Re: VTP Domain name or no vtp domain name if running in

From: James Ventre (messageboard@ventrefamily.com)
Date: Sat Apr 22 2006 - 22:14:34 GMT-3

• Next message: Ben: "Re: VTP Domain name or no vtp domain name if running in"
• Previous message: Michy Eika: "NTP authentication is affected by source interface?[2]"
• Maybe in reply to: James Ventre: "Re: VTP Domain name or no vtp domain name if running in"
• Next in thread: Ben: "Re: VTP Domain name or no vtp domain name if running in"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Cisco's best practice is to use DTP for trunk formations wherever
possible. This is suggested so you can actually trust your DTP
messages. When you nail up a trunk with "ON" all it takes is link on
that interface for it to show "trunking" when you do a "show int trunk".

What if someone unplugged your switch and plugged in a PC? As long as
you've got link - it'll still say trunking. That isn't optimal. With
DTP/Desirable when I do a "show int trunk" and it says trunking I know
(with reasonable certainly) that there is a switch on the other end. It
really helps in troubleshooting.

I say "with reasonable certainly" because all a hacker type needs to do
is sniff the port - wait for you to send a DTP packet - and regurgitate
it back into the switch and it'll form a trunk.

James

Ben wrote:
> I had to try it.... I guess I've always 'nailed-up' my trunks so I never
> discovered this.
>
> CAT2(config)#vtp domain TPSREPORT
> Changing VTP domain name from CCIE to TPSREPORT
> CAT2(config)#^Z
> CAT2#
> 9w6d: %SYS-5-CONFIG_I: Configured from console by console
> CAT2#
> 9w6d: %DTP-5-DOMAINMISMATCH: Unable to perform trunk negotiation on port
> Fa0/23 because of VTP domain mismatch.
> CAT2#
> 9w6d: %DTP-5-DOMAINMISMATCH: Unable to perform trunk negotiation on port
> Fa0/24 because of VTP domain mismatch.
> CAT2#show ru int fa0/23
> Building configuration...
>
> Current configuration : 98 bytes
> !
> interface FastEthernet0/23
> description to CAT1 fa 0/23
> switchport mode dynamic desirable
> end
>
> CAT2#show ru int fa0/24
> Building configuration...
>
> Current configuration : 98 bytes
> !
> interface FastEthernet0/24
> description to CAT1 fa 0/24
> switchport mode dynamic desirable
> end
>
> Ben
> James Ventre wrote:
>> Try it for yourself.
>>
>> "To autonegotiate trunking, the interfaces must be in the same VTP
>> domain. Use the trunk or nonegotiate keywords to force interfaces in
>> different domains to trunk. For more information on VTP domains, see
>> "Understanding and Configuring VTP."
>>
>> Trunk negotiation is managed by the Dynamic Trunking Protocol (DTP). DTP
>> supports autonegotiation of both ISL and 802.1Q trunks."
>>
>> http://www.cisco.com/en/US/products/hw/switches/ps663/products_configuration_guide_chapter09186a00800f0d62.html
>>
>>
>> James
>>
>> Matt White wrote:
>>
>> I do not believe that to be correct. For VLAN ID to propagate form a
>> server to a client, you ned the VTP domain to match.
>> For DTP to work on a trunk, one needs to be switchport dynamic auto
>> and the other end desirable. Trunk encapsulation will auto-negotiate
>> as well if left to the default.
>> DTP has nothing to do with VTP.
>> On 4/22/06, James Ventre <messageboard@ventrefamily.com> wrote:
>>
>> Let me clarify a bit further:
>> For DTP to form a trunk with the other end, your VTP domain
>> needs to
>> match on both ends. This would be an instance where you need to set
>> the domain with a mode of transparent.
>>
>> James
>>
>> James Ventre wrote:
>>
>> For DTP to form a trunk it has to match on both ends of the link.
>>
>> Hash Aminu wrote:
>>
>> Hello GS,
>> just to clear this issue if i am running in VTP
>> Transparent mode , do
>> i need
>> to make sure that the VTP domain name is the same or configure
>> it at
>> all? i
>> feel there is no need since i am not running VTP, but can
>> anyone think of
>> any situation where we need to configure the VTP domain name in
>> Transparent
>> mode .
>> TIA
>> Hash
>>
>>
>> _______________________________________________________________________
>> Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html
>>
>> _______________________________________________________________________
>> Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html
>> _______________________________________________________________________
>> Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

• Next message: Ben: "Re: VTP Domain name or no vtp domain name if running in"
• Previous message: Michy Eika: "NTP authentication is affected by source interface?[2]"
• Maybe in reply to: James Ventre: "Re: VTP Domain name or no vtp domain name if running in"
• Next in thread: Ben: "Re: VTP Domain name or no vtp domain name if running in"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Mon May 01 2006 - 11:41:59 GMT-3