VTP v3 MD5 hash issue

Erik Boss · ‎05-26-2017

Hi,

I have a problem with a VTP v3 configuration.

The customer has several sites with Cisco 3750X switches. Last they moved their core infra to a datacenter with a earlier used 3750X stack switch.

I had to add some new vlans to this core switch, so I could connect my Cisco SG550X stack switch.

So far so good.

Now the customer is satisfied with the new setup, but the newest vlans aren't available at the other sites. They asked me how to fix this.

After many hours of troubleshooting, debugging, searching on the internet, I found the issue, but I couldn't fix it.

With the new VTP v3 they had on all switch the same VTP domain, VTP password etc etc.

At last I saw another MD5 hash on the core switch in datacenter then on all the other Cisco switches in the network.

The switch is datacenter is VTP-server, the other are all VTP client with the same configuration.

What's the best way to fix this?

Here is the output from show vtp status

Core switch datacenter:

DC-CORE#sh vtp status
VTP Version capable : 1 to 3
VTP version running : 3
VTP Domain Name : Noordik
VTP Pruning Mode : Enabled
VTP Traps Generation : Disabled
Device ID : c472.954e.be00

Feature VLAN:
--------------
VTP Operating Mode : Primary Server
Number of existing VLANs : 9
Number of existing extended VLANs : 41
Maximum VLANs supported locally : 4096
Configuration Revision : 49
Primary ID : c472.954e.be00
Primary Description : DC-CORE
MD5 digest : 0x51 0x8D 0xE1 0x03 0x7D 0x20 0x71 0xBD
0x3B 0x44 0x29 0xED 0x15 0xD5 0xC0 0x2A

Core switch from another site.

CR-CORE#sh vtp status
VTP Version capable : 1 to 3
VTP version running : 3
VTP Domain Name : Noordik
VTP Pruning Mode : Enabled
VTP Traps Generation : Disabled
Device ID : c472.954e.8180

Feature VLAN:
--------------
VTP Operating Mode : Client
Number of existing VLANs : 9
Number of existing extended VLANs : 38
Maximum VLANs supported locally : 4096
Configuration Revision : 46
Primary ID : c472.954e.be00
Primary Description : NL-CORE
MD5 digest : 0x6D 0x04 0xCB 0xA7 0xCC 0x8C 0xCC 0x8C
0xA1 0xED 0x7F 0x2A 0xC2 0x22 0xF5 0x34

DC-CORE#show vtp devices
Retrieving information from the VTP domain. Waiting for 5 seconds.

No VTP3 devices found.
DC-CORE#

CR-CORE#show vtp devices
Retrieving information from the VTP domain. Waiting for 5 seconds.

VTP Feature Conf Revision Primary Server Device ID Device Description
------------ ---- -------- -------------- -------------- ----------------------
VLAN No 46 c472.954e.be00 c472.95e4.ee00 VH-CORE
VLAN No 46 c472.954e.be00 c800.846a.9680 SB-CORE
VLAN No 46 c472.954e.be00 dca5.f4b5.7280 VV-CORE
VLAN No 46 c472.954e.be00 dca5.f4b5.ad00 NL-CORE

Thanks in advance.

Regards,

Erik

Julio E. Moisa · ‎05-26-2017

Hi

All the switches are running VTP v3?

>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<

Erik Boss · ‎05-26-2017

Yes they all do

Julio E. Moisa · ‎05-26-2017

If they are using same domain, password and version and the switches are connected with trunks, try to add a new vlan and then remove it, and check if the replication works.

>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<

Erik Boss · ‎05-26-2017

I allready did, only available on the core switch, not on the other switches.

All sites are learning their routes from OSPF.

Before, when the main site was the VTP server, and no datacenter was involved, everything worked fine they told me.

How could it be possible that the MD5 digest, in the datacenter, is not exactly the same as all other sites with the same configuration settings?

Julio E. Moisa · ‎05-26-2017

Have you execute on the main switch the following command:

Switch#vtp primary vlan force

*Note: If you are using VTP always have a backup, and make the changes during a maintenance windows.

In order to have a VTP v3 Server is different than VTP ver 2, you need to execute this command lines

Conf t
vtp domain <name>
vtp ver 3
vtp password <password>

exit

Switch#vtp primary
This system is becoming primary server for feature vlan

Switch#vtp primary vlan force

Switch#sh vtp status

Feature VLAN:
--------------
VTP Operating Mode : Primary Server
Number of existing VLANs : 5
Number of existing extended VLANs : 0
Maximum VLANs supported locally : 4096
Configuration Revision : 1

I have had experiences with MD5 issues and it could be by vtp version, or it is not replicating correctly, verify password and domain as well. Try to change status: client - transparent - client

>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<

Erik Boss · ‎05-26-2017

OK, I'll contact the customer to have a maintenance window.

Julio E. Moisa · ‎05-26-2017

Good, please keep me posted for any assistance.

:-)

>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<

cofee · ‎05-26-2017

I just wanted to add that the VTP configuration you shared from two different switches seem to be fine as VTP version and domain match, but we can't see the password. Can you do a show VTP password on the primary server and 2 different clients, if the hash between the clients and server don't match then you know it's an issue with the VTP password.