The VLAN Trunking Protocol (VTP)

 VTP allows switches to synch their VLAN databases by advertising their VLAN info to other switches in the same VTP domain. This allows switches with no ports in a particular VLAN to still handle traffic for that VLAN. When a VLAN is created on one switch in a VTP domain, all other switches in that VTP domain are notified of that VLAN's existence. 

A switch can run in on e of three VTP modes:

Server mode allows the switch to create, name, and delete VLANs. 

Client mode prevents the switch from creating, naming, or deleting VLANs. 

Transparent mode switches forward the VTP advertisements received from other switches, but do not actually process the info in those ads. VLANs can be created, named, and deleted on switches running in transparent mode, but these changes are not advertised to the other switches in the VTP domain. 

VTP domain name is case sensitive.

SW1#show vtp status

SW1(config)#vtp domain CCNA

Changing VTP domain name from NULL to CCNA

A switch from another physical location, SW4, is brought to this client site and placed into the VTP domain CCNP. The CRN on that switch is 500, and this switch only knew about VLAN1 at its prior location which means it only knows about VLAN 1 at its new location. 

SW4 doesn't even have to be in Server mode to ruin things. While a Client generally spends its time listening for and forwarding VTP ads, a Client will send a full VTP summary ad when it first coms online. That's enough to cause a lot of trouble here. 

Cisco theory hold there are two ways to ensure the CRN is set to zero:

Change the VTP domain name to a non-existent domain, then change it back to the original name. 

Change the VTP mode from server to transparent, then back to server. 

Pruning: 

SW1#vtp status

VTP Pruning Mode: Disabled




Comments

Post a Comment

Popular posts from this blog

IP Version 6

 IPv6 address is 128 bits long includes a 64-bit interface identifier and 48-bit prefix and 16-bit subnetting. How many subnets? 2 to the 16th power is 65,536 subnets.  Zero compression: If you have consecutive fields of zeros, they can be expressed with two colons.  1234:1234:0000:0000:0000:0000:32456:3434 1234:1234::3456:3434 Leading zero compression: Leave at least one number in each field, even if the field is all zeros.  1234:0000:1234:0000:1234:0000:1234:01234 1234:0:1234:0:1234:0:1234:123 R2#(config)#ipv6 unicast-routing R2(config)#int gig 0/0 R2(config-if)#ipv6 address 2001:1111:2222:1:2/64 R2#show ipv6 int gig 0/0 Static Routing:  Three types of static routes: Recursive, where only the next-hope address is specified. Directly Connected, where only the output interface is specified. Fully Specified, where both the next-hop address and output interfaces are specified. 
Read more

OSPF

 There are two major link-state protocols in use today - OSPF and IS-IS. IS-IS is primarily used by service providers, and while you'll find IS-IS on other Cisco example, you won't see it on the CCNA R$S exam. So, this will focus on OSPF.  R1#show ip ospf datbase R1#show ip route ospf The beauty of the Dijkstra algorithm is that recalculation of routes due to a network change is so fast that routing loops literally have no time to form.  Before the LSA exchane begins, Ospf-speaking outers must become neighbors by forming an adjacency. Routers must agree on the following to become neighbors in OSPF:  The area number  The hello and dead timer settings Whether the area is a stub area Network mask When you configure RIP, it doesn't require number. However, for EIGRP you need <1-65535> Autonomous system number that has been agreed upon adjacencies. For OSPF, you need <1-65535> Process ID that doesn't have to be agreed upon.  We will verify OSPF adjac...
Read more

Wireless Security

 EAP-MD5 Uses the same MD5 hash as the Cisco router      command : service password-encryption Easily broken EAP-MD% introduced in Win2000, deprecated in Windows Vista LEAP (Lightweight EAP) Cisco-proprietary wireless network authentication method The client and the authentication server challenge each other Challenge responses are encrypted Uses dynamic WEP keys Although officially Cisco proprietary, it's supported by some third-party vendors via the Cisco Compatible Extensions Program LEAP suffers from serious security vulnerabilities, including easily cracked passwords Has been officially deprecated, but is still an option on some clients and access points EAP-FAST (EAP Flexible Authentication by Secure Tunneling) Cisco's replacement for LEAP A secure tunnel between the endpoints is constructed via use of a PAC during a three-phase process, which curiously enough begins with Phase Zero PEAP: Protected EAP Encapsulates EAP via a TLS tunnel The major difference betw...
Read more