Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2228
Views
0
Helpful
3
Replies

Multiple VTP servers on Single domain

dmooreami
Level 3
Level 3

‎06-16-2008 07:31 AM - edited ‎03-05-2019 11:39 PM

What is the rule of thumb here? I must have at least 6 of these. My Dell BladeServers were config'ed as "server" as is my Core 6513 switch.

I know that need at least 1 backup.

Would love to make my Dell's "Client" but that might make Mgt uneasy, but changing to Transparent is painless.

Is there any harm in leaving 6+ Vtp Servers in my domain that is served by my 6513?

Labels:
0 Helpful
3 Replies 3

royalblues
Level 10
Level 10

‎06-16-2008 11:23 AM

There is no rule of them but it is generally preferred to have 2 VTP servers.

Cisco VTP implementation is proprietory and will not share vtp information with dell. You might need to use GVRP

So if your topology is sort of discontigous (cisco and dell switches in between), you might need 6 servers in your domain without GVRP

Narayan

0 Helpful

dmooreami
Level 3
Level 3
In response to royalblues

‎06-16-2008 11:29 AM

Nah, these dell will do VTP. They are Cisco OEM'ed out to dell. They run Cisco IOS optimized for the Dell BladeServer products. no need to run GVRP. Sho ver give "Cisco" all over it.

0 Helpful

michaelchoo
Level 1
Level 1

‎06-16-2008 05:27 PM

There is no real harm in having 6 VTP servers, other than making your environment looks a bit.... disorganized. :-P

Personally, I prefer using Transparent across the network. I don't trust VTP Client/Server mode. My reasons are:

1. Historically, there's been some bugs and security alerts associated to VTP Client/Server, but not with Transparent.

2. VTP Transparent may encourage more disciplined change control being followed because you'd have to explicitly make VLAN config changes on the affected switches.

3. VLAN pruning is easier - You only create VLANs on the switches that require them. With Client/Server, when you create a VLAN, it gets propagated to all switches regardless of whether or not those switches need the VLAN.

4. Less chance of human error affecting the whole network - accidents happen. In Client/Server mode, if you make the slightest mistake in VLAN config change, the result will be propagated across all switches, which may be catastrophic (depending on the nature of the change)

5. Less prone to Denial-of-Service - in the past, some security auditors (which can be overly paranoid, as we know) raised an issue that it is easy to perform DoS attack on VTP Client/Server. An attacker only needs the VTP domain name and the database version number, which can presumably be obtained easily using any network "sniffer". It's kinda true, but.... there's a whole swag of "requirements" that need to be met for this type of eventuality to occur. I can go on and on about this. :-)

As far as changing from Server to Client vs Server to Transparent... Admittedly I haven't done that for the longest time (last time I did was close to 10 years ago!), but from what little I remember, I think changing to Client is more painless than to Transparent.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card