cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
4546
Views
10
Helpful
10
Replies

Basic Question VTP Server

ricardorojas123
Level 1
Level 1

Can two VTP Servers exist in a the same VTP domain?

10 Replies 10

Leo Laohoo
Hall of Fame
Hall of Fame

In theory, yes.  In practice, I wouldn't recommend it if you have a large network.

Ricardo, I have to jump in and ask Leo a question on this so I hope you don't mind....

Leo, I have been told, and after reading your post, possibly incorrectly, that having two servers is a good thing as it provides redunancy....is that correct or should we avoid having two servers?

Also, Ricardo, be very careful adding servers and clients to your VTP domain. Make very sure they have a lower rev level or it can cause major issues with your network. Some people think that a client can't over write a server but that is incorrect, if your add a VTP client to your domain and it has a higher rev level it will over write the server.

Mike

I'm glad that you asked.  I've always maintained that there should only be ONE VTP Server available.  The reason why I'm doing this is because alot of the people who ask this question don't know the dangers of having two or more VTP Servers active.

However, if you know what you are doing (particularly the risks), then one can easily ignore what I've just posted.

I have four VTP Servers (with the same domain and password) but I always sweat every time I make changes to the VTP database.

Hi all,

I have thought about this a few times too - having read the recommendation that two VTP servers should be available at all times. My thought is that why not simply enable another switch as VTP Server if/when necessary?

If my primary VTP server dies, I am not going to lose all my VLANs am I?

The danger with having two as far as I am concerned is having two admins editing/creating VLANs at the same time. I guess its not much of a risk in most places.

VTP is a massive pain though, I have actually been on the receiving end of a client being plugged in with a higher rev. number and it was not a pleasent experience...

Cheers

Jonathan

Great posts Leo and Jonathan, +5 for both...

We do not have two servers in our enviroment because we are going with....if the switch that is the server dies we have far much worse to worry about as it is our core.

Jonathan and or Leo, If I am not mistaken and anyone correct me if I am wrong, if you just change a switch from client to server it will reset the rev level to 0....correct? and that could cause some issues as some of the clients could have a higher rev level and if they for some reason have an incorrect vlan database. or am I wrong?

Mike

Mike

I'm going to go against the flow here and would always recommend having at least 2 VTP servers in your VTP domain for the very reasons you state ie redundancy. If you are going to run VTP Server/Client, which is whole other question, then i can't see the logic of not having VTP server redundancy. Because it makes no difference which one you update there is very little that can go wrong and the only real issue is as Jonathan pointed out, if the 2 VTP servers are being updated at the same time.

If you have a redundant switch architecture then it seems counterintuitive to me to only have one VTP server.

In answer to your specific question not sure what happens when going from client to server although i seem to recall it will not reset the revision number. Going to VTP transparent and then to VTP server would reset the revision number.

Having said that why add the additional worry of having to choose a new switch, check it has an up to date VTP database and then promote it when you could have a redundant VTP server up and running already.

Jon

In answer to your specific question not sure what happens when going from client to server although i seem to recall it will not reset the revision number.

Hmmm, apparently back in 2008 i seem to be pretty sure it won't change the revision number going from client to server. Old age and out of practice are my current excuses

3. 18-Jan-2008 10:19 in response to:                                                                                       munawar.zeeshan

Re: VTP Migration

No, changing between client and server does not reset the revision number.

Easiest way to ensure change of revision number is to make transparent and then change back to server or client.

Jon

If I remember right from the CCNA studys, the rev. number of the VTP counters is set to zero when you enter a new VTP domain.

On our Core Systems,a 6509, both are configured as VTP Servers, so I think it's the best way to grant redundancy and if you don't have 50 LAN admins who create VLANs at the same time nothing should happen

regards

Martin

Hi Guys,

  Yes it is always recommended to have 2 Servers and properly connected with trunking.

  Let say if you have 2 Core switches and 2 Access switches, your choice may be to have redundancy so consider load balance at the same site also.

  So Vlans will be serviced by 2 Core switches but there should be difference in STP root numbers.

Exampls :  Ensure that all VLAN numbers are specified in the commands
Primary STP root - 4096
Secondary STP root - 8192

Short downtime when implementing these commands

.

.

On root bridges (core switches):
(config)# spanning-tree mode rapid-pvst
(config)# spanning-tree portfast bpduguard default
(config)# spanning-tree extend system-id
(config)# spanning-tree vlan x, x, x, priority 4096
(config)# spanning-tree vlan y, y, y, priority

.

.

On other non-root (non-core) switches:
spanning-tree mode rapid-pvst
spanning-tree portfast bpduguard default
spanning-tree extend system-id

I am sure you can have peace of mind and no calls during weekends or late nights if you configure port security commands as well.

Thanks and take care.

Ive used redundant vtp servers on many networks  ( normally have 2 for redundancy)

as long as your network is fine , there is no problem whatsoever to have 2 vtp servers.

I recommend putting a md5 vtp password on your domain in case of rogue switches and in case of someone sniffing traffic , and finding out all of your vtp details and trying someone bad.  I Think a normal clear text password will suffice to protect against everyones nightmare vtp senario, a rogue server or client  switch with higher revision number on same domain  being put on same network on trunk link ( a higher revision client can also update a vtp server)

you can set rev number to zero , by changing to  transparent and then back to  server/client mode, or changing your vtp domain to something bogus and then back to the real name.

Review Cisco Networking for a $25 gift card