Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1384
Views
10
Helpful
7
Replies

VTP switching from v1 to v3

Go to solution
patoberli
VIP Alumni
VIP Alumni

‎07-21-2021 06:42 AM

Hello all

I have a medium sized network with around 100 switches, mixed Catalyst and Nexus models. All are fairly new and all support VTPv3. The new Nexus are in transparent mode (as Client isn't anymore supported), all the other switches are client. A domain and a password is already set and currently the VTP domain is version 1. 

 

If I switch this to version 3 (on a Catalyst 9500 running 16.12.x) on the current server and set it to primary, will this cause any outage or issue with all the switches? I need this, as I need VLANs > 1024, which the Cat 9500 isn't permitting to do:

Jul 21 2021 14:40:18.862 CEST: %SW_VLAN-4-VLAN_CREATE_FAIL: Failed to create VLANs 1085: extended VLAN(s) not allowed in current VTP mode

 

Thanks

Patrick

Labels:
0 Helpful
3 Accepted Solutions

Accepted Solutions

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎07-21-2021 07:27 AM

I do not see any issue changing from VTP v3, make sure you change on client side too.

VLAN DB sitll hold the same information while upgrading to v3

 

what spanning tree you running MST ?

 

if you are caution of implement, do it in maintenance window.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

View solution in original post

0 Helpful

Go to solution
Manoj Reddy
Level 1
Level 1

‎07-21-2021 11:25 AM

Hi @patoberli 

 

VTP versions nothing has to do with the VLAN Database, it's just for securing VTP V3 is required rather than V1, until unless you have vlam.dat file exists in your flash you're in safe hands.

 

I think you can change to VTP V3 without any problems, are as@balaji.bandi suggested go for a change downtime interval and try to implement in 1 or 2 switches, also if you want to use the extended VLANs the mode should be set to transparent, but i recommend if you are chaning the VTP versions pls change on both the switch sides instead of one side @balaji.bandi  let me know your thoughts?

View solution in original post

0 Helpful

Go to solution
Giuseppe Larosa
Hall of Fame
Hall of Fame
In response to Manoj Reddy

‎07-21-2021 11:41 PM

Hello @Manoj Reddy ,

VTPv3 should support the extended VLAN range without the need to use mode transparent.

This is another advantage of VTPv3 in addition to greater security as you have noted.

 

Hope to help

Giuseppe

 

View solution in original post

7 Replies 7

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎07-21-2021 07:27 AM

I do not see any issue changing from VTP v3, make sure you change on client side too.

VLAN DB sitll hold the same information while upgrading to v3

 

what spanning tree you running MST ?

 

if you are caution of implement, do it in maintenance window.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Go to solution
patoberli
VIP Alumni
VIP Alumni
In response to balaji.bandi

‎07-21-2021 07:48 AM

Thanks for the answer. 

Running Rapid PVST, no MST. Currently we have about 110 VLANs. 

0 Helpful

Go to solution
Manoj Reddy
Level 1
Level 1

‎07-21-2021 11:25 AM

Hi @patoberli 

 

VTP versions nothing has to do with the VLAN Database, it's just for securing VTP V3 is required rather than V1, until unless you have vlam.dat file exists in your flash you're in safe hands.

 

I think you can change to VTP V3 without any problems, are as@balaji.bandi suggested go for a change downtime interval and try to implement in 1 or 2 switches, also if you want to use the extended VLANs the mode should be set to transparent, but i recommend if you are chaning the VTP versions pls change on both the switch sides instead of one side @balaji.bandi  let me know your thoughts?

0 Helpful

Go to solution
Giuseppe Larosa
Hall of Fame
Hall of Fame
In response to Manoj Reddy

‎07-21-2021 11:41 PM

Hello @Manoj Reddy ,

VTPv3 should support the extended VLAN range without the need to use mode transparent.

This is another advantage of VTPv3 in addition to greater security as you have noted.

 

Hope to help

Giuseppe

 

Go to solution
patoberli
VIP Alumni
VIP Alumni
In response to Giuseppe Larosa

‎07-22-2021 12:23 AM

Thanks for your answers, I will soon try this.

0 Helpful

Go to solution
patoberli
VIP Alumni
VIP Alumni
In response to patoberli

‎07-26-2021 01:44 AM - edited ‎07-26-2021 01:45 AM

Just started the migration. I had the hope that it's enough to do on the new primary VTP server, sadly not. 

For the others, all switches in client mode must manually be set to "vtp mode 3". This will not cause any traffic interruption as far as I can tell. 

So the steps are:

On the new Primary:

9500R-SWV(config)# vtp version 3
9500R-SWV(config)# vtp domain somedomainnameifnonewasset
9500R-SWV(config)# vtp password somepasswordifnonewasset
9500R-SWV(config)# end
9500R-SWV#vtp primary vlan force

Then on all VTP client switches:

2960x-1(config)# vtp version 3
2960x-1(config)# end

Start from the root/core switch going outwards. This will shortly cause high CPU load on the switches (depending on the VLANs). In my case with about 100 VLANs the conversion took about 2 seconds, but no traffic interruption was felt. 

Go to solution
Giuseppe Larosa
Hall of Fame
Hall of Fame
In response to patoberli

‎07-26-2021 03:38 AM

Hello @patoberli ,

thanks for your feedback on this thread.

 

 

Best Regards

Giuseppe

 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card