Guest

Virtual LANs/VLAN Trunking Protocol (VLANs/VTP)

All Transparent VTP Domain to Server-Client VTP Domain Migration Configuration Example

Document ID: 81682

Updated: Feb 02, 2007

   Print

Introduction

This document provides a sample configuration on how to migrate a campus network of all VLAN Trunking Protocol (VTP) Transparent mode switches to a network with VTP server(s) and clients. This document can also be used to restructure the VTP domains that exist.

Prerequisites

Requirements

Ensure that you meet these requirements before you attempt this configuration:

  • Basic knowledge of Catalyst Switch Administration

  • Knowledge of VTP

Components Used

The information in this document is based on Cisco IOS® Software Release 12.2(25)SEC2, and Catalyst OS (CatOS) version 8.1(2).

The information in this document is applicable to all Cisco devices that support VLAN Trunk Protocol version 2.

The information in this document was created from the devices in a specific lab environment. If your network is live, make sure that you understand the potential impact of any command.

Conventions

Refer to Cisco Technical Tips Conventions for more information on document conventions.

Background Information

VTP reduces administration in a switched network. When you configure a new VLAN on one VTP server, the VLAN is distributed through all switches in the domain. This reduces the need to configure the same VLAN everywhere. VTP is a Cisco proprietary protocol that is available on most of the Cisco Catalyst series products.

Note: This document does not cover VTP version 3. VTP version 3 differs from VTP version 1 (v1) and version 2 (v2). It is only available on CatOS 8.1(1) or later. VTP version 3 incorporates many changes from VTP v1 and v2. Make certain that you understand the differences between VTP version 3 and earlier versions before you alter your network configuration. Refer to one of these sections from Configuring VTP for more information:

Configure

In this section, you are presented with the information to migrate your campus network from all VTP transparent configuration to VTP server client configuration. This section also provides the quick steps used to introduce a new switch to the VTP domain that exists.

Note: Use the Command Lookup Tool (registered customers only) to find more information on the commands used in this document.

Network Diagram

This document uses this network setup:

vtp-migration.gif

The network includes:

  • Two distribution layer switches—DistributionA and DistributionB that both run Cisco IOS Software.

  • Two access layer switches—AccessA runs Cisco IOS Software and AccessB runs CatOS Software.

The initial VLAN database has these Ethernet VLANs:

  • DistributionA—VLANs 1, 10, and 11

  • DistributionB—VLANs 1, 20, and 21

  • AccessA—VLANs 1, 30, and 31

  • AccessB—VLANs 1, 40, and 41

Configurations

This section consists of three sub-sections:

Pre Migration Checks

This section provides the checklist to make sure the network is ready for the migration process. In order to receive the current status of the VTP configuration in the switch, issue the show vtp status command for Cisco IOS, and the show vtp domain command for CatOS.

Cisco IOS

DistributionA#show vtp status
VTP Version                     : 2
Configuration Revision          : 0
Maximum VLANs supported locally : 1005
Number of existing VLANs        : 7
VTP Operating Mode              : Transparent
VTP Domain Name                 : migration
VTP Pruning Mode                : Disabled
VTP V2 Mode                     : Disabled
VTP Traps Generation            : Disabled
MD5 digest                      : 0xE5 0x9F 0x80 0x70 0x73 0x62 0xC0 0x54
Configuration last modified by 0.0.0.0 at 3-1-93 04:23:21
DistributionA#

Catalyst OS

AccessB> (enable) show vtp domain
Version      : running VTP1 (VTP3 capable)
Domain Name  : migration                        Password  : not configured
Notifications: disabled                         Updater ID: 0.0.0.0

Feature        Mode           Revision
-------------- -------------- -----------
VLAN           Client         0

Pruning             : disabled
VLANs prune eligible: 2-1000
AccessB> (enable)
  1. Check if all switches are in VTP Transparent mode. Issue these commands in order to change the VTP mode:

    Cisco IOS

    AccessA#conf t
    AccessA(config)#vtp mode transparent
    Setting device to VTP TRANSPARENT mode
    AccessA(config)#exit
    AccessA#

    Catalyst OS

    AccessB> (enable) set vtp mode transparent
    Changing VTP mode for all features
    VTP domain migration modified
    AccessB> (enable)
  2. Check if all switches have the same VTP domain name. Issue these commands in order to change the VTP domain name:

    Cisco IOS

    DistributionB(config)#vtp domain migration
    
    Changing VTP domain name from aaaa to migration
    DistributionB(config)#

    Catalyst OS

    AccessB> (enable) set vtp domain migration
    
    VTP domain migration modified
    AccessB> (enable)
  3. Check if all switches run the same VTP version. Issue these commands in order to change the VTP version:

    Cisco IOS

    vtp version 2
    

    Catalyst OS

    set vtp v2 enable
    

    or

    set vtp version 2
    
  4. Check if all switches run the same VTP password (if any configured). Issue these commands in order to change the VTP password:

    Cisco IOS

    vtp password vtp_password
    
    

    Catalyst OS

    AccessB> (enable) set vtp passwd ?
      <passwd>                   Password (0 to clear)
    AccessB> (enable) set vtp passwd vtp_password
    
    Generating the secret associated to the password.
    VTP domain migration modified
  5. Check if all switches are connected by trunk links.

    Cisco IOS

    DistributionA#show interfaces trunk
    
    Port        Mode         Encapsulation  Status        Native vlan
    Gi2/0/1     auto         n-isl          trunking      1
    Gi2/0/5     auto         n-802.1q       trunking      1
    Gi2/0/9     desirable    n-isl          trunking      1
    Gi2/0/10    desirable    n-isl          trunking      1
    
    Port      Vlans allowed on trunk
    Gi2/0/1     1-4094
    Gi2/0/5     1-4094
    Gi2/0/9     1-4094
    Gi2/0/10    1-4094
    
    Port        Vlans allowed and active in management domain
    Gi2/0/1     1,10-11
    Gi2/0/5     1,10-11
    Gi2/0/9     1,10-11
    Gi2/0/10    1,10-11
    
    Port        Vlans in spanning tree forwarding state and not pruned
    Gi2/0/1     1,10-11
    Gi2/0/5     1,10-11
    Gi2/0/9     1,10-11
     
    !--- Rest of output elided.
    
    

    Catalyst OS

    AccessB> (enable) show trunk
    * - indicates vtp domain mismatch
    # - indicates dot1q-all-tagged enabled on the port
    Port      Mode         Encapsulation  Status        Native vlan
    --------  -----------  -------------  ------------  -----------
     3/25     desirable    n-isl          trunking      1
     3/26     desirable    n-isl          trunking      1
     6/1      nonegotiate  dot1q          trunking      1
     6/2      nonegotiate  dot1q          trunking      1
     6/3      nonegotiate  dot1q          trunking      1
     6/4      nonegotiate  dot1q          trunking      1
    16/1      nonegotiate  isl            trunking      1
    
    Port      Vlans allowed on trunk
    --------  ---------------------------------------------------------------------
     3/25     1-1005,1025-4094
     3/26     1-1005,1025-4094
     6/1
     6/2
     6/3
     6/4
    16/1      1-1005,1025-4094
    
    Port      Vlans allowed and active in management domain
    
    !--- Rest of output elided.
    
    

Migration Planning

  • Determine the number of VLANs required for the network. The maximum number of active VLANs supported by Catalyst switches varies with models.

    AccessA#show vtp status
    VTP Version                     : 2
    Configuration Revision          : 0
    Maximum VLANs supported locally : 250
    Number of existing VLANs        : 7
    VTP Operating Mode              : Transparent
    VTP Domain Name                 : migration
    VTP Pruning Mode                : Disabled
    VTP V2 Mode                     : Disabled
    VTP Traps Generation            : Disabled
    MD5 digest                      : 0xC8 0xB7 0x36 0xC3 0xBD 0xC6 0x56 0xB2
    Configuration last modified by 0.0.0.0 at 3-1-93 04:23:21
    AccessA#
  • Determine the switches, such as DistributionA and DistributionB, which will be the VTP servers. One or more switches can be VTP servers in a domain. Choose one switch, such as DistributionA, in order to start the migration.

Migration Procedure

Complete these steps in order to configure the campus network with VTP mode server and client:

  1. Change the VTP mode of the DistributionA to Server.

    DistributionA#conf t
    Enter configuration commands, one per line.  End with CNTL/Z.
    DistributionA(config)#vtp mode server
    Setting device to VTP SERVER mode
    DistributionA(config)#exit
    DistributionA#
  2. Create the VLANs that are required in the domain.

    
    !--- Before creating VLANs
    
    DistributionA#show vlan
    
    VLAN Name                             Status    Ports
    ---- -------------------------------- --------- -------------------------------
    1    default                          active    Gi2/0/2, Gi2/0/3, Gi2/0/4
                                                    Gi2/0/6, Gi2/0/7, Gi2/0/8
                                                    Gi2/0/11, Gi2/0/12, Gi2/0/13
                                                    Gi2/0/14, Gi2/0/15, Gi2/0/16
                                                    Gi2/0/17, Gi2/0/18, Gi2/0/19
                                                    Gi2/0/20, Gi2/0/21, Gi2/0/22
    10   VLAN0010                         active    Gi2/0/23
    11   VLAN0011                         active    Gi2/0/24
    1002 fddi-default                     act/unsup
    1003 token-ring-default               act/unsup
    1004 fddinet-default                  act/unsup
    1005 trnet-default                    act/unsup
    
    VLAN Type  SAID       MTU   Parent RingNo BridgeNo Stp  BrdgMode Trans1 Trans2
    ---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
    1    enet  100001     1500  -      -      -        -    -        0      0
    10   enet  100010     1500  -      -      -        -    -        0      0
    11   enet  100011     1500  -      -      -        -    -        0      0
    1002 fddi  101002     1500  -      -      -        -    -        0      0
    1003 tr    101003     1500  -      -      -        -    srb      0      0
    
    !--- Rest of output elided.
    
    
    
    
    !--- Creating required VLANs
    
    DistributionA#conf t
    Enter configuration commands, one per line.  End with CNTL/Z.
    DistributionA(config)#vlan 20-21,30-31,40-41
    
    DistributionA(config-vlan)#exit
    DistributionA(config)#exit
    DistributionA#
    
    
    !--- After creating VLANs
    
    DistributionA#show vlan
    
    VLAN Name                             Status    Ports
    ---- -------------------------------- --------- -------------------------------
    1    default                          active    Gi2/0/2, Gi2/0/3, Gi2/0/4
                                                    Gi2/0/6, Gi2/0/7, Gi2/0/8
                                                    Gi2/0/11, Gi2/0/12, Gi2/0/13
                                                    Gi2/0/14, Gi2/0/15, Gi2/0/16
                                                    Gi2/0/17, Gi2/0/18, Gi2/0/19
                                                    Gi2/0/20, Gi2/0/21, Gi2/0/22
    10   VLAN0010                         active    Gi2/0/23
    11   VLAN0011                         active    Gi2/0/24
    20   VLAN0020                         active
    21   VLAN0021                         active
    30   VLAN0030                         active
    31   VLAN0031                         active
    40   VLAN0040                         active
    41   VLAN0041                         active
    1002 fddi-default                     act/unsup
    1003 token-ring-default               act/unsup
    1004 fddinet-default                  act/unsup
    1005 trnet-default                    act/unsup
    
    VLAN Type  SAID       MTU   Parent RingNo BridgeNo Stp  BrdgMode Trans1 Trans2
    
    !--- Rest of output elided.
    
    

    If no new VLANs are to be configured, create a dummy VLAN.

    This increases the Configuration Revision to '1', which enables the VLAN database to propagate throughout the network.

    DistributionA#conf t
    Enter configuration commands, one per line.  End with CNTL/Z.
    DistributionA(config)#vlan 100
    
    DistributionA(config-vlan)#name dummy
    
    DistributionA(config-vlan)#exit
    DistributionA(config)#exit
    DistributionA#
  3. Change the VTP mode of DistributionB to Client, followed by AccessA and AccessB.

    Cisco IOS

    DistributionB#conf t
    Enter configuration commands, one per line.  End with CNTL/Z.
    DistributionB(config)#vtp mode client
    Setting device to VTP CLIENT mode.
    DistributionB(config)#exit
    DistributionB#
    
    
    DistributionB#show vtp status
    VTP Version                     : 2
    Configuration Revision          : 0
    Maximum VLANs supported locally : 1005
    Number of existing VLANs        : 13
    VTP Operating Mode              : Client
    VTP Domain Name                 : migration
    VTP Pruning Mode                : Disabled
    VTP V2 Mode                     : Disabled
    VTP Traps Generation            : Disabled
    MD5 digest                      : 0xBD 0xA4 0x94 0xE6 0xE3 0xC7 0xA7 0x86
    Configuration last modified by 0.0.0.0 at 3-1-93 04:23:21

    Catalyst OS

    AccessB> (enable) set vtp mode client
    Changing VTP mode for all features
    VTP domain migration modified
  4. Verify if all VLANs are propagated across the domain.

    Cisco IOS

    DistributionB#show vlan
    
    VLAN Name                             Status    Ports
    ---- -------------------------------- --------- -------------------------------
    1    default                          active    Fa1/0/1, Fa1/0/3, Fa1/0/4
                                                    Fa1/0/5, Fa1/0/7, Fa1/0/8
                                                    Fa1/0/11, Fa1/0/12, Fa1/0/13
                                                    Fa1/0/14, Fa1/0/15, Fa1/0/16
                                                    Fa1/0/17, Fa1/0/18, Fa1/0/19
                                                    Fa1/0/20, Fa1/0/21, Fa1/0/22
                                                    Fa1/0/23, Fa1/0/24
    10   VLAN0010                         active
    11   VLAN0011                         active
    20   VLAN0020                         active    Gi1/0/1
    21   VLAN0021                         active    Gi1/0/2
    30   VLAN0030                         active
    31   VLAN0031                         active
    40   VLAN0040                         active
    41   VLAN0041                         active
    1002 fddi-default                     act/unsup
    1003 token-ring-default               act/unsup
    1004 fddinet-default                  act/unsup
    1005 trnet-default                    act/unsup
    
    !--- Rest of output elided.
    
    

    Catalyst OS

    AccessB> (enable) show vlan
    VLAN Name                             Status    IfIndex Mod/Ports, Vlans
    ---- -------------------------------- --------- ------- ------------------------
    1    default                          active    64      2/1-2
                                                            3/1-24,3/27-46
                                                            4/1-8
    10   VLAN0010                         active    107
    11   VLAN0011                         active    108
    20   VLAN0020                         active    105
    21   VLAN0021                         active    106
    30   VLAN0030                         active    109
    31   VLAN0031                         active    110
    40   VLAN0040                         active    111     3/47
    41   VLAN0041                         active    112     3/48
    1002 fddi-default                     active    65
    1003 token-ring-default               active    68
    1004 fddinet-default                  active    66
    1005 trnet-default                    active    67
    
    
    VLAN Type  SAID       MTU   Parent RingNo BrdgNo Stp  BrdgMode Trans1 Trans2
    ---- ----- ---------- ----- ------ ------ ------ ---- -------- ------ ------
    1002 fddi  101002     1500  -      -      -      -    -        0      0
    1003 trcrf 101003     1500  -      -      -      -    -        0      0
    
    !--- Rest of output elided.
    
    
  5. Check if any switchport is in the Inactive state.

    A switchport can go to Inactive state if the VLAN configured for that switchport does not exist in the switch. Create appropriate VLAN(s), as required, in the VTP server switch.

    Cisco IOS

    From the output of the show interfaces switchport command, you can determine if a switchport is in Inactive mode if it has the Inactive keyword for the Access Mode VLAN attribute.

    DistributionB#show interfaces switchport
    Name: Fa1/0/1
    Switchport: Enabled
    Administrative Mode: dynamic auto
    Operational Mode: down
    Administrative Trunking Encapsulation: negotiate
    Negotiation of Trunking: On
    Access Mode VLAN: 1 (default)
    Trunking Native Mode VLAN: 1 (default)
    Administrative Native VLAN tagging: enabled
    Voice VLAN: none
    Administrative private-vlan host-association: none
    Administrative private-vlan mapping: none
    Administrative private-vlan trunk native VLAN: none
    Administrative private-vlan trunk Native VLAN tagging: enabled
    Administrative private-vlan trunk encapsulation: dot1q
    Administrative private-vlan trunk normal VLANs: none
    Administrative private-vlan trunk private VLANs: none
    Operational private-vlan: none
    Trunking VLANs Enabled: ALL
    Pruning VLANs Enabled: 2-1001
    Capture Mode Disabled
    Capture VLANs Allowed: ALL
    
    
    !--- Part of output elided.
    
    
    Name: Fa1/0/24
    Switchport: Enabled
    Administrative Mode: dynamic auto
    Operational Mode: down
    Administrative Trunking Encapsulation: negotiate
    Negotiation of Trunking: On
    Access Mode VLAN: 50 (Inactive)
    Trunking Native Mode VLAN: 1 (default)
    Administrative Native VLAN tagging: enabled
    Voice VLAN: none
    Administrative private-vlan host-association: none
    Administrative private-vlan mapping: none
    Administrative private-vlan trunk native VLAN: none
    Administrative private-vlan trunk Native VLAN tagging: enabled
    Administrative private-vlan trunk encapsulation: dot1q
    Administrative private-vlan trunk normal VLANs: none
    Administrative private-vlan trunk private VLANs: none
    Operational private-vlan: none
    Trunking VLANs Enabled: ALL
    Pruning VLANs Enabled: 2-1001
    Capture Mode Disabled
    Capture VLANs Allowed: ALL
    
    Protected: false
    Unknown unicast blocked: disabled
    
    !--- Rest of output elided.
    
    

    Create the VLAN 50 in the VTP server switch (DistributionA).

    DistributionA#conf t
    Enter configuration commands, one per line.  End with CNTL/Z.
    DistributionA(config)#vlan 50
    
    DistributionA(config-vlan)#name Vlan50
    
    DistributionA(config-vlan)#end
    DistributionA#
    
    !--- Verify the switchport status in the DistributionB switch.
    
    
    DistributionB#show interfaces fa1/0/24 switchport
    Name: Fa1/0/24
    Switchport: Enabled
    Administrative Mode: dynamic auto
    Operational Mode: down
    Administrative Trunking Encapsulation: negotiate
    Negotiation of Trunking: On
    Access Mode VLAN: 50 (Vlan50)
    Trunking Native Mode VLAN: 1 (default)
    Administrative Native VLAN tagging: enabled
    Voice VLAN: none
    Administrative private-vlan host-association: none
    Administrative private-vlan mapping: none
    Administrative private-vlan trunk native VLAN: none
    Administrative private-vlan trunk Native VLAN tagging: enabled
    Administrative private-vlan trunk encapsulation: dot1q
    Administrative private-vlan trunk normal VLANs: none
    Administrative private-vlan trunk private VLANs: none
    Operational private-vlan: none
    Trunking VLANs Enabled: ALL
    Pruning VLANs Enabled: 2-1001
    Capture Mode Disabled
    Capture VLANs Allowed: ALL
    
    !--- Rest of output elided.
    
    
  6. Change the VTP mode of the DistributionB switch to Server.

    The VTP server switch(es) must have the same configuration revision number, and must be the highest in the VTP domain.

Add a Switch to the VTP Domain

A recently added switch can cause problems in the network. It can be a switch that was previously used in the lab, and a good VTP domain name was entered. The switch was configured as a VTP client and was connected to the rest of the network. Then, you brought the trunk link up to the rest of the network. In just a few seconds, the whole network can go down.

If the configuration revision number of the switch that you inserted is higher than the configuration revision number of the VTP domain, it propagates its VLAN database through the VTP domain.

This occurs whether the switch is a VTP client or a VTP server. A VTP client can erase VLAN information on a VTP server. You can tell this has occurred when many of the ports in your network go into the Inactive state but continue to assign to a nonexistent VLAN.

Note: Refer to Flash Animation: VTP for a demonstration of this problem.

Complete these steps in order to avoid this issue when you add a switch to the network:

  1. Before you connect the new switch to the network, change the VTP mode of the switch to Transparent.

    This resets the Configuration Revision number to zero ('0').

  2. Connect the switch to the network and configure the appropriate trunk links.

  3. Configure the VTP attributes:

    1. Configure the VTP domain name to match the VTP domain name of the network.

    2. Configure the VTP version and password (if any required).

  4. Change the VTP mode to Client.

    The Configuration Revision number is still zero ('0'). VLANs start to propagate from the VTP server(s) that exists in the network.

  5. Verify if all required VLANs are available in the new switch and in the VTP servers of the network.

  6. If any VLAN is missing, a quick workaround is to add it from one of the VTP servers.

Refer to How a Recently Inserted Switch Can Cause Network Problems for more information.

Verify

There is no separate verification procedure available for this configuration. Use the verification steps provided as part of the configuration example.

The Output Interpreter Tool (registered customers only) (OIT) supports certain show commands. Use the OIT to view an analysis of show command output.

  • show vtp status [Cisco IOS]—Displays the current status of the VTP domain.

  • show vtp domain [Catalyst OS]—Displays the current status of the VTP domain.

  • show vlan—Displays the VLAN information.

Troubleshoot

There is currently no specific troubleshooting information available for this configuration.

Refer to VTP Troubleshooting and Caveats for information on common issues with VTP.

Related Information

Updated: Feb 02, 2007
Document ID: 81682