cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3168
Views
0
Helpful
2
Replies

Identical VTP configurations produce different MD5 digest; fails to pass VLANs

Network design: core 6509 (VTP server) with multiple 3750 and 3560 model switches directly connected.

I added a new 3750 to the network today but it was unable to receive VLAN updates from the VTP server.  The domain, password, and all other VTP configurations are the same as the other switches on the network and the server.  The VLAN.dat file has been deleted and the configurations reapplied multiple times with no change.

Upon debugging the VTP events, I see the message "VTP LOG RUNTIME: MD5 Digest Failing".  The MD5 digests do not match when comparing the new switch to the other access switches or the server within that VTP domain.

In frustration I decided that there might be a hardware issue with this brand new 3750 so I grabbed a used 3750 off of the shelf, loaded the same configuration and achieved the exact same result.

The only difference between these switches and the switches currently on the network is that the new switches have 802.1x port security configurations in place.  We will begin migrating the rest of the existing network to 802.1x in the morning.  Since this was a new installation it received the configurations prior to putting it in place.

My Google-fu has let me down so I turn to the brilliant minds here for help.  What could I be missing?  VTP configuration (version 2) is pretty simple.  I shouldn't be banging my head against the wall over something so simple.

IOS version: c3750-ipservicesk9-mz.122-53.se1.bin

VTP version 2

What should I be checking?

2 Replies 2

Eugene Lau
Cisco Employee
Cisco Employee

Hi Brian,

This log msg does usually indicate a password or vtp domain name issue (case sensitive and watch for spaces)

Some times the order you configure VTP could affect this. Could you type out the commands in the order in which you configure VTP? Changing to client mode should be last.

-> vtp transparent

-> configure domain

-> configure password

-> vtp client

Also ensure there's a trunk up.

If you still have problems and the above info is not related then, one thing you could try is test your two 3750's together and put a simple password in.

HTH

Eugene

Thanks for the reply Eugene.

Both switches had the correct domain name and password.  This was confirmed by deleting the VLAN.dat file and rebuilding the data several times (we were thinking some sort of corruption of the file was possible).

The trunk was up and operational because we were able to switch to transparent, add our management vlan and switch back to client and manage the switch remotely via its IP.

The issue disappeared overnight.  When I came in the next morning it was no longer an issue and the switch was fully operational.  I don't know what happened and the log was erased by a power outage.  Now I am busy putting 802.1x security into 500 access switches so I can't revisit the issue immediately.

I do plan on studying it again.

Thanks,

Brian

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: