Solved: Re: 3560 mst vlan propagation

SpongeRob · ‎05-03-2011

Hi - I have installed a 3560 switch and trunked it to core switches via 10g uplinks. Prior to that I deleted the vlan.dat and configured the switch for respective vlans non of witch are connected yet. My question is at what point in an MST config do the vlans propagate to the new switch? No passwrod, domain matches, vtp 2, pruning. I coonected a laptop assigning it to the vlan subnet for a port and can ping the core switches and see them via cdp. Why isn't the vlan databse populated?

Thanks in advance -

Jon Marshall · ‎05-04-2011

Just found this from config guide on 6500 -

http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2SX/configuration/guide/vtp.html#wp1052427

So if you are running SXH you should be able to see the password. Not sure what is going on here.

Jon

View solution in original post

Jon Marshall · ‎05-03-2011

It's not really to do with STP. Assuming switches are interconnected with a L2 trunk, things to check -

1) if the sending switch (in terms of VTP advertisements) is VTP transparent it won't send update, although it would pass VTP update along

2) if receiving switch is VTP transparent it won't use update

3) if password is set must be the same

4) if domain is set on sending switch then it must either be -

i) unset on receiving switch, in which case it will use sending switches domain

ii) set to same as sending switch on receiving switch

5) VTP revision number must be higher on sending than receiving switch. Check rev numbers with "sh vtp status". If it's the same then modify the vlan database on sending switch.

Jon

SpongeRob · ‎05-03-2011

Thanks Jon,

My first aquaintence with this organization, anyhow turns out they have a PW on the cores - how is the PW then encrypted/decrypted?

Jon Marshall · ‎05-03-2011

Unless it's vtp version 3 then you can't encrypt the password. However even if it sin't encrypted it is not sent over the wire as an MD5 hash is used at both ends.

So if it's v2 just do a "sh vtp status" on core switch and it will tell you what it is. If it v3 then as far as i am aware you need to know the password ie. it cannot be retrieved from the switch.

Jon

SpongeRob · ‎05-03-2011

jon - l beg to differ sir;

this is a 6509 vtp v2, server, and the password when s vtp pass = VTP Encrypted Password: 984987e49874d9874c - whathe !

Jon Marshall · ‎05-04-2011

Hmm, maybe i am mistaken then.

What is your 6500 running ie. IOS or a combination of CatOS on switch and IOS on MSFC ?

Also what does "sh vtp status" show ?

Jon

SpongeRob · ‎05-04-2011

Hi Jon,

IOS 12.2(33) sxh6

I ran into this trying to add another switch,3560, to the domain - UFB

vtp is just what I mentioned;

VTP Version: 2

Conf rev:102

max vlans:1005

existing:91

VTP mo:Server

VTP dom:our domain

VTP prun, v2,traps: enabled

MD5 digest:0xc2 0x80...

Sh vtp password

VTP Encrypted Password: 898179847...

Jon Marshall · ‎05-04-2011

You can try doing a more of the vlan.dat file ie. "more vlan.dat". There will be a lot of unintelligible characters but it may also show the VTP password.

Jon

Jon Marshall · ‎05-04-2011

Just found this from config guide on 6500 -

http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2SX/configuration/guide/vtp.html#wp1052427

So if you are running SXH you should be able to see the password. Not sure what is going on here.

Jon

SpongeRob · ‎05-04-2011

Thanks again Jon - my suspicion is my predessor may have encrypted this in V3 and the regressed to V2 - I'm going to TAC it and I'll updated you if you wish ? Best Regards,