From: Paul Cosgrove (paul.cosgrove@heanet.ie)
Date: Wed Apr 09 2008 - 09:09:47 ART
http://www.cisco.biz/univercd/cc/td/doc/product/lan/cat3920/3920ug4/token.htm
"A checksum is calculated using an arbitrary security value that is
appended to the front end and the back end of the data in a VTP
configuration. When a VTP device has received all of the parts of the
VTP configuration, it recalculates the checksum using its own security
value derived from the password that has been configured locally. The
device will not accept the new configuration if the checksums do not match.
On all Cisco VTP devices, the default initial configuration of the
security value is all zeroes. Therefore, VTP devices will always accept
one another's VLAN configurations as long as none of the security values
on any of the devices have been modified. To make use of the security
feature, a password needs to be set. The password must be the same for
the management domain on all devices in the domain. Neither the password
nor the security value itself is ever advertised over the network. "
I had incorrectly thought that the MD5 must match on each device,
whereas 'show vtp status' seems to be really just showing the MD5
checksum produced against the local information on that switch.
Paul.
Paul Cosgrove wrote:
> But then I should have tried this out before opening my big mouth...
>
> You are right. In fact it looks like the checksum is much more wide
> ranging than I (mis)understood. Other values are indeed included
> including the revision number and mode. Will do some testing later and
> post results, assuming no-one else does in the meantime.
>
> Paul.
>>
>Sadiq Yakasai wrote:
> How about the number of VLANS as well? I think thats included right?
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
Paul Cosgrove wrote:
> Oops, forgot the vtp version, which is also included.
>
> Paul Cosgrove wrote:
>> It uses the VTP domain name and password. You can check it easily
>> enough by changing the values and using "show vtp status" to see if
>> the hash changes.
>>
>> Paul.
>>
>> Ramy Sisy wrote:
>>> Hi cciegirl,
>>> As per below link, the MD5 Digest is a 16-byte checksum of the VTP
>>> configuration.
>>>
>>>
http://www.cisco.com/en/US/docs/switches/lan/catalyst3560/software/release/1
>>>
>>> 2.2_25_see/command/reference/cli2.html#wp1950626
>>>
>>>
>>> -----------------------------------------------
>>> Thanks,
>>> Ramy Sisy
>>> CCIE#17321 (Security), CCSI#30417
>>> http://www.linkedin.com/in/RAMYSISY CCIE Security Content Manager/
>>> Technical Instructor
>>> http://www.CCBOOTCAMP.com
>>> Toll Free: 877-654-2243
>>> International: +1-702-968-5100
>>> -----------------------------------------------
>>>
>>>
>>>
>>>
>>> -----Original Message-----
>>> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf
>>> Of ccie
>>> girl
>>> Sent: Tuesday, April 08, 2008 5:33 PM
>>> To: Cisco certification
>>> Subject: VTP Password
>>>
>>> Hi Guys
>>>
>>> When viewing the VTP password via 'Show vtp status', is the md5 digest
>>> displayed made up of anything
>>> else besides the VTP password?
>>>
>>> Thanks!
>>>
>>> _______________________________________________________________________
>>> Subscription information may be found at:
>>> http://www.groupstudy.com/list/CCIELab.html
>>>
>>> _______________________________________________________________________
>>> Subscription information may be found at:
>>> http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Thu May 01 2008 - 08:25:50 ART