VTP Client and revision numbers

karanbakshi201758092 · ‎08-23-2020

Okay , so a vtp client isn't supposed to create or delete vlans in a vtp domain and can only request for client advertisement requests, I got that part. Then I read this paragraph:

Source:

https://community.cisco.com/t5/other-network-architecture/

"Be aware that if a new switch is attached to an existing VTP domain and the new switch has the same VTP domain and has a VLAN database configuration revision that is higher than that which is currently present in the existing network, the existing VLAN database is overwritten with the VLAN database on the new switch, regardless of whether the switch is a VTP server or client. Yes, that's right; even if the switch is a VTP client, if it has the same VTP domain name and a higher VLAN database configuration revision number, the existing VLAN database is overwritten."

Here's the question :

Now if a client can only receive advertisements and give out requests, how can the client update the entire database of all the switches in the domain and overwrite the existing configuration?

At worst it should not be able to update it's own database only because of a higher revision number and ignore the advertisements from a server or transparent switch.

Is it giving some kind of update messages to the server that might make it delete all the existing vlan configuration ?

balaji.bandi · ‎08-23-2020

we need to follow some principles before joining any switch into VTP domain (rather making network disaster).

Personally I will follow for safe : (only if the switch like to be part of VTP domain to be Client - case here)

1. check the switch configuration, what mode it is.

2. Immaterial what mode it as, make it transparent mode so it automatically set the revision to 0

3. Then make it VTP client mode config, and join the Switch to Domain.

Adding a VTP Client Switch to a VTP Domain

Before adding a VTP client to a VTP domain, always verify that its VTP configuration revision number is lower than the configuration revision number of the other switches in the VTP domain. Switches in a VTP domain always use the VLAN configuration of the switch with the highest VTP configuration revision number. With VTP versions 1 and 2, adding a switch that has a revision number higher than the revision number in the VTP domain can erase all VLAN information from the VTP server and VTP domain. With VTP version 3, the VLAN information is not erased.

https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3750/software/release/12-2_52_se/configuration/guide/3750scg/swvtp.html

you can protect using a password secret key so it has additional protection.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Joseph W. Doherty · ‎08-23-2020

You misunderstand VTP vers. 1 and 2 (ver. 3 works differently).

VTP client mode switches do not support (manual) VLAN configuration changes, but if they (vers. 1/2) have a higher revision number, for their copy of the VTP database, it will replace neighbor VTP servers or clients (and also pass through VTP transparent mode switches).

wesleyribeiro · ‎08-25-2020

So, let's go partly, Balanji.bandi described the functionalities and the danger of adding a new switch in Server mode by overwriting the existing Switch Vlans.
There is only an addition and withdrawal change if the Switch is in Transparent and Server, in client mode the Vlans are added when there is a Server switch populating the Client's Vlans.

Joseph W. Doherty · ‎08-25-2020

Sorry Wesley, I believe you're are mistaken if you believe adding a VTP client mode switch (vers. 1 and 2) cannot impact an existing VTP domain. I further believe, if you carefully re-read Balanji's posting, he's saying the same.