From: Blastmor (alextols@gmail.com)
Date: Tue Apr 24 2007 - 15:32:39 ART
Guys don't trust DocCD blindly.
For now there is no difference in "transparency" in version 1 and 2
Recently I contacted Cisco TAC regarding this issue. Here is the notes:
Me:
All switches are 3560 (WS-C3560-24TS-S) running 12.2(25)SEE2
Sw1----Sw2----Sw3
On all switches there is default configuration with small changes:
Sw1:
vtp domain CISCO
vtp mode client
!
interface FastEthernet0/13
switchport trunk encapsulation dot1q
switchport mode trunk
switchport nonegotiate
Sw2:
vtp mode transparent
vtp version 2
!
interface FastEthernet0/13
switchport trunk encapsulation dot1q
switchport mode trunk
switchport nonegotiate
!
interface FastEthernet0/16
switchport trunk encapsulation dot1q
switchport mode trunk
switchport nonegotiate
Sw3:
vtp domain CISCO
!
interface FastEthernet0/16
switchport trunk encapsulation dot1q
switchport mode trunk
switchport nonegotiate
1. First of all: no possibility to change back VTP domain name from CLI
vtp domain "" is not working as well as vtp domain NULL(NULL becomes
the
name NULL - and no empty space in domain name from 'sh vtp status'
command)
Rack1Sw2(config)#vtp dom ""
Changing VTP domain name from TEST to
Operation failed; Bad domain name length
The only working solution to revert back and clear VTP domain name is to
shutdown both trunks on Sw2 (middle switch) delete flash:vlan.dat,
reload and change vtp mode on Sw2 to transparent
After that unlock both trunks (or the VTP domain name leaks from trunks
after booting)
2. !!! No matter what VTP version is turned on transparent switch Sw2 -
every time when you have empty VTP domain name all VTP messages from Sw3
to Sw1 are forwarded without any problems!!! (changing vtp version on
Sw2 doesn't show any difference )
3. As soon as you change empty VTP domain name from default - Sw2 stops
forwarding VTP messages (again with no difference which vtp version is
used on Sw2)
After changing from empty domain name Sw2 will not
forward VTP from Sw3 to Sw1 until you align VTP domain name with name on
Sw1 and Sw3 or clear VTP domain name as I described earlier.
Cisco's TAC engineer reply:
Unfortunately I
have to confirm this behaviour is 'correct' in that IOS was
specifically
changed to stop forwarding VTP updates from a different domain when in
transparent mode.
The explanation for this change in behaviour is documented in bug ID
CSCea40015 at
http://www.cisco.com/cgi-bin/Support/Bugtool/onebug.pl?bugid=CSCea40015.
I agree the documentation is unclear in the statement "Because VTP
Version 2 supports only one domain, it forwards VTP messages in
transparent mode without inspecting the version and domain name." - I
think the implication could be referring to v1 updates, but this has
been disproven by your testing and is also inconsistent with "All
switches in a VTP domain must run the same VTP version."
It seems the documentation was never updated after the functionality was
changed. I'll raise this issue with my manager to see what can be done
to rectify this, unfortunately the same thing is referenced on many
documents :(
One thing, in the VTP config guide for 12.2(25)SEE under configuring
domain names, "Switches in VTP transparent mode do not exchange VTP
messages with other switches, and you do not need to configure a VTP
domain name for them.", ie. the NULL domain status we discussed before.
It's a shame there isn't a way to set the domain name to NULL, infact
this has been proposed as an enhancement in bug ID CSCeb55420 at
http://www.cisco.com/cgi-bin/Support/Bugtool/onebug.pl?bugid=CSCeb55420,
but the choice was made not to incorporate the feature.
Another one input from Cisco Engineer:
I'm working with other engineers and the BU to determine exactly
which documents are affected. At the moment it seems documentation for
'Desktop' switches (29xx, 35xx, 37xx etc.) is factually incorrect,
and
for the larger switches it's not incorrect but not very clear. It may
take some time to get this resolved but be sure we're working on it.
In the situation you described, the only solution would be to use the
NULL domain name and configure the switch for VTP transparent before
connecting it to the VTP domain (to prevent it 'learning' the domain
name).
> VTP version 1 in transparent mode will make sure that the domain name &
> version number matches before they can forward an advertisement. VTP
> version
> 2 in transparent mode will forward the advertisement without checking the
> version number, but the domain name must match.
>
> The VTP mode not withstanding, Cisco Switches will ignore advertisements
> with different domain name and earlier configuration revision number.
>
> HTH.
>
> Godswill Oletu
> CCIE #16464
This archive was generated by hypermail 2.1.4 : Tue May 01 2007 - 08:28:37 ART