Re: VTP Domain name or no vtp domain name if running in

From: Ben (ccieben@cox.net)
Date: Sat Apr 22 2006 - 22:56:17 GMT-3

• Next message: Ben: "Re: Bridging over frame relay"
• Previous message: James Ventre: "Re: VTP Domain name or no vtp domain name if running in"
• Maybe in reply to: James Ventre: "Re: VTP Domain name or no vtp domain name if running in"
• Next in thread: James Ventre: "Re: VTP Domain name or no vtp domain name if running in"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

So I'm sure I understand where you're coming from....

The default configuration for ports that you would like to become trunks
in the following:
interface FastEthernet0/24
 switchport mode dynamic desirable
end
With an optional setting of the trunking protocol (dot1q or isl)?

Is this correct?

Ben

James Ventre wrote:
> Cisco's best practice is to use DTP for trunk formations wherever
> possible. This is suggested so you can actually trust your DTP
> messages. When you nail up a trunk with "ON" all it takes is link on
> that interface for it to show "trunking" when you do a "show int trunk".
>
> What if someone unplugged your switch and plugged in a PC? As long as
> you've got link - it'll still say trunking. That isn't optimal. With
> DTP/Desirable when I do a "show int trunk" and it says trunking I know
> (with reasonable certainly) that there is a switch on the other end.
> It really helps in troubleshooting.
>
> I say "with reasonable certainly" because all a hacker type needs to
> do is sniff the port - wait for you to send a DTP packet - and
> regurgitate it back into the switch and it'll form a trunk.
>
> James
>
>
>
>
>
> Ben wrote:
>> I had to try it.... I guess I've always 'nailed-up' my trunks so I
>> never discovered this.
>>
>> CAT2(config)#vtp domain TPSREPORT
>> Changing VTP domain name from CCIE to TPSREPORT
>> CAT2(config)#^Z
>> CAT2#
>> 9w6d: %SYS-5-CONFIG_I: Configured from console by console
>> CAT2#
>> 9w6d: %DTP-5-DOMAINMISMATCH: Unable to perform trunk negotiation on
>> port Fa0/23 because of VTP domain mismatch.
>> CAT2#
>> 9w6d: %DTP-5-DOMAINMISMATCH: Unable to perform trunk negotiation on
>> port Fa0/24 because of VTP domain mismatch.
>> CAT2#show ru int fa0/23
>> Building configuration...
>>
>> Current configuration : 98 bytes
>> !
>> interface FastEthernet0/23
>> description to CAT1 fa 0/23
>> switchport mode dynamic desirable
>> end
>>
>> CAT2#show ru int fa0/24
>> Building configuration...
>>
>> Current configuration : 98 bytes
>> !
>> interface FastEthernet0/24
>> description to CAT1 fa 0/24
>> switchport mode dynamic desirable
>> end
>>
>> Ben
>> James Ventre wrote:
>>> Try it for yourself.
>>>
>>> "To autonegotiate trunking, the interfaces must be in the same VTP
>>> domain. Use the trunk or nonegotiate keywords to force interfaces in
>>> different domains to trunk. For more information on VTP domains, see
>>> "Understanding and Configuring VTP."
>>>
>>> Trunk negotiation is managed by the Dynamic Trunking Protocol (DTP).
>>> DTP
>>> supports autonegotiation of both ISL and 802.1Q trunks."
>>>
>>> http://www.cisco.com/en/US/products/hw/switches/ps663/products_configuration_guide_chapter09186a00800f0d62.html
>>>
>>>
>>> James
>>>
>>> Matt White wrote:
>>>
>>> I do not believe that to be correct. For VLAN ID to propagate form a
>>> server to a client, you ned the VTP domain to match.
>>> For DTP to work on a trunk, one needs to be switchport dynamic auto
>>> and the other end desirable. Trunk encapsulation will auto-negotiate
>>> as well if left to the default.
>>> DTP has nothing to do with VTP.
>>> On 4/22/06, James Ventre <messageboard@ventrefamily.com> wrote:
>>>
>>> Let me clarify a bit further:
>>> For DTP to form a trunk with the other end, your VTP domain
>>> needs to
>>> match on both ends. This would be an instance where you need
>>> to set
>>> the domain with a mode of transparent.
>>>
>>> James
>>>
>>> James Ventre wrote:
>>>
>>> For DTP to form a trunk it has to match on both ends of the link.
>>>
>>> Hash Aminu wrote:
>>>
>>> Hello GS,
>>> just to clear this issue if i am running in VTP
>>> Transparent mode , do
>>> i need
>>> to make sure that the VTP domain name is the same or
>>> configure it at
>>> all? i
>>> feel there is no need since i am not running VTP, but can
>>> anyone think of
>>> any situation where we need to configure the VTP domain name in
>>> Transparent
>>> mode .
>>> TIA
>>> Hash
>>>
>>>
>>> _______________________________________________________________________
>>> Subscription information may be found at:
>>> http://www.groupstudy.com/list/CCIELab.html
>>> _______________________________________________________________________
>>> Subscription information may be found at:
>>> http://www.groupstudy.com/list/CCIELab.html
>>> _______________________________________________________________________
>>> Subscription information may be found at:
>>> http://www.groupstudy.com/list/CCIELab.html
>>
>> _______________________________________________________________________
>> Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html

• Next message: Ben: "Re: Bridging over frame relay"
• Previous message: James Ventre: "Re: VTP Domain name or no vtp domain name if running in"
• Maybe in reply to: James Ventre: "Re: VTP Domain name or no vtp domain name if running in"
• Next in thread: James Ventre: "Re: VTP Domain name or no vtp domain name if running in"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Mon May 01 2006 - 11:41:59 GMT-3