08-23-2020 01:10 AM
Okay , so a vtp client isn't supposed to create or delete vlans in a vtp domain and can only request for client advertisement requests, I got that part. Then I read this paragraph:
Source:
https://community.cisco.com/t5/other-network-architecture/
"Be aware that if a new switch is attached to an existing VTP domain and the new switch has the same VTP domain and has a VLAN database configuration revision that is higher than that which is currently present in the existing network, the existing VLAN database is overwritten with the VLAN database on the new switch, regardless of whether the switch is a VTP server or client. Yes, that's right; even if the switch is a VTP client, if it has the same VTP domain name and a higher VLAN database configuration revision number, the existing VLAN database is overwritten."
Here's the question :
Now if a client can only receive advertisements and give out requests, how can the client update the entire database of all the switches in the domain and overwrite the existing configuration?
At worst it should not be able to update it's own database only because of a higher revision number and ignore the advertisements from a server or transparent switch.
Is it giving some kind of update messages to the server that might make it delete all the existing vlan configuration ?
08-23-2020 02:32 AM
we need to follow some principles before joining any switch into VTP domain (rather making network disaster).
Personally I will follow for safe : (only if the switch like to be part of VTP domain to be Client - case here)
1. check the switch configuration, what mode it is.
2. Immaterial what mode it as, make it transparent mode so it automatically set the revision to 0
3. Then make it VTP client mode config, and join the Switch to Domain.
Before adding a VTP client to a VTP domain, always verify that its VTP configuration revision number is lower than the configuration revision number of the other switches in the VTP domain. Switches in a VTP domain always use the VLAN configuration of the switch with the highest VTP configuration revision number. With VTP versions 1 and 2, adding a switch that has a revision number higher than the revision number in the VTP domain can erase all VLAN information from the VTP server and VTP domain. With VTP version 3, the VLAN information is not erased.
you can protect using a password secret key so it has additional protection.
08-23-2020 07:59 AM
08-25-2020 04:11 AM
So, let's go partly, Balanji.bandi described the functionalities and the danger of adding a new switch in Server mode by overwriting the existing Switch Vlans.
There is only an addition and withdrawal change if the Switch is in Transparent and Server, in client mode the Vlans are added when there is a Server switch populating the Client's Vlans.
08-25-2020 08:33 AM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide