Sunday, February 5, 2017

1 comment

TroubleShooting VTP

                       In our last topic, we talked about Troubleshooting Trunking and a protocol that can run over those trunks is VTP
           VTP stands, for Vlan Trunking Protocol and “it’s going to allows us to create modify and delete a Vlan on one Switch and have that Vlan Database change propagated over Trunks links to other Switches that belonged to the same VTP Domain” and in this topic, we wanna talk about some common VTP Troubleshooting issues
                        First up we may not have Trunking configured remember, VTP runs over a Trunk if Trunking is not in place VTP is not going to work and there are different VTP Versions out there, where “we might have Mismatched Versions” there are Versions 1, 2 and 3 and Cisco tells us that if we running Version 1, one of our Cisco Catalyst Switches then all of the other Switches in that VTP Domain need to also be running Version 1 because it’s not completely compatible with the other Versions however, if you running Version 2 on Cisco Catalyst Switch, the other Switches in the Domain could be running Version 2 they could be running Version 3, you can have a mixture of Versions 2 and 3 they are compatible one another and Version 1 is somewhat compatible but it’s not a good practice things may not work as expected to mix Version 1 with anything else and i have been talking about Switches belonging to a VTP Domain
                    Well the Domain has a name and that name needs to be match on all of the Switches in that VTP Domain and Domain is Case-Sensitive, please keep that in mind also we can configure a Switch for various VTP Modes we can turn off VTP by saying that the Mode is Off or we could say that it is in Transparent Mode
       Remember in Transparent Mode we can create, delete or modify a Vlan locally on that Switch however, we are not going to be updating our Vlan Database based on any received VTP Advertisements and we not gonna be sourcing any VTP Advertisements however, in Transparent mode if we receive a VTP Advertisement on one Port coming in on one Trunk we forward it on out of other Trunks but we are not sourcing any VTP information, in addition to Transparent Mode and the Off Mode we have a “Client Mode and Server Mode
                It’s only in these two Modes where a Switch will update its Database based on received VTP information and its only in these two states that we are going to be sourcing VTP information and if the Switch in Server Mode that means that we can go that Switch and make Vlan Updates we can add, delete and modify a Vlan on that Switch if we were in Client Mode, we cannot make changes locally
                    Cisco also recommends that we assign a Password to the VTP Domain this can prevent someone from accidently or maliciously introducing a Switch into our Domain and maybe corrupting our Vlan Database and when we setup a Password, that Password has to match on all Switches in that VTP Domain and the Password itself is not sent over the wire it’s a MD5 Hash of the password and one other caution for your is
                     If you introduce a Brand-new Switch into your VTP Domain if that Switch has a matching Domain Name it’s got a matching Password if you using a Password another words, everything is lined up correctly its ready to become a member of this Domain, if that newly introduced Switch has a higher Configuration Revision Number
                      Then the Domain currently has everybody in that Domain needs to agree on what the Current Configuration Revision Number is, if i introduce a Switch with a higher Configuration Revision Number it can blow away the Vlan Databases on all the other Switches in our Domain and they’re going to adopt the Vlan Database of this newly introduced Switch because it was considered to be most believable by it had a higher Configuration Revision Number, any time you make a Vlan change, you add a vlan or delete a vlan or modify a vlan, any time you make a change like that it increments the Configuration Revision Number by one and whichever Switch has a highest configuration Revision Number is considered to be the Most believable source for Vlan information, so here are tip for you to help you safely introduce a Switch into an existing VTP Domain.
Ø  You can set the Mode to Transparent
                                When you do that its sets the Configuration Revision Number to a 0 then before you introduce the Switch into the network you can set to Client Mode or Server Mode and when you do that it’s gonna keep that 0 value for the Configuration Revision Number then you can more safely introduced new Switch into the network.
                   Now the we talked about few things that might cause us issues when we working with VTP, let’s go to live topology and tackle a VTP Trouble Ticket.
                            I should able to go any of these Switches and create modify or delete a Vlan and have that Change Propagated to other Switches in the topology, let’s take a look at the Vlans that are currently existing on Switch Sw1

Ø  SW1#show vlan brief
We have default Vlan 1, 100, 200 and 300, lets create Vlan 400
Ø  SW1(config)# vlan 400
Ø  SW1(config-if)#name VTP_DEMO
                   Let’s check and see that Vlan Database updated and that has been propagated to our other Switches, let’s go to Sw2

Ø  SW2# show vlan brief
No Vlan 400 there, let’s go Sw3
Ø  Sw3#show vlan brief
              No Vlan, this VTP information is not being propagated so let’s troubleshoot this remember, that in order to send VTP Advertisements we need to have trunks between these Switches do we have trunks between Sw1 and other Switches

Sw1#show interfaces trunk
                And it looks like we have a trunk going from Sw1 down to Sw2 out of port fastetherent 1/0/13 but we do not have a Trunk going to Sw3 that is a concern, let’s take look at Configuration look at fastetherent 1/0/13 and fastethernet 1/0/14

Ø  SW1#show run
                    They seem to be identical, i am setting the encapsulation type to DOT1Q i am using a Dynamic Desirable Mode i am initiating formation of Trunk by sending VTP frames so its looks good here, let’s go to Switch Sw3 and check out the Configuration

Ø  Sw3#show run
It’s looks same here as well it’s the same Configuration going over Sw2, let’s check the trunk

Ø  SW3#show interfaces trunk
We have no trunk interface either, let’s check the configuration on Sw2

Ø  SW2#show run
Again, everything looks correct here but right now we have only got 1 trunk going up to Sw1, just i am using the show command to confirm that

Ø  Sw2#show interfaces trunk
                   Just one Trunk going up to Sw1, for some reason Sw3 is not forming a trunk with either of these other Switch that’s look certainly prevent VTP from working it looks like all the Trunking configuration is correct
      Here what we might be going on, we were talking about how Switches in the same VTP Domain have same Domain Name, if the Domain names do not match a Trunk will not be formed let’s see if the Domain names match in Sw2

Ø  SW2#show vtp status
The Domain name is TSHOOT and we are running VTP Version 2, let’s go to Sw1

Ø  Sw1#show vtp status
And the Domain name matches to TSHOOT and we are running VTP Version2, what is in the Sw3 where we having an issue

Ø  Sw3#show vtp status
                    Take a look at this output that you might concerning here
    

                  Did you notice that the VTP Domain name is tshoot however, its lower case on this Switch it was in Uppercase in other Switches and we mentioned earlier that the Domain Name is Case-sensitive, this could prevent VTP information from being propagated over to Sw3 and could also prevent Trunks from being formed between Sw3 and our other VTP Domain members lets fix this?

Ø  Sw3(config)#vtp domain TSHOOT
Hopefully we see that we have Trunks

Ø  Sw3#show interfaces trunk
Beautiful! we got 3 trunks in this Switch, 2 going over Sw2 and one going up to Sw1
                      That exactly what we want it, now the we fixed that issue of the Mismatched VTP Domain Name let’s see if we learned about Vlan 400

Ø  Sw3#show vlan brief
                 We have Vlan 400, that’s has been learned on Switch Sw3 fastetherent, it looks like Sw3 and Sw1 are communicating Vlan information between one another however, we have an issue with Sw2

Ø  Sw2#show vlan brief
                   We still do not know about Vlan 400 so let’s some other things, now the we make sure that our Trunking configuration is correct we have Trunks between our Switches, we have checked to make sure that Domain Name is match and we are running Version 2 in all of the Switches, we also said we need to check, to see we are running in the appropriate Mode and here on Switch Sw3 my operating Mode is Server
                 I can create, modify or delete Vlans and that change should be propagated to other member of VTP Domain, what about on Sw2

Ø  Sw2#show vtp status
                        Look at this Sw2 set to Transparent! since i am set to Transparent that means that even though i can create modify and delete Vlans locally on Switch Sw2, i am not going to advertisement those changes to anyone else and i am not going to believe, i am not going to update my Vlan Database based on changes i received inside of VTP messages from any member of this VTP Domain, that could very well be the reason why SW2 is not learning about Vlan 400 let change that Mode

Ø  Sw2(config)#vtp mode client
Let see if we now learned about Vlan 400

Ø  Sw2(config)#show vlan brief
                    Great news! We now know about Vlan 400 on Switch Sw2 as well, all of its Switches as now participating in this VTP Domain and they are able to exchange Vlan information between themselves.
                    If we still had issues, remember that we might want to that everybody had the same Password we might want to renter a Password on a Switch that having issues and something else.
                   We might want to check if Vlans are not appearing as excepted, we might want to check and see somebody introduced a new Switch into a VTP Domain maybe with a higher Configuration Revision Number, it’s painful but it might have a blown away the Vlan database on all of our other Switches, we talked about how can safely insert a new Switch into our topology
Ø  We toggle On and Off the Transparent Mode
Ø  You set it to Transparent Mode that reset the Configuration Revision Number to 0
Ø  Then you can set it to Client or Server

                              And it will retain that Configuration Revision Number of 0 then, you can add to your network and assuming all of the other parameter match up.


If You Like the Post. Don’t forget 
            to “Subscribe/Share/Comment”. Thank You

1 comment:

  1. Inspiring writings and I greatly admired what you have to say , I hope you continue to provide new ideas for us all and greetings success always for you..Keep update more information..

    Digital Marketing Company in India

    ReplyDelete