We are concidering deploying VTPv3 in our switched enviroment. This enviroment is seperated into several individual trees all connecting to individual PE routers. That is the Layer2 domain stops at the PE.
It is my understanding that in VTPv3 you configure a primary server switch, this switch is the only one capable of updating other switches.
So if a new switch is introduced into the tree and this switch has a revision number higher than that on the server, then NO changes are porpagated through out the network. The new switch is configured according the VLANs defined on the server.
I would like to hear of any problems people have experienced with VTP -?
I'm told that running VTP can introduce as many problems as it can solve.....?
I'm not a big expert on this bussines but here you are my opinion:
I think, nowdays, Cisco has started recommending, as a best practice, to implement L3 features in the access layer (avoiding STP for HA purposes as long as it's slower than using the load balance features in dynamic routing protocols). From this point of view VTP server/client modes becomes less important since VLAN should be local to the switch block in the access layer, therefore there is no so need to propagate all of them to other switches.
Nevertheless, although to follow best practices is a good advice, you cannot always implement all of them since every company is a world. I use VTP (server/client modes) in some of the sites where I work and I find it useful.
It's true that you must be take care, specially installing new switches in a production environment, above all if they are switches which have been reused and they can keep old configurations. A good practice, in this case, it's reset always the version number of the VTP configuration before you plug the switch into the network (I think that it's just enough if you change the VTP mode to transparent although there's other ways to do it too). If you don't reset it you're taking a risk since even the switch is configured as 'client' it could overwrite all VTP configuration of the rest of switches in the network (if it's revision number of the VTP configuration is higher than the other ones').
I think version 3 has a lot of improvements. It's the version that I configure always I need to run VTP in my network. It's version 2 compatible and I haven't had any problem until now. It has many advantages but i'd like to emphasize this:
- You need to run the command 'vtp primary' and type the VTP password in order to make changes in the VLAN database (maybe it's more time-consuming but it's more secure too).
Of course there are other important features too: it supports MST database propagation, extended range VLANs propagation, private VLANs propagation, option to turn VTP on or off on a per-trunk (per-port) basis and so on.
One thing that I'd like testing further it's to check what happens with MST convergence when you make many changes in the MST configuration (add or delete VLANs from the instance mappings) and you're using VTPv3 in order to propagate the changes. Maybe someone who have "played" more with all this stuff can tell us,
To optimize the database description (DBD) packet exchange between two OSPF neighbors, use the compatible rfc5243 in router configuration mode or address family configuration mode for OSPFv3 AF. To disable RFC5243 optimization, use the no form of this com...
We said always that OSPF is a link-state routing protocol.For most engineer stuying CCNA or CCNP, OSPF is misunsdertanding.In reality, OSPF is a link-state routing protocol only within an area (intra-area); but almost a distance-vector routing protocol be...
A brief difference between ISIS and OSPF link state protocolsISIS and OSPF belongs to the same routing protocol family Link State, but if you study the two routing protocols, you will find several differences, in this article you will get the answer about...
The OSPF Type-2 LSA is one of the misunderstanding LSA among all the popular LSAs in OSPF , most people learns that this kind of LSA (Type-2) is generated by DR the Designated Router in a broadcast segment, for example when two or more than two routers ar...
Table of Contents
RADIUS has been the de-facto protocol for Remote Access Authentication for decades. RADIUS/UDP as defined by RFC 2865 has traditionally used MD5 for authentication and integrity. Unfortunately, successful attacks ...