Lessons learned today:
Once again - as I just learned in my lab - Always make sure the basic layer 1 and layer
2 status is working.
VTP
-------
-------
Three Modes: Server / Client / Transparent
SERVER Mode:
All Switches by default are set in Server mode. This means they
can make changes to the Vlan Database. The Version / Config revision tracks
Vlan / database changes.
VTP – does authentication by default. Basically using a “null” authentication
( Like OSPF). The password by default is “null” à The
MD5 checksum is a combination of the “null” password and the revision number.
The revision number is basically a “seed” for the MD5 output.
Note: To force an update
between switches, you can simple add and or remove a Vlan. Also a reboot of the
switched will force a reload and bring up VTP in the correct order of
operation. This update should reflect in the revision number.
CLIENT Mode:
Can receive updates from Servers but cannot make any changes. It
can also not create or delete a learned Vlan from the server.
TRANSPARENT Mode:
Does not participate in VTP with other device. A received update –
will not update the local Vlan database. It can however send or forward to
other switches. Transparent is essentially VTP off!
VTP – Applies to switches not in transparent mode.
Note: A goof verification for layer 2 forwarding issues:
# Sh spanning-tree dynamic vlan (vlan #)
This command will show if Vlans coming
across a trunk link are dropped or not. The final say for forwarding lies in
the MAC / CAM table. If a MAC address is not in the table – traffic will not be
forwarded. Spanning-tree will prevent loops – it does this by disabling Mac
address learning on interfaces that not in the forwarding state.
VTP Authentication:
Note: Authentication is on by default.
# Sh vtp password – shows configured vtp password for the domain.
# Sh vtp status
# Sh vtp statu | inc MD5 – as long as the configuration revision
on each switch is the same, even with a “null” password. The MD5 hash should
match on all switches.
Note: If there is a password mismatch , the parser should respond
with an error: “MD5 digest checksum mismatch on receipt of equal revision
summary on trunk Fa x/x”
VTP Pruning:
Used to reduce unnecessary traffic that’s forwarded through thr
layer 2 domain.
Reduces unnecessary replication of:
Broadcasts
Unknown Unicasts
Unknown Multicasts
Pruning is only supported in Server/ Client mode.
To configure pruning – from global mode - # vtp pruning.
Verification:
#sh int trunk
#sh int pruning
Note:
Pruning assumes you’re running vtp, it also assumes you’re running
in client server mode. If there’s a transparent switch in the network /
transparent path you could run into an issue.
Always verify what links are forwarding and what Vlans are
forwarding across those links.
To verify what’s forwarding on what port.
#sh int trunk –
shows if trunking is working, “status”
shows what Vlans are allowed to forward, “vlans allowed on trunk”
shows – out of all possible Vlans 1-4096, which ones are active
and which ones are created.
Shows which Vlans are forwarding and not pruned by VTP and which
Vlans that spanning-tree is running on.
# sh spanning-tree int FA x/x
Will also show what Vlans are forwarding out what
interfaces. .
# sh mac-address-table interface FA x/x
Mac addressee can only exist in the forwarding Vlans. With pruning
enabled – all switches should only forward Vlans that have local and or are in
the transit pat for.
No comments:
Post a Comment