Migrate a Transparent VTP Domain to Server-Client VTP Domain
Available Languages
Contents
Introduction
This document provides a sample configuration on how to migrate a campus network of all VLAN Trunking Protocol (VTP) Transparent mode switches to a network with VTP server(s) and clients. This document can also be used to restructure the VTP domains that exist.
Prerequisites
Requirements
Ensure that you meet these requirements before you attempt this configuration:
-
Basic knowledge of Catalyst Switch Administration
-
Knowledge of VTP
Components Used
The information in this document is based on Cisco IOS® Software Release 12.2(25)SEC2, and Catalyst OS (CatOS) version 8.1(2).
The information in this document is applicable to all Cisco devices that support VLAN Trunk Protocol version 2.
The information in this document was created from the devices in a specific lab environment. If your network is live, make sure that you understand the potential impact of any command.
Conventions
Refer to Cisco Technical Tips Conventions for more information on document conventions.
Background Information
VTP reduces administration in a switched network. When you configure a new VLAN on one VTP server, the VLAN is distributed through all switches in the domain. This reduces the need to configure the same VLAN everywhere. VTP is a Cisco proprietary protocol that is available on most of the Cisco Catalyst series products.
Note: This document does not cover VTP version 3. VTP version 3 differs from VTP version 1 (v1) and version 2 (v2). It is only available on CatOS 8.1(1) or later. VTP version 3 incorporates many changes from VTP v1 and v2. Make certain that you understand the differences between VTP version 3 and earlier versions before you alter your network configuration. Refer to one of these sections from Configuring VTP for more information:
Configure
In this section, you are presented with the information to migrate your campus network from all VTP transparent configuration to VTP server client configuration. This section also provides the quick steps used to introduce a new switch to the VTP domain that exists.
Note: Use the Command Lookup Tool (registered customers only) to find more information on the commands used in this document.
Network Diagram
This document uses this network setup:
The network includes:
-
Two distribution layer switches—DistributionA and DistributionB that both run Cisco IOS Software.
-
Two access layer switches—AccessA runs Cisco IOS Software and AccessB runs CatOS Software.
The initial VLAN database has these Ethernet VLANs:
-
DistributionA—VLANs 1, 10, and 11
-
DistributionB—VLANs 1, 20, and 21
-
AccessA—VLANs 1, 30, and 31
-
AccessB—VLANs 1, 40, and 41
Configurations
This section consists of three sub-sections:
Pre Migration Checks
This section provides the checklist to make sure the network is ready for the migration process. In order to receive the current status of the VTP configuration in the switch, issue the show vtp status command for Cisco IOS, and the show vtp domain command for CatOS.
Cisco IOS
DistributionA#show vtp status VTP Version : 2 Configuration Revision : 0 Maximum VLANs supported locally : 1005 Number of existing VLANs : 7 VTP Operating Mode : Transparent VTP Domain Name : migration VTP Pruning Mode : Disabled VTP V2 Mode : Disabled VTP Traps Generation : Disabled MD5 digest : 0xE5 0x9F 0x80 0x70 0x73 0x62 0xC0 0x54 Configuration last modified by 0.0.0.0 at 3-1-93 04:23:21 DistributionA#
Catalyst OS
AccessB> (enable) show vtp domain Version : running VTP1 (VTP3 capable) Domain Name : migration Password : not configured Notifications: disabled Updater ID: 0.0.0.0 Feature Mode Revision -------------- -------------- ----------- VLAN Client 0 Pruning : disabled VLANs prune eligible: 2-1000 AccessB> (enable)
-
Check if all switches are in VTP Transparent mode. Issue these commands in order to change the VTP mode:
Cisco IOS
AccessA#conf t AccessA(config)#vtp mode transparent Setting device to VTP TRANSPARENT mode AccessA(config)#exit AccessA#
Catalyst OS
AccessB> (enable) set vtp mode transparent Changing VTP mode for all features VTP domain migration modified AccessB> (enable)
-
Check if all switches have the same VTP domain name. Issue these commands in order to change the VTP domain name:
Cisco IOS
DistributionB(config)#vtp domain migration Changing VTP domain name from aaaa to migration DistributionB(config)#Catalyst OS
AccessB> (enable) set vtp domain migration VTP domain migration modified AccessB> (enable) -
Check if all switches run the same VTP version. Issue these commands in order to change the VTP version:
Cisco IOS
vtp version 2
Catalyst OS
set vtp v2 enable
or
set vtp version 2
-
Check if all switches run the same VTP password (if any configured). Issue these commands in order to change the VTP password:
Cisco IOS
vtp password vtp_passwordCatalyst OS
AccessB> (enable) set vtp passwd ? <passwd> Password (0 to clear) AccessB> (enable) set vtp passwd vtp_password Generating the secret associated to the password. VTP domain migration modified -
Check if all switches are connected by trunk links.
Cisco IOS
DistributionA#show interfaces trunk Port Mode Encapsulation Status Native vlan Gi2/0/1 auto n-isl trunking 1 Gi2/0/5 auto n-802.1q trunking 1 Gi2/0/9 desirable n-isl trunking 1 Gi2/0/10 desirable n-isl trunking 1 Port Vlans allowed on trunk Gi2/0/1 1-4094 Gi2/0/5 1-4094 Gi2/0/9 1-4094 Gi2/0/10 1-4094 Port Vlans allowed and active in management domain Gi2/0/1 1,10-11 Gi2/0/5 1,10-11 Gi2/0/9 1,10-11 Gi2/0/10 1,10-11 Port Vlans in spanning tree forwarding state and not pruned Gi2/0/1 1,10-11 Gi2/0/5 1,10-11 Gi2/0/9 1,10-11 !--- Rest of output elided.
Catalyst OS
AccessB> (enable) show trunk * - indicates vtp domain mismatch # - indicates dot1q-all-tagged enabled on the port Port Mode Encapsulation Status Native vlan -------- ----------- ------------- ------------ ----------- 3/25 desirable n-isl trunking 1 3/26 desirable n-isl trunking 1 6/1 nonegotiate dot1q trunking 1 6/2 nonegotiate dot1q trunking 1 6/3 nonegotiate dot1q trunking 1 6/4 nonegotiate dot1q trunking 1 16/1 nonegotiate isl trunking 1 Port Vlans allowed on trunk -------- --------------------------------------------------------------------- 3/25 1-1005,1025-4094 3/26 1-1005,1025-4094 6/1 6/2 6/3 6/4 16/1 1-1005,1025-4094 Port Vlans allowed and active in management domain !--- Rest of output elided.
Migration Planning
-
Determine the number of VLANs required for the network. The maximum number of active VLANs supported by Catalyst switches varies with models.
AccessA#show vtp status VTP Version : 2 Configuration Revision : 0 Maximum VLANs supported locally : 250 Number of existing VLANs : 7 VTP Operating Mode : Transparent VTP Domain Name : migration VTP Pruning Mode : Disabled VTP V2 Mode : Disabled VTP Traps Generation : Disabled MD5 digest : 0xC8 0xB7 0x36 0xC3 0xBD 0xC6 0x56 0xB2 Configuration last modified by 0.0.0.0 at 3-1-93 04:23:21 AccessA#
-
Determine the switches, such as DistributionA and DistributionB, which will be the VTP servers. One or more switches can be VTP servers in a domain. Choose one switch, such as DistributionA, in order to start the migration.
Migration Procedure
Complete these steps in order to configure the campus network with VTP mode server and client:
-
Change the VTP mode of the DistributionA to Server.
DistributionA#conf t Enter configuration commands, one per line. End with CNTL/Z. DistributionA(config)#vtp mode server Setting device to VTP SERVER mode DistributionA(config)#exit DistributionA#
-
Create the VLANs that are required in the domain.
!--- Before creating VLANs DistributionA#show vlan VLAN Name Status Ports ---- -------------------------------- --------- ------------------------------- 1 default active Gi2/0/2, Gi2/0/3, Gi2/0/4 Gi2/0/6, Gi2/0/7, Gi2/0/8 Gi2/0/11, Gi2/0/12, Gi2/0/13 Gi2/0/14, Gi2/0/15, Gi2/0/16 Gi2/0/17, Gi2/0/18, Gi2/0/19 Gi2/0/20, Gi2/0/21, Gi2/0/22 10 VLAN0010 active Gi2/0/23 11 VLAN0011 active Gi2/0/24 1002 fddi-default act/unsup 1003 token-ring-default act/unsup 1004 fddinet-default act/unsup 1005 trnet-default act/unsup VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2 ---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------ 1 enet 100001 1500 - - - - - 0 0 10 enet 100010 1500 - - - - - 0 0 11 enet 100011 1500 - - - - - 0 0 1002 fddi 101002 1500 - - - - - 0 0 1003 tr 101003 1500 - - - - srb 0 0 !--- Rest of output elided. !--- Creating required VLANs DistributionA#conf t Enter configuration commands, one per line. End with CNTL/Z. DistributionA(config)#vlan 20-21,30-31,40-41 DistributionA(config-vlan)#exit DistributionA(config)#exit DistributionA# !--- After creating VLANs DistributionA#show vlan VLAN Name Status Ports ---- -------------------------------- --------- ------------------------------- 1 default active Gi2/0/2, Gi2/0/3, Gi2/0/4 Gi2/0/6, Gi2/0/7, Gi2/0/8 Gi2/0/11, Gi2/0/12, Gi2/0/13 Gi2/0/14, Gi2/0/15, Gi2/0/16 Gi2/0/17, Gi2/0/18, Gi2/0/19 Gi2/0/20, Gi2/0/21, Gi2/0/22 10 VLAN0010 active Gi2/0/23 11 VLAN0011 active Gi2/0/24 20 VLAN0020 active 21 VLAN0021 active 30 VLAN0030 active 31 VLAN0031 active 40 VLAN0040 active 41 VLAN0041 active 1002 fddi-default act/unsup 1003 token-ring-default act/unsup 1004 fddinet-default act/unsup 1005 trnet-default act/unsup VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2 !--- Rest of output elided.If no new VLANs are to be configured, create a dummy VLAN.
This increases the Configuration Revision to '1', which enables the VLAN database to propagate throughout the network.
DistributionA#conf t Enter configuration commands, one per line. End with CNTL/Z. DistributionA(config)#vlan 100 DistributionA(config-vlan)#name dummy DistributionA(config-vlan)#exit DistributionA(config)#exit DistributionA#
-
Change the VTP mode of DistributionB to Client, followed by AccessA and AccessB.
Cisco IOS
DistributionB#conf t Enter configuration commands, one per line. End with CNTL/Z. DistributionB(config)#vtp mode client Setting device to VTP CLIENT mode. DistributionB(config)#exit DistributionB# DistributionB#show vtp status VTP Version : 2 Configuration Revision : 0 Maximum VLANs supported locally : 1005 Number of existing VLANs : 13 VTP Operating Mode : Client VTP Domain Name : migration VTP Pruning Mode : Disabled VTP V2 Mode : Disabled VTP Traps Generation : Disabled MD5 digest : 0xBD 0xA4 0x94 0xE6 0xE3 0xC7 0xA7 0x86 Configuration last modified by 0.0.0.0 at 3-1-93 04:23:21
Catalyst OS
AccessB> (enable) set vtp mode client Changing VTP mode for all features VTP domain migration modified
-
Verify if all VLANs are propagated across the domain.
Cisco IOS
DistributionB#show vlan VLAN Name Status Ports ---- -------------------------------- --------- ------------------------------- 1 default active Fa1/0/1, Fa1/0/3, Fa1/0/4 Fa1/0/5, Fa1/0/7, Fa1/0/8 Fa1/0/11, Fa1/0/12, Fa1/0/13 Fa1/0/14, Fa1/0/15, Fa1/0/16 Fa1/0/17, Fa1/0/18, Fa1/0/19 Fa1/0/20, Fa1/0/21, Fa1/0/22 Fa1/0/23, Fa1/0/24 10 VLAN0010 active 11 VLAN0011 active 20 VLAN0020 active Gi1/0/1 21 VLAN0021 active Gi1/0/2 30 VLAN0030 active 31 VLAN0031 active 40 VLAN0040 active 41 VLAN0041 active 1002 fddi-default act/unsup 1003 token-ring-default act/unsup 1004 fddinet-default act/unsup 1005 trnet-default act/unsup !--- Rest of output elided.Catalyst OS
AccessB> (enable) show vlan VLAN Name Status IfIndex Mod/Ports, Vlans ---- -------------------------------- --------- ------- ------------------------ 1 default active 64 2/1-2 3/1-24,3/27-46 4/1-8 10 VLAN0010 active 107 11 VLAN0011 active 108 20 VLAN0020 active 105 21 VLAN0021 active 106 30 VLAN0030 active 109 31 VLAN0031 active 110 40 VLAN0040 active 111 3/47 41 VLAN0041 active 112 3/48 1002 fddi-default active 65 1003 token-ring-default active 68 1004 fddinet-default active 66 1005 trnet-default active 67 VLAN Type SAID MTU Parent RingNo BrdgNo Stp BrdgMode Trans1 Trans2 ---- ----- ---------- ----- ------ ------ ------ ---- -------- ------ ------ 1002 fddi 101002 1500 - - - - - 0 0 1003 trcrf 101003 1500 - - - - - 0 0 !--- Rest of output elided. -
Check if any switchport is in the Inactive state.
A switchport can go to Inactive state if the VLAN configured for that switchport does not exist in the switch. Create appropriate VLAN(s), as required, in the VTP server switch.
Cisco IOS
From the output of the show interfaces switchport command, you can determine if a switchport is in Inactive mode if it has the Inactive keyword for the Access Mode VLAN attribute.
DistributionB#show interfaces switchport Name: Fa1/0/1 Switchport: Enabled Administrative Mode: dynamic auto Operational Mode: down Administrative Trunking Encapsulation: negotiate Negotiation of Trunking: On Access Mode VLAN: 1 (default) Trunking Native Mode VLAN: 1 (default) Administrative Native VLAN tagging: enabled Voice VLAN: none Administrative private-vlan host-association: none Administrative private-vlan mapping: none Administrative private-vlan trunk native VLAN: none Administrative private-vlan trunk Native VLAN tagging: enabled Administrative private-vlan trunk encapsulation: dot1q Administrative private-vlan trunk normal VLANs: none Administrative private-vlan trunk private VLANs: none Operational private-vlan: none Trunking VLANs Enabled: ALL Pruning VLANs Enabled: 2-1001 Capture Mode Disabled Capture VLANs Allowed: ALL !--- Part of output elided. Name: Fa1/0/24 Switchport: Enabled Administrative Mode: dynamic auto Operational Mode: down Administrative Trunking Encapsulation: negotiate Negotiation of Trunking: On Access Mode VLAN: 50 (Inactive) Trunking Native Mode VLAN: 1 (default) Administrative Native VLAN tagging: enabled Voice VLAN: none Administrative private-vlan host-association: none Administrative private-vlan mapping: none Administrative private-vlan trunk native VLAN: none Administrative private-vlan trunk Native VLAN tagging: enabled Administrative private-vlan trunk encapsulation: dot1q Administrative private-vlan trunk normal VLANs: none Administrative private-vlan trunk private VLANs: none Operational private-vlan: none Trunking VLANs Enabled: ALL Pruning VLANs Enabled: 2-1001 Capture Mode Disabled Capture VLANs Allowed: ALL Protected: false Unknown unicast blocked: disabled !--- Rest of output elided.
Create the VLAN 50 in the VTP server switch (DistributionA).
DistributionA#conf t Enter configuration commands, one per line. End with CNTL/Z. DistributionA(config)#vlan 50 DistributionA(config-vlan)#name Vlan50 DistributionA(config-vlan)#end DistributionA#
!--- Verify the switchport status in the DistributionB switch. DistributionB#show interfaces fa1/0/24 switchport Name: Fa1/0/24 Switchport: Enabled Administrative Mode: dynamic auto Operational Mode: down Administrative Trunking Encapsulation: negotiate Negotiation of Trunking: On Access Mode VLAN: 50 (Vlan50) Trunking Native Mode VLAN: 1 (default) Administrative Native VLAN tagging: enabled Voice VLAN: none Administrative private-vlan host-association: none Administrative private-vlan mapping: none Administrative private-vlan trunk native VLAN: none Administrative private-vlan trunk Native VLAN tagging: enabled Administrative private-vlan trunk encapsulation: dot1q Administrative private-vlan trunk normal VLANs: none Administrative private-vlan trunk private VLANs: none Operational private-vlan: none Trunking VLANs Enabled: ALL Pruning VLANs Enabled: 2-1001 Capture Mode Disabled Capture VLANs Allowed: ALL !--- Rest of output elided. -
Change the VTP mode of the DistributionB switch to Server.
The VTP server switch(es) must have the same configuration revision number, and must be the highest in the VTP domain.
Add a Switch to the VTP Domain
A recently added switch can cause problems in the network. It can be a switch that was previously used in the lab, and a good VTP domain name was entered. The switch was configured as a VTP client and was connected to the rest of the network. Then, you brought the trunk link up to the rest of the network. In just a few seconds, the whole network can go down.
If the configuration revision number of the switch that you inserted is higher than the configuration revision number of the VTP domain, it propagates its VLAN database through the VTP domain.
This occurs whether the switch is a VTP client or a VTP server. A VTP client can erase VLAN information on a VTP server. You can tell this has occurred when many of the ports in your network go into the Inactive state but continue to assign to a nonexistent VLAN.
Note: Refer to Flash Animation: VTP for a demonstration of this problem.
Complete these steps in order to avoid this issue when you add a switch to the network:
-
Before you connect the new switch to the network, change the VTP mode of the switch to Transparent.
This resets the Configuration Revision number to zero ('0').
-
Connect the switch to the network and configure the appropriate trunk links.
-
Configure the VTP attributes:
-
Configure the VTP domain name to match the VTP domain name of the network.
-
Configure the VTP version and password (if any required).
-
-
Change the VTP mode to Client.
The Configuration Revision number is still zero ('0'). VLANs start to propagate from the VTP server(s) that exists in the network.
-
Verify if all required VLANs are available in the new switch and in the VTP servers of the network.
-
If any VLAN is missing, a quick workaround is to add it from one of the VTP servers.
Refer to How a Recently Inserted Switch Can Cause Network Problems for more information.
Verify
There is no separate verification procedure available for this configuration. Use the verification steps provided as part of the configuration example.
The Output Interpreter Tool (registered customers only) (OIT) supports certain show commands. Use the OIT to view an analysis of show command output.
-
show vtp status [Cisco IOS]—Displays the current status of the VTP domain.
-
show vtp domain [Catalyst OS]—Displays the current status of the VTP domain.
-
show vlan—Displays the VLAN information.
Troubleshoot
There is currently no specific troubleshooting information available for this configuration.
Refer to VTP Troubleshooting and Caveats for information on common issues with VTP.
Related Information
Revision History
| Revision | Publish Date | Comments |
|---|---|---|
1.0 |
07-Feb-2014 |
Initial Release |
FeedbackContact Cisco
- Open a Support Case
- (Requires a Cisco Service Contract)