Concerning your recommendation for a lesson, you can use our Member Ideas page to suggest specific lessons or ideas. You can go there via the following link:
As for VTP and pruning, when it is enabled on a VTP server, it is enabled for the entire management domain. Because a transparent switch doesn’t participate in VTP, it can cause an unstable topology. Although a transparent switch will receive and propagate VTP updates, it will not receive them itself, and thus is not informed if a particular VLAN is reachable via a particular trunk downstream. It will only prune based on So you must either turn off VTP completely on the entire network, or turn it off by making all VLANs on the trunk of the switch upstream to the VTP transparent switch pruning-ineligible.
Hi Laz,
I really don’t understand how a transparent switch is making the topology unstable…Just like every other switch, Transparent switch is going to prune or allow the traffic based on the ports available/non-available for that vlan…
Could you kindly elaborate this topology unstability part due to transparent switch please
Thanks
When you enable VTP pruning on a VTP server, it is enabled for the whole VTP domain. So all switches in the domain begin pruning VLANs. Now if you have a transparent switch downstream from a VTP client that is performing pruning, and you have, say VLAN 10 configured on it, the transparent switch will not tell the upstream switch that this VLAN is available. The upstream switch, believing that VLAN 10 has no endpoints on its trunk to the transparent switch, will simply prune VLAN 10 on that trunk. This would cause all clients on the transparent switch on VLAN 10 to lose connectivity.
For this reason, Cisco recommends that you either turn off pruning completely, and manually prune, or simply make all VLANs on the trunk between the transparent switch and the upstream VTP enabled switch pruning ineligible. This way, even if no VLAN 10 is detected, as is the case in the example I gave, it won’t be pruned.
This would be configured on the trunk port of the VTP enabled switch connected to the transparent switch. More information about how to configure the pruning-eligible list can be found at this Cisco documentation.
Both VTP versions 1 and 2 do not send clear text passwords. The VTP password in all versions of VTP are used in conjuction with other information in order to authenticate AND to verify integrity. Specifically, the password mapped to a hex secret key, which is then used in conjuction with VLAN information for calculating the MD5 checksum that you see in the output above. This is why all VTP switches in the same VTP domain must have the same password set up.
VTP version 3 works exactly the same way, but has an additional parameter. You can configure the password like so:
vtp password password-value [hidden | secret]
The difference here just has to do with how the device stores the password. You can issue the vtp password my_password command and the functionality will be exactly the same as v1 and v2.
But if you issue the hidden keyword, you are telling the device to store the actual password in the vlan.dat file, and to simply display the MD5 digest that results from the password in the configuration file. This way you won’t have a clear text password in the config.
Alternatively, the secret keyword will allow you tp issue the command by inputting the hex value directly.
Both secret and hidden simply let you store the password in the config in an encrpyted form, so that the clear text password does not appear in the configuration file. It doesn’t actually affect how the password is transmitted on the wire.
I’ve read a question about VTP and confused which second answer is right. The question is: Which two statements about VTP are true?
Possible answers are:
A switch running in transparent mode saves learned VLANs to its local database --> I suppose that not right, VTP Transparent stores all VLAN information in the running-config
It supports clear-text passwords only --> according your explanation VTP don’t send clear text passwords.
It supports only one server switch within a network --> not right
In VTPv2, a new switch can learn the VTP domain name from its peer over a trunk port
Switches running in transparent mode pass VTP messages --> right
I’m not sure about answer 4 (In VTPv2, a new switch can learn the VTP domain name from its peer over a trunk port). Please clarify me.
Concerning answer number 2, it depends on what the answer means when it says “clear text passwords”. If it means transmitted as clear text, then this is false. But if it means “stored in the configuration as clear text” then this is true of VTP v1 and v2 because v3 supports the storage of the encrypted VTP password in the config.
The following Cisco documentation confirms that the password is not transmitted in clear text for any version of VTP:
As for answer number 4, by default, a switch is in the VTP no-management-domain state until it receives an advertisement for a domain over a trunk link. This means the domain name is initially null. If a switch has never previously been configured with a domain name, and the switch receives a VTP advertisement over a trunk link, it inherits the management domain name in that advertisement. The switch subsequently ignores advertisements with a different domain name. This is the case for all versions of VTP. This can be confirmed in this Cisco documentation.
“It does show up on SW3! A switch in VTP Transparent mode will not synchronize itself but it will forward VTP advertisements to other switches so they can synchronize themselves.”… should be corrected to SW2
In the lesson, Rene is showing how even through SW2 is in transparent mode, VLAN 50 which is the Research VLAN, has been transmitted using VTP from SW1 via the transparent SW2, to SW3, and the VLAN appears in SW3. This shows that SW2, which is in transparent mode, will not process VTP information, but will forward it to other switches.
So the statement here is correct. However, thank you for your willingness to point out potential typos and errors, as this helps us improve the content and verify the quality of the lessons. It is much appreciated!
I am using GNS3 and l2 IOSv for switch, I have followed all configuration process but when I have configured vtp domain name nothing affected on sw2 and sw3. There were no debug logs found. There were no synch happened when I have created vlan 20 and 30 on sw2&3. Kindly shed some light on this.
After doing some research, I have been unable to find any similar issues with the IOSvL2 image for GNS3. VTP configurations seem to be working fine and they are included in the feature list supported by this image. I suggest you first verify your configs, and then attempt to run your config on another computer set up with GNS3 to verify the same behaviour. GNS3 can sometimes be a little bit quirky.
Thanks for the insight and perhaps I have tried all possible ways to configure but still not working.
whenever I trieVTP Screen shots.pdf (352.4 KB) d to create vlans I getting below event log (I have enabled debug on vtp events)
SW1(config)#vlan 10
SW1(config-vlan)#name Printers
SW1(config-vlan)#
SW1(config-vlan)#^Z
SW1#
*Feb 7 10:09:34.214: VTP LOG RUNTIME:
Unable to set em_id:65535 for vlan:2
*Feb 7 10:09:34.214: VTP LOG RUNTIME:
Unable to set em_id:65535 for vlan:3
*Feb 7 10:09:34.214: VTP LOG RUNTIME:
Unable to set em_id:65535 for vlan:4
However, I thought of attaching screenshots of topology and configuration, kindly review and advise.
I was unable to find any situations where others have documented something similar. I have been unable to replicate this behaviour myself as well. The only thing I can suggest is to try to configure it using the VLAN database mode. Even though it is deprecated, it is still supported. You can find out more about that it the following Cisco documentation:
If it still persists, then the only other thing I can suggest is to post a topic on the GNS3 forum and share your experience there.
Thanks for your efforts towards my issue and I found the issue with the image. I have removed and re-added the image into GNS3 and that resolved my problem.
I more thing I was missing in this configuration was, by default encapsulation was on negotiation. As soon as I have changed it to dot1q all went good.
Hi Rene/Laz
I setup the topology in the first diagram in GNS3, ie a server and a client with a transparent in the middle, and I found that the client would not synchronise with the server, ie newly created VLANs would not show up. If, however, I changed the transparent one to client then back to transparent it started to work as expected. Is this an anomaly of using the ESW module in GNS3 or would this happen in the real world? I am using a 3725 router IOS
Hi Rene,
Im write you about vtp pruning. I understand the importance of this features in the newtork but i have some troubles about activate it. For example, if we took the exhibit of the present courses where Rene talk about Pruning, if we want to save the switch located in the middle of the waste bandwidth, how can we do ? Just tap in configuration mode “vtp pruning” will activate this feature and it’s ok, or we must add some commands to enable pruning. I hope i was clear and thanks for your return.
