From: SCOTT PENDLETON (spendlet8801@verizon.net)
Date: Wed Apr 09 2008 - 15:51:02 ART
That functionality is acctually from the old deprecated method of creating vlans in the vlan database mode (typing vlan da from priv. exec). In the old way vlans were not created or modified until you typed the apply command. In global config when you type vlan x and get to the (config-vlan) prompt you are doing the same thing for one vlan. When you exit it applies your change. Type in another vlan, say vlan y, in the background it exits you out of (config-vlan) mode triggering the apply and then puts you back into it for the new vlan.
The problem I was describing I ran into twice in the lab (well at least once. The first time I had no clue why is wasn't working, but suspect it was the same problem) and once during a proctor labs session. During the proctor labs session I was able to repeat it consistently copying and pasting the vtp password to ensure no typos, but haven't been able to reproduce it since that session. That is why I think it may have been a 'feature' of a particular IOS version.
Scott P.
----- Original Message ----
From: Paul Cosgrove <paul.cosgrove@heanet.ie>
To: SCOTT PENDLETON <spendlet8801@verizon.net>
Cc: ccielab@groupstudy.com; ccie girl <ccieangel@googlemail.com>; Sadiq Yakasai <sadiqtanko@gmail.com>
Sent: Wednesday, April 9, 2008 2:25:54 PM
Subject: Re: VTP Password
Have noticed whilst testing VTP that the creation of vlans is not done
after the 'vlan x' command is typed, rather is happens after the next
command is typed.
Mentioned earlier that the vtp mode affects the MD5 checksum, but that
is not the case. It just looked like it had because the command caused
a previous vlan command to be applied, thereby increasing the revision
number.
[delete vlan.dat and reload switch (which was in server mode)]
- vlan 10
- show vtp status
[and check the MD5]
- show vlan brief
- vlan 20
>>> at this point vlan 10 is created.
- show vtp status
[and check the MD5]
- show vlan brief
- vtp mode client
>>> at this point vlan 20 is created.
- show vtp status
[and check the MD5]
Was using 12.2 44 SE1 but perhaps this is normal?
Paul.
SCOTT PENDLETON wrote:
> I found a case where if I set a password locally on clients prior to setting the domain on the VTP server. Clients that had a previously had a domain of Null would not accept VTP information from the server. I have not always been able to reproduce this in practice labs, but I've seen it in the real lab. I have to believe that it is probbably a 'feature' in a certain IOS versions.
>
>
> ----- Original Message ----
> From: Paul Cosgrove <paul.cosgrove@heanet.ie>
> To: Sadiq Yakasai <sadiqtanko@gmail.com>
> Cc: Ramy Sisy <ramysisy@ipknowledgenet.com>; Ramy Sisy <RamySisy17321@gmail.com>; ccie girl <ccieangel@googlemail.com>; Cisco certification <ccielab@groupstudy.com>
> Sent: Wednesday, April 9, 2008 8:09:47 AM
> Subject: Re: VTP Password
>
> http://www.cisco.biz/univercd/cc/td/doc/product/lan/cat3920/3920ug4/token.htm
>
> "A checksum is calculated using an arbitrary security value that is
> appended to the front end and the back end of the data in a VTP
> configuration. When a VTP device has received all of the parts of the
> VTP configuration, it recalculates the checksum using its own security
> value derived from the password that has been configured locally. The
> device will not accept the new configuration if the checksums do not match.
>
> On all Cisco VTP devices, the default initial configuration of the
> security value is all zeroes. Therefore, VTP devices will always accept
> one another's VLAN configurations as long as none of the security values
> on any of the devices have been modified. To make use of the security
> feature, a password needs to be set. The password must be the same for
> the management domain on all devices in the domain. Neither the password
> nor the security value itself is ever advertised over the network. "
>
> I had incorrectly thought that the MD5 must match on each device,
> whereas 'show vtp status' seems to be really just showing the MD5
> checksum produced against the local information on that switch.
>
> Paul.
>
> Paul Cosgrove wrote:
>> But then I should have tried this out before opening my big mouth...
>>
>> You are right. In fact it looks like the checksum is much more wide
>> ranging than I (mis)understood. Other values are indeed included
>> including the revision number and mode. Will do some testing later and
>> post results, assuming no-one else does in the meantime.
>>
>> Paul.
>
>> Sadiq Yakasai wrote:
>> How about the number of VLANS as well? I think thats included right?
>>
>> _______________________________________________________________________
>> Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html
>>
>
> Paul Cosgrove wrote:
>> Oops, forgot the vtp version, which is also included.
>>
>> Paul Cosgrove wrote:
>>> It uses the VTP domain name and password. You can check it easily
>>> enough by changing the values and using "show vtp status" to see if
>>> the hash changes.
>>>
>>> Paul.
>>>
>>> Ramy Sisy wrote:
>>>> Hi cciegirl,
>>>> As per below link, the MD5 Digest is a 16-byte checksum of the VTP
>>>> configuration.
>>>>
>>>>
> http://www.cisco.com/en/US/docs/switches/lan/catalyst3560/software/release/1
>
>>>> 2.2_25_see/command/reference/cli2.html#wp1950626
>>>>
>>>>
>>>> -----------------------------------------------
>>>> Thanks,
>>>> Ramy Sisy
>>>> CCIE#17321 (Security), CCSI#30417
>>>> http://www.linkedin.com/in/RAMYSISY CCIE Security Content Manager/
>>>> Technical Instructor
>>>> http://www.CCBOOTCAMP.com
>>>> Toll Free: 877-654-2243
>>>> International: +1-702-968-5100
>>>> -----------------------------------------------
>>>>
>>>>
>>>>
>>>>
>>>> -----Original Message-----
>>>> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf
>>>> Of ccie
>>>> girl
>>>> Sent: Tuesday, April 08, 2008 5:33 PM
>>>> To: Cisco certification
>>>> Subject: VTP Password
>>>>
>>>> Hi Guys
>>>>
>>>> When viewing the VTP password via 'Show vtp status', is the md5 digest
>>>> displayed made up of anything
>>>> else besides the VTP password?
>>>>
>>>> Thanks!
>>>>
>>>> _______________________________________________________________________
>>>> Subscription information may be found at:
>>>> http://www.groupstudy.com/list/CCIELab.html
>>>>
>>>> _______________________________________________________________________
>>>> Subscription information may be found at:
>>>> http://www.groupstudy.com/list/CCIELab.html
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
-- HEAnet Limited Ireland's Education & Research Network 5 George's Dock, IFSC, Dublin 1, Ireland Tel: +353.1.6609040 Web: http://www.heanet.ie Company registered in Ireland: 275301Please consider the environment before printing this e-mail.
Pass the CCIE in six weeks, Guaranteed! http://www.certscience.com/CCIE
This archive was generated by hypermail 2.1.4 : Thu May 01 2008 - 08:25:50 ART