Re: VTP client overwriting server ?

From: Jason Couch (ccie@columbus.rr.com)
Date: Wed Mar 15 2006 - 14:43:44 GMT-3

• Next message: James Ventre: "Re: VTP client overwriting server ?"
• Previous message: Martin Dean: "Re: VTP client overwriting server ?"
• Maybe in reply to: Carlos Mendioroz: "VTP client overwriting server ?"
• Next in thread: James Ventre: "Re: VTP client overwriting server ?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

In regards to:

"The client needs to have the configuration number changed to 0, however
there is no IOS command (to my knowledge) to do this."

I believe changing the vtp mode to transparent and then back to client or
server will reset the configuration revision.

Test it out, but from what I remember, this worked for me...

Jason

----- Original Message -----
From: "Martin Dean" <mdean@diatac.co.uk>
To: <ccielab@groupstudy.com>
Sent: Wednesday, March 15, 2006 11:47 AM
Subject: Re: VTP client overwriting server ?

> Hi
>
> This 'feature' has always been the case with IOS switches, no matter what
> model. This does not happen in the CatOS switches, as the VLAN info gets
> detected when rebooted and needs to receive a VTP message from a server or
> client on the network to re-learn VLAN data.
> An IOS client when it sees a VTP packet with the correct domain name and
> password checks the configuration number, if it is the same it is ignored,
> if it is higher the client will update its VLAN database, HOWEVER if the
> revision number is lower, the client will send a VTP update message
> containing information of the clients VLANs. If the VLAN data is
> different
> than the servers VLANs or any other switch in the network, the VLANs in
> those switches will be deleted/changed to the clients VLAN info.
> This has occurred many times in production networks, a well known American
> banks trading floor in the UK went down for a time - some say for an hour,
> some say longer.
> This problem usually occurs when the domain name is used on multiple sites
> or in a test lab environment and multiple changes to VLAN info is
> generated
> causing the client switch to have a high configuration number.
> The only way to stop this from happening is to use different domain names
> OR
> password in different locations, buildings, departments.
> The client needs to have the configuration number changed to 0, however
> there is no IOS command (to my knowledge) to do this.
> To accomplish this, the domain name needs to be changed. My advice which
> I
> give to students attending Cisco courses is to always have the domain name
> at some nonsensical name, which will require changing in a production
> environment.
> Alternately, delete the vlan.dat file, when the switch is NOT connected to
> the network and reboot. If it is connected to the network, the file will
> be
> regenerated when a VTP message arrives, as the VTP / VLAN info is still
> current in the RAM
> There are many financial institutions that do not use VTP - set mode to
> Transparent, because of this largely un-documented feature.
> I personally got this changed on the CWENT 2.5 course and I have checked
> it
> has also been changed in the latest BCMSN 2.2 course. Course writers are
> finally waking up to this 'feature' and the knowledge will slowly
> disseminate its way to the general populace. As the courses get changed
> hopefully so will the written material out of CiscoPress and other
> publishers - but in the meantime BEWARE.
>
> Cheers
> Martin
>
> ----- Original Message -----
> From: "Carlos Mendioroz" <tron@huapi.ba.ar>
> To: <ccielab@groupstudy.com>
> Sent: Monday, March 13, 2006 8:49 PM
> Subject: VTP client overwriting server ?
>
>
>> Hi,
>> I've just received 2 conflicting pieces of information.
>> Well, both conflicted with what I supposed I knew...
>>
>> 1- IOS VTP clients do keep VLAN information in nvram
>> 2- IOS VTP clients may overwrite a VTP server
>> (so the message was, beware even more than what you used to
>> from vlan info from a shelf switch).
>>
>> #1 I have confirmed. You pass some VLANs to a client, you isolate the
>> client, you reload the client... and you have your VLANs.
>> Cisco says you would not... well, at least says so in many places.
>>
>> #2 I have been unable to reproduce... even having a client with higher
>> revision number talk to a server does not do the trick.
>> The client will keep its higher version though...
>>
>> So here: Does anybody have conclusive info of #2 being true or false ?
>> In case it is true, would you mind sharing a list of steps to make it ?
>>
>> Yours truly (confused :)
>> -Carlos
>>
>> _______________________________________________________________________
>> Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html
>>
>>
>> --
>> No virus found in this incoming message.
>> Checked by AVG Free Edition.
>> Version: 7.1.375 / Virus Database: 268.2.1/279 - Release Date: 10/03/2006
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

• Next message: James Ventre: "Re: VTP client overwriting server ?"
• Previous message: Martin Dean: "Re: VTP client overwriting server ?"
• Maybe in reply to: Carlos Mendioroz: "VTP client overwriting server ?"
• Next in thread: James Ventre: "Re: VTP client overwriting server ?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sat Apr 01 2006 - 10:07:38 GMT-3