Re: VTPv3 client overrides vlan database

_roman_ · ‎07-17-2019

Hi,

I read an article about the vtpv3 :https://www.cisco.com/c/en/us/products/collateral/switches/catalyst-6500-series-switches/solution_guide_c78_508010.html

In it is stated that one of the advantages of vtp v3 is that :

• Protection from unintended database overrides during insertion of new switches

How does it works exactly ? I could not reproduce it in lab

I have on the the same vtp domain:

Sw2(VTPv3 primary sever)---- SW1(vtpv3 transparent)------SW3(vtpv3 client)

1. I created vlans on the Sw2 server => ok, vlans are propagated to the Sw3 client and the revision number is updated

2. changed the domain name on SW1 (to stop the updates)

3. created new vlans on Sw2 primary server (to have different vlans on SW3client and SW2server)

4 changed the vtp domain name on SW2server to another value and back again to the initial one to reinitialize the revision number to 0 (by the way in vtpv3 changing to transparent mode and back to server mode doesn't initialized for me the revision number)

5 configured vtp primary on SW2server

At this step the revision number on Sw2server is 1(because of change to vtp primary) and on the SW3client is greater

6 changed back the domain name on SW1(from step 2) to the initial one (in order to synchronize the databases)

The consequences:

the SW2 vtpv3 primary server updated the vlans from the client SW3 vtpv3client (it erased the vlans from the step 3)

My question is does vtpv3 really offer protection from accidentally vlan database overrides ?

Thank you in advance

Georg Pauwen · ‎07-20-2019

Hello,

did you test this with 'real' switches, or in a virtual lab ?

When you set the VTP primary switch, did you get the message below on all the other switches in the VTP domain ?

*Jul 20 11:48:08.634: %SW_VLAN-4-VTP_PRIMARY_SERVER_CHG: 5277.1b2c.3800 has become the primary server for the VLAN VTP feature

_roman_ · ‎07-24-2019

Thank you for your reply Georg,

I did the tests on the GNS3 with the IOS version:

Cisco IOS Software, vios_l2 Software (vios_l2-ADVENTERPRISEK9-M), Version 15.2(4.0.55)E, TEST ENGINEERING

When I set the VTP primary switch (and the Switch 1 in the middle had the same VTP domain), I got the message on other switches that the SW2 became the vtp primary server.

Do you think there may be a difference between testing in a virtual lab or with physical switches for this scenario ?

Georg Pauwen · ‎07-24-2019

Hello,

I actually tested this in GNS3 as well with the IOSv (VIRL) images, it seemed to work as designed. Knowing that GNS3 can be quirky at times, you can try to add the 'vlan' keyword when you add the primary server, not sure if that makes a difference:

Switch# vtp primary vlan

_roman_ · ‎07-24-2019

I will try to add the vlan keyword, I think this is the default behavior, and that's why I saw on other switches the message about the vtp primary server.

So you did the test with a primary vtp server in the network, then you added a new switch with a bigger revision number ? what did you observe and how did the newly added switch and vtp primary server react ? I would expect that the vtp primary server does not take in consideration the vlan database of the new switch, but what I failed to prove it in my lab.

_roman_ · ‎07-27-2019

I guess the conclusion is that if you insert a switch(client or server) back in a vtp domain where it was previously it can update the vlans on the primary server

If the switch was never in that domain it will not update the primary server because there will be a mismatch of the Primary IDs