Solved: VTP database query

jeetkulkarni · ‎06-21-2017

If one of the HQ core switch is running VTP version 3 with rev number 1 and another site with same domain/password but VTP v2 rev number 30. Will it try to over write the HQ core switch by any chance (incase they are connected on a L2 trunk link).

Hoping for some guidance here.

Thanks.

Julio E. Moisa · ‎06-21-2017

Hi

No, vtp version 2 cannot overwrite the vtp database of version 3, only the switch configured as vtp ver 3 primary server can update the database.

Adding a configured switch to a VTP version 1 or VTP version 2 domain imposed a risk of updating the domain with invalid information that might still be stored in the newly connected switch. In this instance, the VLAN database could be overwritten in a VTP version 1 or VTP version 2 domain based on the configuration revision number. Any client or server device has been able to overwrite the entire domains configuration. In VTP version 1 and VTP version 2, only the configuration revision number was compared, and no further sanity check was available. With VTP version 3 the addition of a configured switch imposes no threat from an unintended update, since only a switch in VTP primary server mode is able to update the domain. A newly introduced server in secondary server mode will therefore never update the domain unintentionally. A former primary server that is reconnected to a domain after a reload will revert automatically to secondary server mode.

Reference: http://www.cisco.com/c/en/us/products/collateral/switches/catalyst-6500-series-switches/solution_guide_c78_508010.html

Hope it is useful

:-)

>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<

View solution in original post

cofee · ‎06-21-2017

I haven't tested this, but to my understanding a switch running VTP version 2 wouldn't be able to overwrite vlan dat file of a switch that's running VTP version 3 even if VTP version 2 switch has a higher revision number.

vtp 3 is backward compatible with version 2 but version 3 works differently for example there can only be one VTP primary server for vlan in v3 VTP domain.

Julio E. Moisa · ‎06-21-2017

Hi

No, vtp version 2 cannot overwrite the vtp database of version 3, only the switch configured as vtp ver 3 primary server can update the database.

Adding a configured switch to a VTP version 1 or VTP version 2 domain imposed a risk of updating the domain with invalid information that might still be stored in the newly connected switch. In this instance, the VLAN database could be overwritten in a VTP version 1 or VTP version 2 domain based on the configuration revision number. Any client or server device has been able to overwrite the entire domains configuration. In VTP version 1 and VTP version 2, only the configuration revision number was compared, and no further sanity check was available. With VTP version 3 the addition of a configured switch imposes no threat from an unintended update, since only a switch in VTP primary server mode is able to update the domain. A newly introduced server in secondary server mode will therefore never update the domain unintentionally. A former primary server that is reconnected to a domain after a reload will revert automatically to secondary server mode.

Reference: http://www.cisco.com/c/en/us/products/collateral/switches/catalyst-6500-series-switches/solution_guide_c78_508010.html

Hope it is useful

:-)

>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<