I apologize for the vague title. I am trying to convert my production network from Transparent to Client. All my attempts is giving me problems.
I have two C4510R+E core switches which are my VTP Servers, then mostly 2960 Edge switches, with a few legacy 3550. I have over 300 vlans on my server, all other 45 switches have manually added vlan databases.
My VTP Server tells me MD5 digest checksum mismatch on trunk: Gi7/10 inside the Show VTP Status command. But if I connect to that 3550 Edge switch I am in transparent mode. The MD5 coding is different that the Server but I have tried to create a new VLAN on Server to update but nothing happens. They all share the same Version number and VTP Domain name.
Any advice would be very helpful. I have a feeling the 3550 switches have some legacy commands that is causing problems.
OMG, are you saying you are running 300 VLANs on your 2960s?
Aren't you in trouble with the number of STP instances?
If there is a VTP MD5 digest checksum mismatch on trunk: Gi7/10 reported on your VTP server, you should retype the VTP password on the switch on the other trunk side (I believe the problematic 3550). Without using the same password on both switches VTP will not work between them.
Then you could change the 3550 from transparent to client.
Just be careful regarding the VTP database revision number.
If the client would use a hihger number, it could overwrite the server VLAN database (so called VTP bomb)!
So it's highly recommend to make such changes out of business hours and to check the switches are using the same VLAN set before any change!
The 2960s currently have around 25 vlans each.
I did the command No VTP Password on both server and client, it says no password set. But when I change from transparent to client the change doesn't stick. This happens to another of my switches also. Any ideas? Mismatch is still there.
Background info, not sure if its related but about 6 months ago we realized all our main ADMIN vlan packets were going to this legacy switch and not directing to our core. This was fixed by my predecessor but not sure what command was directing this traffic. Maybe this switch was previously used as a core switch in our data center and re-purposed?
are you saying when you configure the switch to be a client it moves to transparent itself?
I rememeber something similar years ago on some very small switch (2940?).
The reason was a limit of VLANs supported within its VLAN database.
So if there are 300 VLANs configured in your LAN, it could cause the same behaviour possibly?
Are you getting any error message in your Syslog?
Unfortunately we have no Syslog setup on any server. It is on my to-do list.
You may be right. I was able to turn one 260 switch into client mode but because it uplinks to my trouble 3550 I guess is why the vlans didn't propagate? Although it should because the middle man was in transparent.
I guess the more important question is would it be necessary to setup vtp on my switches if the total amount of vlans is so high? I never knew this could be a problem. Most of my switches have around 65 vlans. Right now whenever I push a new system with its own vlan I need to add it to the allowed trunking vlan to both the port on the Core and the Edge, then add it to the database of both switches. Then replicate through all necessary switches. If I can get VTP working then I can just change the trunk ports to allow all and I am set.
Do you have any advice on best practices? My research tells me its a bad protocol but it sounds like it will save me a lot of time and avoid human error.
I believe if there was some switch in transparent in the middle, the VLANs would not be propagated throught it from your server to the client.
Generally, I'm not a VTP fan.
It makes your life easier as long as it works fine.
But running 300 VLANs relying on VTP is IMHO a nightmare.
I'd try to think: Do I really need 300 VLANs spread over all my switches?
I guess not!