Solved: Can you join two differnet VTP domains together?

xxcaligulaxx · ‎12-22-2004

Can you advise on the following?

Scenario

Network of four cisco switches all in VTP domain A with VLANS 1(default) and 2-4

Network of four Cisco switches all in VTP domain B with Vlans 1(Default)and 5-8.

Question?

Can you create VLAN 9 and connect both networks together while in different VTP domains? I am not interested in creating a trunk to pass multiple vlans, I only want to connect the two networks together on a new VLAN.

I am inclined to think this is not possible as the switches belong to different VTP domains.

I would appreciate your feedback

Regards

milan.kulik · ‎12-27-2004

Hi,

1) from VTP point of view, you could create a new VLANx (in both VTP domains) and connect your networks together.

As far as you connect them via access ports assigned to VLANx, you've got no problem.

(VTP frames are sent only on trunk ports via VLAN1, so your switches will even not notice they are in different VTP domains.)

2) You could even establish a trunk connection between two VTP domains (configure trunk mode nonegotiate), if you have a very strict requirement to do so.(I was running my network with this topology for two years.)

But you have to be very careful then, allow the same VLAN set on both trunk sides and keep in mind changes in one VTP domain don't change anything in the other VTP domain all the time.

3) From security point of view, I wouldn't recommend "shared vlan between the companies". I'd always prefer a firewall (router at least) between my and any other network.

Regards,

Milan

View solution in original post

scottmac · ‎12-22-2004

I believe youare correct (you can't, at least with a trunk port).

With a common VLAN, one switch or the other would want to control it and the other would complain that it's seeing messages from the wrong VTP domain.

If there were any common connections between your two sets of VLANs, you be seeing messages on the console about bad VLAN tags.

I don't think it'd be much of an issue if either or both were in transparent mode, but I'm not sure / haven't see it.

The other way you could probably do this is to just connect the two ports groups with a crossover cable (the ports set specifically "switchport access vlan 9" to suppress the DTP or other "automatic" functions from kicking in.

That'd be just like connecting two unmanaged switches together. Shouldn't be a problem.

OK, so you probably CAN do it.

Happy Holidays!

Scott

gaban · ‎12-22-2004

You can probably put a router in between and have them go through the router if they need to go to the other domain.

xxcaligulaxx · ‎12-23-2004

Thanks for your feedback. Further info.

As it stands just now the two networks connect via routers and firewalls, we are exploring the possibility of using a shared vlan between the companies however I am inclined to think this would be problematic.

milan.kulik · ‎12-27-2004

Hi,

1) from VTP point of view, you could create a new VLANx (in both VTP domains) and connect your networks together.

As far as you connect them via access ports assigned to VLANx, you've got no problem.

(VTP frames are sent only on trunk ports via VLAN1, so your switches will even not notice they are in different VTP domains.)

2) You could even establish a trunk connection between two VTP domains (configure trunk mode nonegotiate), if you have a very strict requirement to do so.(I was running my network with this topology for two years.)

But you have to be very careful then, allow the same VLAN set on both trunk sides and keep in mind changes in one VTP domain don't change anything in the other VTP domain all the time.

3) From security point of view, I wouldn't recommend "shared vlan between the companies". I'd always prefer a firewall (router at least) between my and any other network.

Regards,

Milan

xxcaligulaxx · ‎12-30-2004

Milan

Thanks for the Info. Exactly what I wanted to know.

Cheers