Paramveer: Troubleshoot VTP (Cont.)

How Do I Determine If My Switch Might Be Affected?

The watchdog timeout can occur if these two conditions are met:

The Token Ring VLAN (1003) is translated to VLAN 1.
You make a change in VLAN 1.

Issue the show vlan command on the Catalyst in order to observe the Token Ring VLAN translation. This is an example of show vlan command output:

VLAN Type SAID MTU Parent RingNo BrdgNo Stp BrdgMode Trans1 Trans2

----      -----   --------   -----   ------      ------      ------     ----     --------       ------    ------

1        enet  100001 1500    -               -          -         -            -           1003

How Does CatOS Version 6.3(3) Protect My Switch from a Watchdog Timeout?

There is a protective feature in order to prevent a watchdog timeout in this CatOS version. The Catalyst switch switches from VTP server or client to VTP transparent mode.

How Do I Determine If My Switch Has Gone to VTP Transparent Mode in Order to Protect Against a Watchdog Timeout?

Your switch has gone to VTP transparent mode if the logging level for the VTP is raised to 4.

Console> (enable) set logging level vtp 4 default

You see this message when the switchover occurs:


VTP-4-UNSUPPORTEDCFGRCVD:Rcvd VTP advert with unsupported vlan config on 

trunk mod/port- VTP mode changed to transparent

What Are the Negative Effects When the Switch Goes to VTP Transparent Mode?

If pruning is enabled, the trunks go down.
If the trunks go down and no other ports are in that VLAN, the VLAN interface in the installed Multilayer Switch Feature Card (MSFC) goes down.

If these effects occur, and this switch is in the core of your network, your network can be negatively affected.

Where Does the Unsupported VTP Configuration Come From?

Any Cisco IOS Software-based switch, such as the switches in this list, can supply the unsupported VTP configuration:

A Catalyst 2900/3500XL
A Cisco IOS Software Catalyst 6500
A Cisco IOS Software-based Catalyst 4000

These products translate the 1003 VLAN to VLAN 1 by default.

What Is the Solution?

The solution in CatOS-based switches enables the switches to handle this translated information properly. The solution for the Cisco IOS Software-based switches is to remove this default translation and match the behavior of the CatOS-based switches. These are the integrated fixed versions that are currently available:

Catalyst Switch	Fixed Releases
CatOS switches	5.5(14) and later 6.3(6) and later 7.2(2) and later
Catalyst 4000 (Supervisor Engine III)	Not affected
Catalyst 6500 (Supervisor Engine Cisco IOS Software)	Cisco IOS Software Release 12.1(8a)EX and later
Catalyst 2900 and 3500XL	Cisco IOS Software Release 12.0(5)WC3 and later

If you cannot upgrade to images that have these fixes integrated, you can modify the configuration in the Cisco IOS Software-based switches. Use this procedure if the switch is a VTP server:


goss#vlan data


goss(vlan)#no vlan 1 tb-vlan1 tb-vlan2

Resetting translation bridge VLAN 1 to default
Resetting translation bridge VLAN 2 to default


goss(vlan)#no vlan 1003 tb-vlan1 tb-vlan2

Resetting translation bridge VLAN 1 to default
Resetting translation bridge VLAN 2 to default


goss(vlan)#apply

APPLY completed.

goss(vlan)#exit

APPLY completed.

Exiting....

The 1002 VLAN can be translated, but you can also remove it if you include this in your configuration:


goss(vlan)#no vlan 1002 tb-vlan1 tb-vlan2


Resetting translation bridge VLAN 1 to default

Resetting translation bridge VLAN 2 to default

When Exactly Does My Switch Change to VTP Transparent Mode?

Some confusion exists about when this switchover to VTP transparent mode occurs. The scenarios in this section provide examples of when the switchover can happen.

Example 1

These are the initial conditions:
- Both the Catalyst 6500 and the Catalyst 3500XL are VTP servers with the same VTP configuration revision number.
- Both servers have the same VTP domain name and the same VTP password, if the password is configured.
- The Catalyst 3500XL has the translated Token Ring VLAN.
- You start the servers while they are disconnected.
If you connect these two switches, the Catalyst 6500 goes to VTP transparent mode. Of course, this also happens if the Cisco 3500XL has a higher VTP configuration revision number than the Catalyst 6500 configuration revision number. Moreover, if the switch to VTP transparent mode occurs when you physically connect the two switches, you can reasonably assume that the change would also occur if you booted the Catalyst 6500 for the first time while the switch was already connected.
Example 2

These are the initial conditions:
- The Catalyst 6500 is a VTP server.
- The Catalyst 3500XL is a VTP client.
- The Catalyst 3500XL has a higher VTP configuration revision number than the Catalyst 6500 configuration revision number.
- Both switches have the same VTP domain and the same VTP password, if the password is configured.
- The Catalyst 3500XL has the translated Token Ring VLAN.
- You start the servers while they are disconnected.
If you connect these two switches, the Catalyst 6500 goes to VTP transparent mode. In this scenario, if the Catalyst 3500XL has a lower configuration revision number than the Catalyst 6500 configuration revision number, the Catalyst 6500 does not switch to VTP transparent mode. If the Catalyst 3500XL has the same configuration revision number, the Catalyst 6500 does not go to VTP transparent mode. However, the translation is still present in the Catalyst 3500XL.

What Is the Quickest Way to Recover After I Notice the Translation in My Network?

Even if you correct the Token Ring VLAN information in one switch, such as the switch that malfunctioned, the information can propagate throughout your network. You can use the show vlan command in order to determine if this occurred. Therefore, the quickest way to recover is to perform these steps:

Take a Cisco IOS Software-based switch, such as a Catalyst XL that is connected to the network, and change the switch to a VTP server.
Remove the translated VLANs.
After you apply the change in the switch, reconnect the switch to the network.

The change should be propagated to all the other VTP servers and clients.

You can use the show vlan command in order to verify that the translation is gone in the network. At this point, you should be able to change the affected CatOS 6.3(3) switch back to a VTP server.

Note: The Catalyst XL switches do not support as many VLANs as the Catalyst 6500s support. Ensure that all the VLANs in the Catalyst 6500 exist in the Catalyst XL switch before you reconnect them. For example, you do not want to connect a Catalyst 3548XL with 254 VLANs and a higher VTP configuration revision number to a Catalyst 6500 that has 500 VLANs configured.

How a Recently Inserted Switch Can Cause Network Problems

This problem occurs when you have a large switched domain that is all in the same VTP domain, and you want to add one switch in the network.

This switch was previously used in the lab, and a good VTP domain name was entered. The switch was configured as a VTP client and was connected to the rest of the network. Then, you brought the ISL link up to the rest of the network. In just a few seconds, the whole network was down. How did this happen?

The configuration revision number of the switch that you inserted was higher than the configuration revision number of the VTP domain. Therefore, your recently introduced switch, with almost no configured VLANs, erased all VLANs through the VTP domain.

This occurs whether the switch is a VTP client or a VTP server. A VTP client can erase VLAN information on a VTP server. You can tell that this has occurred when many of the ports in your network go into inactive state but continue to be assigned to a nonexistent VLAN.

Solution

Quickly reconfigure all of the VLANs on one of the VTP servers.

What to Remember

Always make sure that the configuration revision number of all switches that you insert into the VTP domain is lower than the configuration revision number of the switches that are already in the VTP domain.

If you have the output of a show tech-support command from your Cisco device,.

Example

Complete these steps in order to see an example of this problem:

Issue these commands in order to see that clic has 7 VLANs (1, 2, 3, and the defaults), clic is the VTP server in the domain named test, and port 2/3 is in VLAN 3:


clic (enable) show vlan


1993 May 25 05:09:50 %PAGP-5-PORTTOSTP:Port 2/1 joined bridge port 2/1 lan
VLAN Name                             Status    IfIndex Mod/Ports,     Vlans

---- -------------------------------- ---------         ------- ------------------------
1    default                               active            65      2/2,2/4-50
2    VLAN0002                         active           70

1003 token-ring-default            active           69
3    VLAN0003                         active            71      2/3
1002 fddi-default                      active           66
1004 fddinet-default                 active           67


clic (enable) show vtp domain
1005 trnet-default                    active    68      68




Domain Name                      Domain Index VTP Version Local Mode  Password

-------------------------------- ------------ ----------- ----------- ----------
test                             1            2           server      -


---------- ---------------- --------------- -------------
Vlan-count Max-vlan-storage Config Revision Notifications
7          1023             0               disabled


0.0.0.0         disabled disabled 2-1000
Last Updater    V2 Mode  Pruning  PruneEligible on Vlans
--------------- -------- -------- -------------------------


clic (enable) show port 2/3

Port  Name               Status     Vlan       Level  Duplex Speed Type

----- ------------------ ---------- ---------- ------ ------ ----- ------------

 2/3                     connected 3          normal   10  half 10/100BaseTX

Connect bing, which is a lab switch on which VLANs 4, 5, and 6 were created.

The configuration revision number is 3 in this switch.


bing (enable) show vlan


VLAN Name                             Status    IfIndex Mod/Ports, Vlans

---- -------------------------------- --------- ------- ------------------------
1    default                          active    4       2/1-48

4    VLAN0004                         active    63
3/1-6
5    VLAN0005                         active    64

1003 token-ring-default               active    8
6    VLAN0006                         active    65
1002 fddi-default                     active    5
1004 fddinet-default                  active    6

1005 trnet-default                    active    7

Place bing in the same VTP domain (test).


bing (enable) show vtp domain


Domain Name                      Domain Index VTP Version Local Mode  Password

-------------------------------- ------------ ----------- ----------- ----------
test                             1            2           server      -


---------- ---------------- --------------- -------------
Vlan-count Max-vlan-storage Config Revision Notifications
8          1023             3               disabled


10.200.8.38     disabled disabled 2-1000
Last Updater    V2 Mode  Pruning  PruneEligible on Vlans

--------------- -------- -------- -------------------------

Configure the trunk between the two switches in order to integrate bing in the network.

Bing erased the clic VLAN, and now clic has VLANs 4, 5, and 6. However, clic no longer has VLANs 2 and 3, and port 2/3 is inactive.


clic (enable) show vtp domain 


Domain Name                      Domain Index VTP Version Local Mode  Password

-------------------------------- ------------ ----------- ----------- ----------
test                             1            2           server      -


---------- ---------------- --------------- -------------
Vlan-count Max-vlan-storage Config Revision Notifications
8          1023             3               disabled


10.200.8.38     disabled disabled 2-1000
Last Updater    V2 Mode  Pruning  PruneEligible on Vlans
--------------- -------- -------- -------------------------
clic (enable)


clic (enable) show vlan

VLAN Name                             Status    IfIndex Mod/Ports, Vlans

---- -------------------------------- --------- ------- ------------------------
1    default                          active    65      2/2,2/4-50

5    VLAN0005                         active    73
4    VLAN0004                         active    72
6    VLAN0006                         active    74

1004 fddinet-default                  active    67
1002 fddi-default                     active    66
1003 token-ring-default               active    69

clic (enable) show port 2/3
1005 trnet-default                    active    68      68




Port  Name               Status     Vlan       Level  Duplex Speed Type

----- ------------------ ---------- ---------- ------ ------ ----- ------------

 2/3                     inactive   3          normal   auto  auto 10/100BaseTX

Recently Added Switch Does Not Get the VLANs From the VTP Server

Make sure that the newly added switch has a configuration revision number that is less than the current revision number of the domain.

The new switch might not immediately receive the list of configured VLANs from the VTP server. In order to overcome this, make any of these modifications to the VLAN database:

Create any VLAN.
Delete any VLAN.
Modify the properties of any current VLAN.

Make modifications to the VLAN database at any VTP server of the same domain.


Switch#configure terminal

Enter configuration commands, one per line.  End with CNTL/Z.

Switch(config)#vlan 50



Switch(config-vlan)#name 50thVLAN



Switch(config-vlan)#end

Switch#

Once the modification is completed, the newly added switch receives the VLAN information from the VTP server.

Reset the Configuration Revision Number

You can easily reset the configuration revision number by either of the two procedures provided in this section.

Reset the Configuration Revision using Domain Name

Complete these steps in order to reset the configuration revision number with the change of the domain name:

Issue this command in order to see that the configuration is empty:


clic (enable) show vtp domain


Domain Name                      Domain Index VTP Version Local Mode  Password

-------------------------------- ------------ ----------- ----------- ----------
1            2           server      -


---------- ---------------- --------------- -------------
Vlan-count Max-vlan-storage Config Revision Notifications
5          1023             0               disabled


0.0.0.0         disabled disabled 2-1000
Last Updater    V2 Mode  Pruning  PruneEligible on Vlans
--------------- -------- -------- -------------------------

clic (enable)

Configure the domain name, which is test in this example, and create two VLANs.

The configuration revision number goes up to 2:


clic (enable) set vtp domain test


VTP domain test modified

clic (enable) set vlan 2

Vlan 2 configuration successful

clic (enable) set vlan 3

Vlan 3 configuration successful

clic (enable) show vtp domain

Domain Name                      Domain Index VTP Version Local Mode  Password

-------------------------------- ------------ ----------- ----------- ----------
test                             1            2           server      -


---------- ---------------- --------------- -------------
Vlan-count Max-vlan-storage Config Revision Notifications
7          1023             2               disabled


0.0.0.0         disabled disabled 2-1000
Last Updater    V2 Mode  Pruning  PruneEligible on Vlans
--------------- -------- -------- -------------------------

clic (enable)

Change the domain name from test to cisco.

The configuration revision number is back to 0, and all the VLANs are still present:


clic (enable) set vtp domain cisco


VTP domain cisco modified

clic (enable) show vtp domain 

Domain Name                      Domain Index VTP Version Local Mode  Password

-------------------------------- ------------ ----------- ----------- ----------
cisco                            1            2           server      -


---------- ---------------- --------------- -------------
Vlan-count Max-vlan-storage Config Revision Notifications
7          1023             0               disabled


0.0.0.0         disabled disabled 2-1000
Last Updater    V2 Mode  Pruning  PruneEligible on Vlans

--------------- -------- -------- -------------------------

Change the VTP domain name from cisco back to test.

The configuration revision is 0. There is no risk that anything can be erased, and all the previously configured VLANs remain:


clic (enable) set vtp domain test


VTP domain test modified

clic (enable) show vtp domain 

Domain Name                      Domain Index VTP Version Local Mode  Password

-------------------------------- ------------ ----------- ----------- ----------
test                             1            2           server      -


---------- ---------------- --------------- -------------
Vlan-count Max-vlan-storage Config Revision Notifications
7          1023             0               disabled


0.0.0.0         disabled disabled 2-1000
Last Updater    V2 Mode  Pruning  PruneEligible on Vlans
--------------- -------- -------- -------------------------

clic (enable)

Reset the Configuration Revision using VTP Mode

Complete these steps in order to reset the configuration revision number with the change of the VTP mode: