From: Martin Dean (mdean@diatac.co.uk)
Date: Wed Mar 15 2006 - 13:47:57 GMT-3
Hi
This 'feature' has always been the case with IOS switches, no matter what
model. This does not happen in the CatOS switches, as the VLAN info gets
detected when rebooted and needs to receive a VTP message from a server or
client on the network to re-learn VLAN data.
An IOS client when it sees a VTP packet with the correct domain name and
password checks the configuration number, if it is the same it is ignored,
if it is higher the client will update its VLAN database, HOWEVER if the
revision number is lower, the client will send a VTP update message
containing information of the clients VLANs. If the VLAN data is different
than the servers VLANs or any other switch in the network, the VLANs in
those switches will be deleted/changed to the clients VLAN info.
This has occurred many times in production networks, a well known American
banks trading floor in the UK went down for a time - some say for an hour,
some say longer.
This problem usually occurs when the domain name is used on multiple sites
or in a test lab environment and multiple changes to VLAN info is generated
causing the client switch to have a high configuration number.
The only way to stop this from happening is to use different domain names OR
password in different locations, buildings, departments.
The client needs to have the configuration number changed to 0, however
there is no IOS command (to my knowledge) to do this.
To accomplish this, the domain name needs to be changed. My advice which I
give to students attending Cisco courses is to always have the domain name
at some nonsensical name, which will require changing in a production
environment.
Alternately, delete the vlan.dat file, when the switch is NOT connected to
the network and reboot. If it is connected to the network, the file will be
regenerated when a VTP message arrives, as the VTP / VLAN info is still
current in the RAM
There are many financial institutions that do not use VTP - set mode to
Transparent, because of this largely un-documented feature.
I personally got this changed on the CWENT 2.5 course and I have checked it
has also been changed in the latest BCMSN 2.2 course. Course writers are
finally waking up to this 'feature' and the knowledge will slowly
disseminate its way to the general populace. As the courses get changed
hopefully so will the written material out of CiscoPress and other
publishers - but in the meantime BEWARE.
Cheers
Martin
----- Original Message -----
From: "Carlos Mendioroz" <tron@huapi.ba.ar>
To: <ccielab@groupstudy.com>
Sent: Monday, March 13, 2006 8:49 PM
Subject: VTP client overwriting server ?
> Hi,
> I've just received 2 conflicting pieces of information.
> Well, both conflicted with what I supposed I knew...
>
> 1- IOS VTP clients do keep VLAN information in nvram
> 2- IOS VTP clients may overwrite a VTP server
> (so the message was, beware even more than what you used to
> from vlan info from a shelf switch).
>
> #1 I have confirmed. You pass some VLANs to a client, you isolate the
> client, you reload the client... and you have your VLANs.
> Cisco says you would not... well, at least says so in many places.
>
> #2 I have been unable to reproduce... even having a client with higher
> revision number talk to a server does not do the trick.
> The client will keep its higher version though...
>
> So here: Does anybody have conclusive info of #2 being true or false ?
> In case it is true, would you mind sharing a list of steps to make it ?
>
> Yours truly (confused :)
> -Carlos
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
> --
> No virus found in this incoming message.
> Checked by AVG Free Edition.
> Version: 7.1.375 / Virus Database: 268.2.1/279 - Release Date: 10/03/2006
This archive was generated by hypermail 2.1.4 : Sat Apr 01 2006 - 10:07:38 GMT-3