internal usage” in Catalyst series. You should see that vlan 1006 was taken up by the internal resources. This means you configured an IP address on a physical interface. In the configuration you should see this command “vlan internal allocation policy ascending”. This means for Ip address created on the interface it is going to use the first available Ip address after 1005 (1002-1005 are taken up by legacy FDDI and token ring). You must remove the ip address off the interface, create the vlan 1006, then re-add the ip address. The next address is should be able to pull will be 1007. Or you can create an SVI to negate this issue.
What is VTP not?
- It is not a requirement of Ethernet networks (meaning it is not one of the three things needs to provide basic network connectivity).
- Does not define the broadcast domain.
What are the three different modes of operations for VTP v1 + v2 ?
- Server
- Client
- Transparent
Match these 3 modes of operations for VTP to it’s characteristics. Server, Client, and Transparent. Each one of these characteristics applies to one or two modes of operation.
-Creates VLANs (1 option)
-Creates locally significant VLANs (1 option)
-Advertises VLANs (2 options)
-Does not install VLANs from other advertisements
(1 option)
-Installs VLANs from other advertisements (2 options)
-Will install and forward other VTP advertisements along if VTP domain matches (2 options)
-Will only forward other VTP advertisements along if VTP domain matches (1 options)
- Creates VLANs = Server
- Creates locally significant VLANs = Transparent
- Advertises VLANs = Server + Client
- Does not install VLANs from other advertisements = Transparent
- Installs VLANs from other advertisements = Server + Client
- Will install and forward other VTP advertisements along if VTP domain matches = Server + Client
- Will only forward other VTP advertisements along if VTP domain matches = Transparent
What are the three types of VTP passwords?
- Normal
- Hidden
- Secret
What is the VTP password if you do not set one? Default password.
NULL
What are the two purposes of VTP?
- Used to synchronized VLAN creation between switches.
2. Simplifies the management of VLANs
You configure an interface with this command.
(config-if)#switchport access vlan 4
You do not see any issues after using this command.
However the computers in this vlan are not working.
What is going on? What “Show” can you use in troubleshooting this?
There are 3 ways to create VLANs - Globally, VLAN Database and at time of assignment. At time of assignment is when you go under an interface and use the “switchport access vlan X” command. If the vlan has not been created yet, it will create it for you (Cool!). However if you are running VTP v1 or v2 and your switch is in client mode it will not create the vlan. This happens since VTP client is not allowed to create VLANs. The worst part is that the CLI will NOT warn you that this VLAN wasn’t create or does not exist (Not Cool!). The shitty part is that if you do a “show interface status” it will show you the interface and the un-created vlan assigned to it. See picture of example.
What are the potential problems with VTP?
- Switch with the wrong database with higher configuration revision number can overwrite the database of all other switches.
- This is true for both Server and Client mode. You might think to yourself how is that possible? Well we all know whenever you are in vtp mode client and you try to add a vlan it gives you this error. “VTP VLAN configuration not allowed when device is in CLIENT mode”. But you can take a offline switch, change it to vtp mode server, add vlans, then put it back to VTP mode client. Once this switch comes on the network and has a higher revision it will update every switches vlans in the same VTP domain.
- Since VTP is Cisco proprietary they can be a “break in the chain” meaning a non cisco switch is in between two cisco switches. Therefore it cannot pass along the VTP messages or participate in the update to the vlan database. This could also happen if there is a cisco switch in between two other cisco switches and has a different VTP domain.
What benefits does VTP pruning provide?
Reduces unnecessary replication of “bum traffic”
- Broadcast
- Unknown unicasts
- Unknown multicast
VTP pruning is benefical because it keeps un-needed data sent across links. Normally if a device sends a broadcast or multicast it will flood it over trunk ports even if that vlan doesn’t have a device on the opposite end. VTP pruning keeps un-need bandwidth from going across trunk interfaces.
What two messages does VTP pruning use?
Prune and Join messages.
Is it possible to prune extended vlans in VTP?
No, not even in VTP v3
What vlans are “prune eligible”?
Normal vlans - Vlans 2-1001
Can VTP pruning prune vlan 1?
No, the only want to prune vlan one is to manullay prune it.
True/False - Pruning does not remove vlans from the database.
True
What are the three rules for VTP Pruning?
- For a VLAN that is disabled (no access ports anywhere in VLAN) all trunks will “Prune” VLAN.
- Once a VLAN is activated (an access port joins VLAN) it will send a triggered “join” message.
- VLANs on trunks can take VLANs out of “Pruned” state.
What ports can a triggered “join” be sent on?
- STP root port (if a non-root bridge switch)
2. All designated ports (if switch is the root bridge)
When can a switch take a VLAN out of the “pruned” state?
- A triggered “join” was RECEIVED on a port and…
2. That port is in STP “Forwarding” state for THAT Vlan.
What are 3 enhancements of VTP v3?
- Security Enhancements
- Fixes configuration revision overwrite problem.
- New advertisements
- Extended vlans, Private vlans, and MST configuration
- VTP can now be disabled
- Globally
- Per Link
What is the purpose of VTP Client mode in VTP v3?
Not a dame thing. Best practice to leave all in vtp mode server.
Can you make your switch the primary server in VTP v3 if it is in VTP mode Client?
No, you must change it to vtp mode server.
What are the two features you can make a switch primary server in VTPv3?
Vlans + MST
Can you have two different switches be the primary server for the two different features?
Yes, one can be the primary server for VLANs and another can be the primary server for MST.
What does the “VTP primary” command do?
It makes the switch the primary server for both VLANs and MST. If you want to choose just one then the command is (config)#vtp primary
What show commands can you use for troubleshooting VTP pruning?
Show interface trunk
show interface pruning
You have one switch configured for VTP domain Cisco and the other cisco. Will VTP work?
No - the domain in VTP is CASE-sensitive
For VTPv3 order of operations, can your first step be to change the mode to VTPv3?
No, this is not the correct order of operations. If you try to change the mode to VTPv3 before configuring the Domain name you will receive the following error.
“Cannot set the version to 3 because domain name is not configured”
What is the order of operation for VTPv3?
- Configure Domain name
- Change mode to VTPv3
- Configure one switch as VTP primary
- (Optional) - Configure VTP Password
Can you leave the domain name blank for VTPv3?
No, you must configure a domain name before you can even set the version to v3.
Will this work? “VTP password Cisco secret” ?
No, in order to use the secret command you must use a 32 character hash. You can get this from the “show vtp password” after doing the “VTP password Cisco hidden”