Solved: Re: VTP Client won't update

Brian_R · ‎04-08-2022

Hi folks,
I hope ya'll can help me out here. Please be kind: I've been thrown into the network admin role unexpectedly and I'm still learning.
I have a 2960cx switch that I'm trying to re-purpose onto my network.

I've got it configured how I like, however I can't get VTP to work.
VTP domain name, version and password (none) all match the VTP server.

I reset all config to factory default.
I've set the new switch to transparent mode, then client mode.

Revision is 0.
I've deleted the vlan.dat file from flash.

Trunk port is set to allow all VLans
I created / deleted a dummy VLan from the VTP server (other clients received the revision)

I've also created a new VTP domain with a 3rd working switch, added the new switch to it, set domain, version, password, etc and the new switch again won't receive VTP updates.
A few things stand out to me:

The MD5 digest does not match other client switches.

show vtp counters shows 10 request advertisements transmitted.
all other counters are zero.

Even after deleting vlan.dat file, the new switch still lists 6 VLans (I created a dummy VLan on this one to see if it would be overwritten)

I appreciate any guidance out there!
-Brian

Joseph W. Doherty · ‎04-08-2022

Just to confirm, you have ports, interconnecting VTP switches, defined as trunk ports?

Any transit switches, between your VTP server, if any, and the new client switch, are all (working) VTP clients too?

"VTP domain name, version and password (none) all match the VTP server."

"I've also created a new VTP domain with a 3rd working switch, added the new switch to it, set domain, version, password, etc and the new switch again won't receive VTP updates."

New VTP domain? Set password to none? (VTP might make a distinction between a null and "empty/cleared/blank" password, as it does [or so I recall] with domain names. [BTW with VTP ver. 1 or 2, a null domain will, I also recall, "inherit" a VTP domain name w/o being configured.])

View solution in original post

Georg Pauwen · ‎04-08-2022

Hello,

--> VTP domain name, version and password (none) all match the VTP server.

No password does not sound right, I think a password is required.

Can you post the output of:

show vtp status

of both the VTP server and client switch ?

Brian_R · ‎04-08-2022

On VTP server and Client -
#show vtp password

The VTP password is not configured.

VTP Server:

VTP Version capable : 1 to 3
VTP version running : 1
VTP Domain Name : ecc-ausrad
VTP Pruning Mode : Disabled
VTP Traps Generation : Disabled
Device ID : <MAC Address>
Configuration last modified by 10.5.9.252 at 4-7-22 18:47:40
Local updater ID is 10.5.9.252 on interface Vl1 (lowest numbered VLAN interface found)

Feature VLAN:
--------------
VTP Operating Mode : Server
Maximum VLANs supported locally : 1005
Number of existing VLANs : 20
Configuration Revision : 23
MD5 digest : 0x0C 0xEC 0xAD 0xF4 0xC4 0x7A 0x71 0xAC
0x0E 0x7C 0xC5 0x5C 0xEE 0xD0 0xA3 0xBC

VTP Client:

VTP Version capable : 1 to 3
VTP version running : 1
VTP Domain Name : ecc-ausrad
VTP Pruning Mode : Disabled
VTP Traps Generation : Disabled
Device ID : <MAC Address>
Configuration last modified by 0.0.0.0 at 4-7-22 14:53:11

Feature VLAN:
--------------
VTP Operating Mode : Client
Maximum VLANs supported locally : 255
Number of existing VLANs : 6
Configuration Revision : 0
MD5 digest : 0xBC 0x23 0x11 0x12 0x2E 0x8C 0x03 0x73
0x2D 0xF2 0x83 0xCB 0x52 0x22 0xED 0x46

Georg Pauwen · ‎04-08-2022

Hello,

what if you do configure a password ?

Brian_R · ‎04-08-2022

Just tried this and still no luck.
MD5 digests still mismatched.

Georg Pauwen · ‎04-08-2022

Hello,

delete the vlan.dat file from flash and start over from scratch.

Brian_R · ‎04-08-2022

Deleted vlan.dat and a reload.
That cleared out vtp domain name and set the switch to server mode.
However, it retained the 6 VLans.
I set the domain name and switched mode to client, and still no luck.

I'm getting a different MD5 digest than before with all the same settings.
Previous MD5:
MD5 digest : 0xBC 0x23 0x11 0x12 0x2E 0x8C 0x03 0x73
0x2D 0xF2 0x83 0xCB 0x52 0x22 0xED 0x46
Current:
MD5 digest : 0x44 0xC3 0xE4 0xE2 0x00 0x52 0xD8 0xA4
0x8D 0x23 0x44 0x34 0x33 0x1A 0xA9 0xF0

MHM Cisco World · ‎04-08-2022

I read about one Solution,
config any UNUSED vlan in VTP server, let server resync with client.

Note:- be sure that you use same MD5 in Sever and Client before do step above.

Brian_R · ‎04-08-2022

Tried this with no success.
How do I set MD5 digests? It's my understanding that the MD5 is generated by a combination of the domain name, password, version, and some other magic ingredients?

Joseph W. Doherty · ‎04-08-2022

Just to confirm, you have ports, interconnecting VTP switches, defined as trunk ports?

Any transit switches, between your VTP server, if any, and the new client switch, are all (working) VTP clients too?

"VTP domain name, version and password (none) all match the VTP server."

"I've also created a new VTP domain with a 3rd working switch, added the new switch to it, set domain, version, password, etc and the new switch again won't receive VTP updates."

New VTP domain? Set password to none? (VTP might make a distinction between a null and "empty/cleared/blank" password, as it does [or so I recall] with domain names. [BTW with VTP ver. 1 or 2, a null domain will, I also recall, "inherit" a VTP domain name w/o being configured.])

Brian_R · ‎04-08-2022

I'm a fool!
Thanks all for your suggestions!
I forgot to set the switchport on the connecting switch to be a trunk port.
I had only set the switchport on the new switch to be a trunk port.
As soon as I set this, VTP started working exactly as it should!

Apologies for wasting y'all's time!
Sheepishly,

-Brian

Joseph W. Doherty · ‎04-08-2022

"I'm a fool!"

Not at all, especially as your OP noted: "I've been thrown into the network admin role unexpectedly and I'm still learning."

I believe most of us (at least applied to me, laugh), even with a tad more experience, have had a duh!, or slap of the head, occasional moment(s).

Glad to read it's now working.

MHM Cisco World · ‎04-08-2022

@Brian_R @Joseph W. Doherty @Georg Pauwen
Thanks to @Joseph W. Doherty for correct my understand why trunk.

Ciscopress book "Cisco Field Manual: Catalyst Switch Configuration" mention the following

"VTP information is passed only across trunk links. If you do not enable a trunk, VLAN information is not exchanged between the switches."

@Brian_R MD5 need domain and password not password alone need to be identical in both SW.

Joseph W. Doherty · ‎04-08-2022

I don't believe it's directly related to whether port has untagged and tagged frames (because so do access ports with a voice VLAN assignment have both tagged and untagged frames too), but because the port is specifically a "trunk" port, the switch treats it differently/special.

Further, if I recall correctly, the special/proprietary/control-plane frames supporting such as CDP, VTP, etc., are always a part of VLAN 1, yet the native VLAN might be other than VLAN 1.

I also recall (?) frames being used for CDP, VTP, etc., are not blocked if you "block" VLAN 1 from a trunk. Further, CDP. VTP, etc. frames, are not passed along from the ingress port to all other egress ports in VLAN 1, access or trunk, as Cisco switches "know"/recognize/consume these frames as being Cisco special/proprietary/control-plane, and not "standard" VLAN 1 frames.

Because of these special/proprietary/control-plane frames, it best to avoid mixing them with standard VLAN 1 frames, this is why Cisco has special recommendations, concerning security, about how NOT to use VLAN 1.

MHM Cisco World · ‎04-08-2022

I get your point and I will correct my comment.