From: Paul Cosgrove (paul.cosgrove@heanet.ie)
Date: Wed Apr 09 2008 - 15:25:54 ART
Have noticed whilst testing VTP that the creation of vlans is not done
after the 'vlan x' command is typed, rather is happens after the next
command is typed.
Mentioned earlier that the vtp mode affects the MD5 checksum, but that
is not the case. It just looked like it had because the command caused
a previous vlan command to be applied, thereby increasing the revision
number.
[delete vlan.dat and reload switch (which was in server mode)]
- vlan 10
- show vtp status
[and check the MD5]
- show vlan brief
- vlan 20
>>> at this point vlan 10 is created.
- show vtp status
[and check the MD5]
- show vlan brief
- vtp mode client
>>> at this point vlan 20 is created.
- show vtp status
[and check the MD5]
Was using 12.2 44 SE1 but perhaps this is normal?
Paul.
SCOTT PENDLETON wrote:
> I found a case where if I set a password locally on clients prior to setting the domain on the VTP server. Clients that had a previously had a domain of Null would not accept VTP information from the server. I have not always been able to reproduce this in practice labs, but I've seen it in the real lab. I have to believe that it is probbably a 'feature' in a certain IOS versions.
>
>
> ----- Original Message ----
> From: Paul Cosgrove <paul.cosgrove@heanet.ie>
> To: Sadiq Yakasai <sadiqtanko@gmail.com>
> Cc: Ramy Sisy <ramysisy@ipknowledgenet.com>; Ramy Sisy <RamySisy17321@gmail.com>; ccie girl <ccieangel@googlemail.com>; Cisco certification <ccielab@groupstudy.com>
> Sent: Wednesday, April 9, 2008 8:09:47 AM
> Subject: Re: VTP Password
>
> http://www.cisco.biz/univercd/cc/td/doc/product/lan/cat3920/3920ug4/token.htm
>
> "A checksum is calculated using an arbitrary security value that is
> appended to the front end and the back end of the data in a VTP
> configuration. When a VTP device has received all of the parts of the
> VTP configuration, it recalculates the checksum using its own security
> value derived from the password that has been configured locally. The
> device will not accept the new configuration if the checksums do not match.
>
> On all Cisco VTP devices, the default initial configuration of the
> security value is all zeroes. Therefore, VTP devices will always accept
> one another's VLAN configurations as long as none of the security values
> on any of the devices have been modified. To make use of the security
> feature, a password needs to be set. The password must be the same for
> the management domain on all devices in the domain. Neither the password
> nor the security value itself is ever advertised over the network. "
>
> I had incorrectly thought that the MD5 must match on each device,
> whereas 'show vtp status' seems to be really just showing the MD5
> checksum produced against the local information on that switch.
>
> Paul.
>
> Paul Cosgrove wrote:
>> But then I should have tried this out before opening my big mouth...
>>
>> You are right. In fact it looks like the checksum is much more wide
>> ranging than I (mis)understood. Other values are indeed included
>> including the revision number and mode. Will do some testing later and
>> post results, assuming no-one else does in the meantime.
>>
>> Paul.
>
>> Sadiq Yakasai wrote:
>> How about the number of VLANS as well? I think thats included right?
>>
>> _______________________________________________________________________
>> Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html
>>
>
> Paul Cosgrove wrote:
>> Oops, forgot the vtp version, which is also included.
>>
>> Paul Cosgrove wrote:
>>> It uses the VTP domain name and password. You can check it easily
>>> enough by changing the values and using "show vtp status" to see if
>>> the hash changes.
>>>
>>> Paul.
>>>
>>> Ramy Sisy wrote:
>>>> Hi cciegirl,
>>>> As per below link, the MD5 Digest is a 16-byte checksum of the VTP
>>>> configuration.
>>>>
>>>>
> http://www.cisco.com/en/US/docs/switches/lan/catalyst3560/software/release/1
>
>>>> 2.2_25_see/command/reference/cli2.html#wp1950626
>>>>
>>>>
>>>> -----------------------------------------------
>>>> Thanks,
>>>> Ramy Sisy
>>>> CCIE#17321 (Security), CCSI#30417
>>>> http://www.linkedin.com/in/RAMYSISY CCIE Security Content Manager/
>>>> Technical Instructor
>>>> http://www.CCBOOTCAMP.com
>>>> Toll Free: 877-654-2243
>>>> International: +1-702-968-5100
>>>> -----------------------------------------------
>>>>
>>>>
>>>>
>>>>
>>>> -----Original Message-----
>>>> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf
>>>> Of ccie
>>>> girl
>>>> Sent: Tuesday, April 08, 2008 5:33 PM
>>>> To: Cisco certification
>>>> Subject: VTP Password
>>>>
>>>> Hi Guys
>>>>
>>>> When viewing the VTP password via 'Show vtp status', is the md5 digest
>>>> displayed made up of anything
>>>> else besides the VTP password?
>>>>
>>>> Thanks!
>>>>
>>>> _______________________________________________________________________
>>>> Subscription information may be found at:
>>>> http://www.groupstudy.com/list/CCIELab.html
>>>>
>>>> _______________________________________________________________________
>>>> Subscription information may be found at:
>>>> http://www.groupstudy.com/list/CCIELab.html
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
-- HEAnet Limited Ireland's Education & Research Network 5 George's Dock, IFSC, Dublin 1, Ireland Tel: +353.1.6609040 Web: http://www.heanet.ie Company registered in Ireland: 275301Please consider the environment before printing this e-mail.
Pass the CCIE in six weeks, Guaranteed! http://www.certscience.com/CCIE
This archive was generated by hypermail 2.1.4 : Thu May 01 2008 - 08:25:50 ART