Hi rene
What if we have VLAN MODE OFF - will ‘VTP mode off’ still support the extended VLANs / Private VLANs like transparent mode?
Any help is appreciated
Thanks
Hi rene
What if we have VLAN MODE OFF - will ‘VTP mode off’ still support the extended VLANs / Private VLANs like transparent mode?
Any help is appreciated
Thanks
Hello Abhishek.
I’m not sure what you mean by VLAN MODE OFF. Do you mean VTP mode off? In any case, if I understand your question correctly, the VTP off mode allows you to turn off VTP either per port or globally. The difference between off and transparent modes is that transparent will forward VTP advertisements while off will not. Also, if it is turned off, normal-range, extended-range and private VLANS will not participate in VTP.
I hope this has been helpful!
Laz
19 posts were merged into an existing topic: VTP Version 3
Hi Laz,
I have topology S1–S2–S3 and I configured VTPv3 its working fine, but I tweaked and added VTP password for S1 and S3 but not S2 to find out if S2 will forward the VTP updates.
But I found that S2 its not forwarding the VTP updates to S3, is that normal or I’m missing something.
Regards
Jama
Hello Jama
Yes this is normal. If a switch is configured as a CLIENT with a specific VTP domain, then it will only forward VTP updates that are in its own domain. If you change the password, it cannot register to the VTP server and thus will not accept VTP updates from the specific domain (or from any domain), because it doesn’t properly belong to it. The only way to have a switch forward VTP updates is in transparent mode.
I hope this has been helpful!
Laz
Dear Rene,
I am wondering what is the real difference between server (which is not a primary) and client modes in VTP v3? both cannot modify vlan information and both are propagating vtp updates ryt? what is the need of having those 2 modes??
Hello Roshan
The purpose of the two types of servers (secondary and primary) are to improve redundancy. Specifically, a secondary server stores the received configuration in a local permanent storage space (for example, NVRAM) and updates other devices in the same domain and for the same instance. In the event that the primary server fails, a secondary server can be promoted to be a primary server. More information about this procedure and its benefits over VTPv1 and v2 can be found in the following Cisco Documentation:
I hope this has been helpful!
Laz
Hi Rene,
Can we enable VTP on a stack enabled switch or its only supported on Standalone switches.
Regards,
Selva.
Hello Selva
VTP functions on a switch stack just the same as it does on a standalone switch. When a siwtch joins the stack, it inherits the VTP and VLAN properties of the stack master, and all VTP updates are carried across the stack. You can find out more about how VTP functions on a stack by looking at this Cisco documentation.
I hope this has been helpful!
Laz
Hello Rene,
I was able to get my hands on a couple of old cisco switches. A 3750 and two 2960-s switches. While going throught the CCNP ENCOR 350-401 lab i was configuring the vtp version 3 across all 3 switches with the 3750 being the primary switch and the other two switches connected by trunk ports. I was able to create vlans and they populated fine to the other switches. When i created the private vlan on the 3750:
SW-A#sh vlan private-vlan
Primary Secondary Type Ports
------- --------- ----------------- ------------------------------------------
500 501 community Fa1/0/1
500 502 isolated
Everything looked fine, but on the 2960-s, even though vtp version 3 is supported the private vlan info is not. The vlans came across fine.
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
70 SERVERS active
500 VLAN0500 active
501 VLAN0501 active
502 VLAN0502 active
-----------------------------------------------------------------------------
SW-B#sh vlan ?
brief VTP all VLAN status in brief
group VLAN group(s) information
id VTP VLAN status by VLAN id
ifindex SNMP ifIndex
internal VLAN internal usage
mtu VLAN MTU information
name VTP VLAN status by VLAN name
remote-span Remote SPAN VLANs
summary VLAN summary information
| Output modifiers
My question is, did i do something wrong? For private vlan configuration do all of the switches have to be the same model and running the same version of the ios? Does it have to be a layer 3 switch for private vlans to work? Or even though vtp version 3 is supported across all switches, just not all of the features.
C2960S Software (C2960S-UNIVERSALK9-M), Version 15.2(2a)E1, - client mode
C3750 Software (C3750-IPBASEK9-M), Version 12.2(55)SE10, - primary server
Rene’s comment:
Private VLANs: if you have VLANs that are configured as private VLANs then you can synchronize them with VTPv3.
Hello Cecil
It looks like you did everything correctly. After spending some time on VIRL and experimenting with various combinations, I was unable to replicate your results. I looked in the command reference for the specific IOS versions, and private VLANs as well as VTP3 are supported. However, I did go into checking for platform support for PVLANs and found that the 2960 does not support private VLANs. Take a look at this document:
The 2960 does not support PVLANs while the 3750 does, so this is the reason for this behaviour in your topology.
I hope this has been helpful!
Laz
Hello Lagapides,
Thanks for the update to clear this up.
Cecil
Just so you all know, in GNS3 using the IOU L2 switch once adding in VTP version 3 authentication, i had to re-enrol the primary server again and enter in the original password.
IOU1#vtp primary
This system is becoming primary server for feature vlan
Enter VTP Password:
No conflicting VTP3 devices found.
Do you want to continue? [confirm]
IOU1#
*Mar 10 23:30:56.455: %SW_VLAN-4-VTP_PRIMARY_SERVER_CHG: aabb.cc00.0100 has become the primary server for the VLAN VTP feature
Hi Matthew
This is great to know, thanks for sharing that!
Laz
I believe I have found the answer.
https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst6500/ios/12-2SX/configuration/guide/book/vtp.html#wp1051097
Interaction Between VTP Version 3 and VTP Version 2 Devices
A VTP version 3 device does not accept configuration from a VTP version 2 (or VTP version 1) device.
Trying to figure out what I am not understanding about how VTP 3 behaves.
On SW1 started a debug sw-vlan vtp packets
Vlans did no sync to SW1 until I changed it
from version 3 to version 2
Note: SW2 and SW4 are 3550’s set to VTP version 2
is VTP used now a days in production network? if yes which version is widely used?
Hello Donald
Great to hear that you’ve resolved your issue! Thanks so much for sharing your solution, it always adds so much value to the forum, as you let others know of your solutions.
Thanks again and great to have you with us!
Laz
Hello Asif
Yes, VTP is often used in production networks. There are various opinions among network professionals however, and if you read Cisco and other forums, you’ll see those opinions expressed. A great example of the wide viriety of opinions expressed can be found at this Cisco learning network thread.
Officially, Cisco recommends you disable VTP on all switches to avoid the potential harm that errors in configuration can make. However, VTPv3 has addressed most of the issues that cause VTP to be feared, so if you use VTP, make sure you use v3. If you take all the precautions necessary, you will be fine. (Remember all protocols, including OSFP, BGP, and others, can potentially spell disaster if you’re not careful, the same goes with VTPv3.)
Ideally, the best solution would be to use automation to take care of your VLANs, and the rest of your configs for that matter. But where automation is not readily available, VTPv3 is an excellent choice.
I hope this has been helpful!
Laz
Is there a way to Automated the deployment of VLANs to include Private VLANs without using SD-WAN?
Hello Marc
It depends on what you mean by automated deployment. There are several options. First of all, VTP v3 is capable of synchronizing private VLANs across multiple switches, allowing you to administer VLANs (including private VLANs) across many switches simply from one VTP server switch. You can find out more about how this can be configured in the Private VLANs section of this lesson:
I’m not sure what you mean here, I assume you mean without the use of network orchestration or network automation? Because SD-WAN is not used to automate VLAN deployment.
Other than VTPv3, automation of VLAN deployment cannot take place without some centralized network automation system. This involves using various VLAN management programs, that are part of network automation suites. These include the use of Cisco DNA Center, as described in the SD-Access lesson here, but also other network automation suites such as SolarWinds Network Configuration Manger, and WhatsUP gold.
The other option is to develop your own scripts and automation procedures using Python. Here you can automate multiple sets of commands in order to achieve the kind and level of automation you need. More about this can be found at the following course:
I hope this has been helpful!
Laz