We are concidering deploying VTPv3 in our switched enviroment. This enviroment is seperated into several individual trees all connecting to individual PE routers. That is the Layer2 domain stops at the PE.
It is my understanding that in VTPv3 you configure a primary server switch, this switch is the only one capable of updating other switches.
So if a new switch is introduced into the tree and this switch has a revision number higher than that on the server, then NO changes are porpagated through out the network. The new switch is configured according the VLANs defined on the server.
I would like to hear of any problems people have experienced with VTP -?
I'm told that running VTP can introduce as many problems as it can solve.....?
I'm not a big expert on this bussines but here you are my opinion:
I think, nowdays, Cisco has started recommending, as a best practice, to implement L3 features in the access layer (avoiding STP for HA purposes as long as it's slower than using the load balance features in dynamic routing protocols). From this point of view VTP server/client modes becomes less important since VLAN should be local to the switch block in the access layer, therefore there is no so need to propagate all of them to other switches.
Nevertheless, although to follow best practices is a good advice, you cannot always implement all of them since every company is a world. I use VTP (server/client modes) in some of the sites where I work and I find it useful.
It's true that you must be take care, specially installing new switches in a production environment, above all if they are switches which have been reused and they can keep old configurations. A good practice, in this case, it's reset always the version number of the VTP configuration before you plug the switch into the network (I think that it's just enough if you change the VTP mode to transparent although there's other ways to do it too). If you don't reset it you're taking a risk since even the switch is configured as 'client' it could overwrite all VTP configuration of the rest of switches in the network (if it's revision number of the VTP configuration is higher than the other ones').
I think version 3 has a lot of improvements. It's the version that I configure always I need to run VTP in my network. It's version 2 compatible and I haven't had any problem until now. It has many advantages but i'd like to emphasize this:
- You need to run the command 'vtp primary' and type the VTP password in order to make changes in the VLAN database (maybe it's more time-consuming but it's more secure too).
Of course there are other important features too: it supports MST database propagation, extended range VLANs propagation, private VLANs propagation, option to turn VTP on or off on a per-trunk (per-port) basis and so on.
One thing that I'd like testing further it's to check what happens with MST convergence when you make many changes in the MST configuration (add or delete VLANs from the instance mappings) and you're using VTPv3 in order to propagate the changes. Maybe someone who have "played" more with all this stuff can tell us,
はじめに確認方法Version による Application name の変更について備考参考情報 はじめに本ドキュメントでは Cisco SD-WAN における Policy 上で設定可能な Application を確認する方法について記載しています。 確認方法サポートされている Application name についてはご使用されている vManage へ API を呼び出して確認することが可能です。https://<IP or FQDN>/...
DMVPN (Dynamic Multipoint VPN) Introduced by Cisco in late 2000 is a routing technology you can use to build a VPN network with multiple sites (spokes) without having to statically configure all devices. It’s a “hub and spoke” network, where the spok...
On 24th August 2021, Cisco announced the latest IOS XE release - Cisco IOS XE Bengaluru 17.6.1a
IOS XE 17.6.1a unlocks various routing features and enhancements comprehensively covering different technology segments such as voice, security,...
DMVPN (Dynamic Multipoint VPN) Introduced by Cisco in late 2000 is a routing technology you can use to build a VPN network with multiple sites (spokes) without having to statically configure all devices. It’s a “hub and spoke” network, where th...
SummaryRequirementsConfiguration StepsVerificationFAQTroubleshootingReferences & Tools
In the past when IOS 12.x was hot stuff we used MD5 to authenticate OSPF neighbors. This worked great on ethernet networks because OSPF is a m...