01-02-2014 11:39 AM - edited 03-07-2019 05:21 PM
Just want tinbe 100% sure..if I Chang my switch configurations to vtp mode off will they keep their current clans? Have only 4 switches and would rather manually manage vlan changes. They are all currently set to client mode.
Solved! Go to Solution.
01-03-2014 02:27 AM
1. You should be backing up your switch configs on a regular basis.
2. You should have a document stored offline which lists ALL your VLAN ID's, their corresponding names and Routable IP addresses.
3. You should be using security features like BPDUGuard and setting all host ports to be Access only to prevent rogue Cisco switches from being plugged in and Trunks forming.
If for some reason somebody was able to plug a Cisco switch into your network and it had the same Revision Number, VTP Domain and Password......and the port was able to form a trunk then there is potential for it to overwrite your Vlan database throughout your VTP domain.
These days, this is highly unlikely if you take the correct precautions as mentioned above. VTP updates are only sent through Trunk ports so all switchports should be 'Switchport Mode Access' unless that have been statically set to be a Trunk port as required.
01-02-2014 12:05 PM
hello
The easiest way is set the vtp mode to transparent on all switches.
conf t
vtrp mode transparent
res
Paul
Please don't forget to rate any posts that have been helpful.
Thanks.
01-02-2014 12:09 PM
Chris
Just to add to Paul's response. If you use VTP transparent then when you change to VTP transparent the vlans should be written to the running config so you will not lose them.
Jon
01-02-2014 01:28 PM
Side question. If someone to plugged in a switch to my network that had the same domain and password and higher revision...and it deleted some of my vlans, a simple quick fix would be to check the running config of a port that was set to inactive, as its vlan would still be listed, then recreate that vlan?
01-02-2014 03:16 PM
Hello
If you had change the vtp mode of these 4 switches to transparent mode and a new switch was added with the specifics you have stated then no vlans would be deleted/added to any of these switches, As switches in transparent mode only forward vtp advertisements and do not act upon them so synchronisation of their vtp database isn't initiated.
res
Paul
Please don't forget to rate any posts that have been helpful.
Thanks.
01-03-2014 02:27 AM
1. You should be backing up your switch configs on a regular basis.
2. You should have a document stored offline which lists ALL your VLAN ID's, their corresponding names and Routable IP addresses.
3. You should be using security features like BPDUGuard and setting all host ports to be Access only to prevent rogue Cisco switches from being plugged in and Trunks forming.
If for some reason somebody was able to plug a Cisco switch into your network and it had the same Revision Number, VTP Domain and Password......and the port was able to form a trunk then there is potential for it to overwrite your Vlan database throughout your VTP domain.
These days, this is highly unlikely if you take the correct precautions as mentioned above. VTP updates are only sent through Trunk ports so all switchports should be 'Switchport Mode Access' unless that have been statically set to be a Trunk port as required.
01-05-2014 07:26 PM
Side question, with regard to backups, I've been doing the following for my DR documentation....am I missing anything?
SW 3750 STACK
sh ver
sh boot
sh env all
sh inv
sh switch detail
sh cdp nei
sh vlan
sh interfaces
sh interfaces status
sh interfaces trunk
sh ip eigrp neighbors
sh ether-channel detail
sh ip int bri
sh run
SW 4500
sh ver
sh bootflash:
sh env status
sh inv
sh module
sh power
sh cdp nei
sh vlan
sh interfaces
sh interfaces status
sh interfaces trunk
sh ip eigrp neighbors
sh ether-channel detail
sh ip int bri
sh run
ROUTER 2800
sh ver
sh flash:
sh env all
sh inv
sh cdp nei
sh vlans
sh int
sh int status
sh ip int bri
sh ip eigrp nei
sh run
ASA 5520
sh ver
sh inv
sh module all
sh vlan
sh interface detail
sh interface ip bri
sh run
Would you recommend any other settings/commands to capture.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide