Sunday, December 31, 2017

Cisco CCNP:300-115 - 1.4 Configure and verify trunking: 1.4.a VTPv1, VTPv2, VTPv3, VTP pruning

Recently I needed to renew my Cisco CCNPs, that is both CCNP Routing and Switching as well as CCNP Security. While working with Cisco products (well now they own SourceFire, so exclude these) is not within my daily duties, I still thought it was important for me to maintain these two credentials. As a result, I've put together my notes below focusing on the key points I used to study. I believe that someone else may find them useful.

         - VTP is a Layer 2 messaging protocol
         - VTPv1 and v2 support standard VLAN range (1-100)
         -  VTPv3 supports the entire VLAN range (1-4094) which includes the extended VLAN range (1006-4094)
         -  VTPv3 cannot be converted to VTPv2 if extended VLANs are configured in the domain
         -  A switch can only be in one VTP domain
         -  Until a anagement domain name is learned or specified, you cannot create or modify VLANs on VTP server
         -  VLAN information not propogated on the network until a VTP domain name is specified or learned
         -  Switches uses the highest revision number to determine how to update its database
         -  "Transparent" mode allows for creation and modification of VLANs. However, those VLANs are not propogated to any other devices
         -  VTP modes include:
            - Server:
                - Allows for creation, modification and deletion of VLANs and other configuration parameters.
                - VLAN configuration is saved in NVRAM
                - Advertisements send to devices in the same VTP domain
                - When a switch detects a failure when writint to NVRAM, the VTP mode automatically changes from "Server" to "client"
            - Client:
                - Receives and transmits learned updates
                - Cannot create, delete or modify VLANs
                - In VTPv1 and v2 VLAN config not saved in NVRAM.
                - In VTPv3 configuration saved in NVRAM
            - Transparent:
                - Switches do not participate in VTP
                - Does not advertise or synchronize its learned VLANs or configuration in VTPv1
                - VTPv2 and v3 transparent mode allows for forwarding of VTP advertisements
                - You can create, delete and modify VLANs
                - If using VTPv1 or v2, the switch must be in VTP transparent mode when you create extended-range (1006-4094)
                - VTPv3 support creatign extended-range VLANs while in client or server mode
                - VTPv1 and v2 supports private VLAN but the switch must be in "transparent"
                - VTPv3 supports private VLANs in client and server modes
                - Configuration saved in NVRAM but not advertised to other switches
            - Off:
                - Functions much the same as a VTP transparent switch
                - However, does not forward VTP advertisements on trunks
         
          - VTP advertisements contain:
                - VTP domain name
                - VTP configuration revision numer
                - Update identify and update timestamp
                - MD5 digest VLAN configuration, which includes the MTU
                - Frame format
           
            - VTP Advertisements distribute the following for each configured VLAN:
                - VLAN ID
                - VLAN name
                - VLAN type
                - VLAN state
                - Additonal VLAN configuration information specific to the VLAN type
               
            - VTPv3 advertisements also include the primary server ID, an instance number and a start index
            - By default VTP operates in v1
            - VTPv2 supports Token Ring
            - Unrecognized TLVs. These are stored in NVRAM when the switch is in VTP server mode
            - VTPv2 version supports only one domain
            - If the MD5 digest matches, the information is correct
           
           
      - VTP Version 3
          - Uses enhanced authentication via "hidden" or "secret"
          - "hidden" saves the secret key from the password string in the VLAN database file but not in plaintext in the configuration
          - "hidden" saves the hexadecimal key associated with the password in the running config
          - "secret" allows for confiuration of the password secret key
          - Supports extended VLAN range (1006-4094)
          - If extended VLANs are configured you cannot convert from VTP v3 to v1 or v2
          - VTP pruning still applies to VLANs 1-1005
          - VLANs 1002-1005 are still reserved and cannot be modified
          - supports private VLAN
          - Supports any data in adomain
          - Can also propogate Multiple Spanning Tree (MST) protocol database information
          - A separate instance of VTP protocol runs for each application that uses VTP
          - Uses the concept of Primary and secondary sever
          - Primary server updates the database information
          - Secondary servers can only backup updated VTP configuration received from the primary server to its NVRAM
          - By devfault all devices come up as secondary servers
          - To specify a primary server use:
                SecurityNik#vtp primary
         
          - You can have a working VTP domain without any primary servers
          - The primary server status is lost if the device reload or domain paramaeters change
          - Allows for turning VTP on or off on a trunk (per-port) basis
          - VTP cannot be set to "off" for MST database
          - VTP cannot be set to "on" for the VLAN database on the same port
          - Setting VTP to "off" globally, applies it to all trunking ports in the system
          - However can still set to "on" or "off" on a per-VTP instance basis
                 
          - VTP version 1 and 2 supports VTP modes "server", "client" and "transparent".
          - VTP v3 supports one addition mode called "off". This means it support 4 modes, "off", "server", "client" and "transparent"
          - VTP v1 and v2 supports only normal range VLANs (1-1005)
          - the switch must be in VTP "transparent" mode if you create VLANs from 1006-4094
          Only VTPv3 supports extended range (1006-4094) VLANs
          - Cannot convert from VTPv3 to VTPv2 if exteded VLANs are configured in the domain
          - For VTP to work, there must be a truk port on one switch connected to a trunk port on a second switch
          - In VTPv1 and v2 the swtich must be in VTP "transparent" or "server" modes you can add, modify or remove configurations from VLANs 2-1001.
          - VLANs 1, 1002-1005 are automatically created and cannot be removed
          - In VTPv1 and v2, the switch must be in "transparent" mode when creating extended (1006-4094) VLANs
          - Configuration for VLANs 101005 are stored in the "vlan.dat" file
          - Attempting to manually delete the "vlan.dat" file may lead to inconsistency
          - VLANs 1-1005 are always stored in "vlan.dat" file
          - When the VTP mode is "transparent", the VLANs are stored in the switch running configuration
          - To use VTP at least one trunk has to be established between two hosts


References:
https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3560/software/release/12-2_52_se/configuration/guide/3560scg/swvlan.html
https://learningnetwork.cisco.com/community/certifications/ccnp/switch_v2/exam-topics
https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3560/software/release/12-2_52_se/configuration/guide/3560scg/swvtp.html#wpxref      
https://www.cisco.com/c/en/us/products/collateral/switches/catalyst-6500-series-switches/solution_guide_c78_508010.html

No comments:

Post a Comment