silly question regarding cisco switches and trunking

[meatsack]

Hey all. New to the forum. Thanks in advance for any help or info you can provide.

Silly question. At my current employment I'm trying to clean up the layer 2 network. No one has been looking after it for a while and they have vlans and trunks all over the place.

It's been a while since I've done any layer 2 stuff so this question may be a little stupid but I have to be 100% sure about it.


sw1 ----- sw2 ------ sw3


For the sake of my question, we have 3 switches. Links between switches are dot1.q trunks
Switches 1 and 3 have vlans configured ( lets say 10 and 20) with ports joined to those vlans.

Switch 2 has no ports assigned to any vlans, just the two trunk links between sw1 and sw3.

For vlan traffic to move from sw 1 to sw 3 does sw2 need vlans 10 and 20 configured
in its vlan database so it can pass the traffic along the trunk links between sw1 and sw3?

These are cisco devices, 3550's running IOS 12.1.

Thanks

Meatsack

 

[wybnormal]

VTP is your friend. One switch will be the "server" of VLAN info and the others will be "clients". As a client, the switch knows about the VLANs even if ports are not used. There is also a transparent setting but that does not apply here based on what you have said.

MikeS

http://www.packetattack.com

http://www.packetpress.net

Home of the book "Network Security Using Linux"

 

[jeter]

I Would agree with Mike on this one using VTP. I would just make sure that you need different vlans in your setup.
Otherwise insert everyone in the same vlan.

“Reserve your right to think, for even to think wrongly is better than not to think at all”

Tek-TIP Member 19,650

 

[jdeisenm]

If you go with vtp. Do set a vtp password. That will protect yourself from yourself and anyone else who may plug in a swtich.

sample config

server switch config

vtp mode server
vtp domain mydomain
vtp password mypassword

client switch config

vtp mode client
vtp domain mydomain
vtp password mypassword

I'd also have your clock configured via ntp that way the vtp time is real.

Some useful commands are.

show vtp status
show vtp password

 

[burtsbees]

I would like to reiterate the password---if anyone plugs a rogue switch (I may have even read about software on, say, a laptop that may be able to do this?) into the network, and the switch is config'd as a vtp server, guess what could happen? It could pass false info to all switches and really make for a bad day. But aren't switches configured as transparent switches by default?

Burt

 

[pmoorey]

Burt,

I'm sure that switches are configured as VTP servers by default... so remember when adding a new switch to ensure that you make it a client before connecting it to the network, that way you don't end up losing all your VLAN information.

HTH


Peter
CCNA, Cisco Qualified Specialist

 

[vipergg]

It doesn't matter if it is setup as client , a client can change the whole vtp table if the config revision number is higher than what is on the network and the domain names match . When initially configuring the switch change the vtp domain name to something other than what you are using on the network then change it back to to the vtp domain name you use on the network , this will set the vtp revision number to 0 which will then not modify config if you don't happen to use a vtp password....

 

[nyy1023]

to vipergg...a client in a vtp set-up cannot make any changes to the vtp domain. it cannot change, add, or delete. The revision number will always be the same as the server because it is a slave to the server. The only way it can make any changes is if the client is changed to server and the domain is changed then changed back then that revision number is reset and becomes the master and all vtp updates will come from that switch.

 

[vipergg]

ny1023 , I disagree this is straight out of a cisco best practices doc using vtp version2 .


There is no specific recommendation on whether to use VTP client/server modes or VTP transparent mode. Some customers prefer the ease of management of VTP client/server mode despite some considerations noted later. The recommendation is to have two server mode switches in each domain for redundancy, typically the two distribution-layer switches. The rest of the switches in the domain must be set to client mode. """When you implement client/server mode with the use of VTPv2, be mindful that a higher revision number is always accepted in the same VTP domain. If a switch that is configured in either "VTP client or server mode" is introduced into the VTP domain and has a higher revision number than the existing VTP servers, this overwrites the VLAN database within the VTP domain. If the configuration change is unintentional and VLANs are deleted, the overwrite can cause a major outage in the network. In order to ensure that client or server switches always have a configuration revision number that is lower than that of the server, change the client VTP domain name to something other than the standard name. Then revert back to the standard. This action sets the configuration revision on the client to 0.

 

[burtsbees]

What nyy was saying is true, if the client we are talking about came from the same VTP domain as the server. But it did NOT---the VTP domain the client switch belonged to once upon a time before it got moved got the revision number from the server in that domain, NOT from the server in the domain it has not yet been attached to. So I totally agree with vipergg on this one. Like Forrest Gump once said...that's all I have to say about that.

Burt