8 Replies Latest reply: Oct 11, 2015 3:10 PM by Aref - CCIE #62163 (Security) / CCNPx2 (R&S - Security) / Network+ / Security+ RSS

    VTP version 3 and version 2 interoperability and MD5 digest

    Urfan Khaliq

      I have 3 switches connected to each other with trunks and have VTP v3 configured and working fine. No password configured, just plain simple VTP v3. I connected a new switch with default config on it and vlan.dat has been deleted (so just like a new out of the box switch) and it automatically learns the VTP domain and the VLANS from the others, but it is running in VTP version 2.

       

      If I create a new standard VLAN on a VTP v3 switch, it propagates through the domain and is added to the VTP v2 switch as well as the VTP v3 switches.

      If I create an extended VLAN on a VTP v3 switch, it propagates through the domain and is added to the VTP v3 switches but not on the VTP v2 switches (as expected) but the VTP v2 switch is clever enough to increment the revision number still.

       

      My question is this,

       

      How come this works if the MD5 Digest is different on the VTP v2 switch compared to the VTP v3 switches? - The VTP v3 switches all have the same MD5 Digest as they have the same VTP version, domain but the VTP v2 switch has a different MD5 Digest (as expected because the version is different right?)

       

      So shouldn't this NOT work as the Digest is different between the two version switches?

       

      below are outputs of show vtp status on the v2 and v3 switches

      V2

       

      Switch#show vtp status

      VTP Version capable             : 1 to 3

      VTP version running             : 2

      VTP Domain Name                 : CCIE

      VTP Pruning Mode                : Disabled

      VTP Traps Generation            : Disabled

      Device ID                       : 547c.69d0.9480

      Configuration last modified by 192.168.1.1 at 10-10-15 11:40:57

      Local updater ID is 192.168.1.1 on interface LIIN0 (first layer3 interface found)

       

      Feature VLAN:

      --------------

      VTP Operating Mode                : Server

      Maximum VLANs supported locally   : 1005

      Number of existing VLANs          : 110

      Configuration Revision            : 10

      MD5 digest                        : 0x35 0xA6 0xB0 0xA1 0x50 0x37 0x82 0x38

                                          0x84 0x58 0xAF 0xC1 0xAC 0x11 0x88 0xBF


      V3

       

      SW2#show vtp status

      VTP Version capable             : 1 to 3

      VTP version running             : 3

      VTP Domain Name                 : CCIE

      VTP Pruning Mode                : Disabled

      VTP Traps Generation            : Disabled

      Device ID                       : 547c.6919.d880

       

      Feature VLAN:

      --------------

      VTP Operating Mode                : Primary Server

      Number of existing VLANs          : 110

      Number of existing extended VLANs : 0

      Maximum VLANs supported locally   : 4096

      Configuration Revision            : 10

      Primary ID                        : 547c.6919.d880

      Primary Description               : SW2

      MD5 digest                        : 0xBC 0x05 0x65 0x83 0x15 0x32 0x38 0xE3

                                          0x18 0x5D 0x64 0x24 0xD7 0x74 0x14 0x99


      As you can see the revision and number of VLANS matches, as does the domain, but the version differs and so do the MD5 digests

        • 1. Re: VTP version 3 and version 2 interoperability and MD5 digest
          Dmcneil

          This is normal behavior.

           

          VTPv3 switches will send VTPv2 updates to  VTPv2 switches on a per-port basis. However, VTPv2 switches will not update VTPv3 devices.

           

          Check this link out. Near the bottom it explains this interaction:

          VTP Version 3 - Cisco

          • 2. Re: VTP version 3 and version 2 interoperability and MD5 digest
            Urfan Khaliq

            So this means the md5 digest does not need to match between switches?

            • 3. Re: VTP version 3 and version 2 interoperability and MD5 digest
              Dmcneil

              Maybe only for VTPv3 switches interacting with VTPv2 switches.

               

              I'm doing some more digging on this.

              • 4. Re: VTP version 3 and version 2 interoperability and MD5 digest
                Aref - CCIE #62163 (Security) / CCNPx2 (R&S - Security) / Network+ / Security+

                Hi Urfan,

                 

                I'm not 100% sure, but I think that would not matter in your case because you did not set any VTP password on the switches. Please try to set any and see if that would make any change.

                 

                Regards | Aref.

                • 5. Re: VTP version 3 and version 2 interoperability and MD5 digest
                  Urfan Khaliq

                  OK so with a password configured on all switches (V2 and V3), VTP is working between the V3 switches but now the V2 switch does not work

                   

                  V2 switch

                  Switch(config)#do show vtp status

                  VTP Version capable             : 1 to 3

                  VTP version running             : 2

                  VTP Domain Name                 : CCIE

                  VTP Pruning Mode                : Disabled

                  VTP Traps Generation            : Disabled

                  Device ID                       : 547c.69d0.9480

                  Configuration last modified by 192.168.1.1 at 10-10-15 12:40:26

                  Local updater ID is 192.168.1.1 on interface LIIN0 (first layer3 interface found)

                   

                  Feature VLAN:

                  --------------

                  VTP Operating Mode                : Server

                  Maximum VLANs supported locally   : 1005

                  Number of existing VLANs          : 10

                  Configuration Revision            : 13

                  MD5 digest                        : 0x2A 0x49 0xAE 0xCF 0xAA 0x96 0x31 0x06

                                                      0x7E 0xA6 0x34 0x31 0x0B 0xAE 0x29 0xC8


                  ---------------------------------------------------------------------------------------------------

                   

                  V3 switch

                  SW2#show vtp status

                  VTP Version capable             : 1 to 3

                  VTP version running             : 3

                  VTP Domain Name                 : CCIE

                  VTP Pruning Mode                : Disabled

                  VTP Traps Generation            : Disabled

                  Device ID                       : 547c.6919.d880

                   

                  Feature VLAN:

                  --------------

                  VTP Operating Mode                : Primary Server

                  Number of existing VLANs          : 5

                  Number of existing extended VLANs : 1

                  Maximum VLANs supported locally   : 4096

                  Configuration Revision            : 7

                  Primary ID                        : 547c.6919.d880

                  Primary Description               : SW2

                  MD5 digest                        : 0xFB 0x29 0xC4 0x82 0xAF 0x81 0x53 0x94

                                                      0x16 0x14 0xAF 0xA4 0xDF 0xC2 0xF5 0x4B

                  ---------------------------------------------------------------------------------------------------

                  V3 Switch

                  SW3(config)#do show vtp status

                  VTP Version capable             : 1 to 3

                  VTP version running             : 3

                  VTP Domain Name                 : CCIE

                  VTP Pruning Mode                : Disabled

                  VTP Traps Generation            : Disabled

                  Device ID                       : 1ce8.5d28.9e80

                   

                  Feature VLAN:

                  --------------

                  VTP Operating Mode                : Client

                  Number of existing VLANs          : 5

                  Number of existing extended VLANs : 1

                  Maximum VLANs supported locally   : 4096

                  Configuration Revision            : 7

                  Primary ID                        : 547c.6919.d880

                  Primary Description               : SW2

                  MD5 digest                        : 0xFB 0x29 0xC4 0x82 0xAF 0x81 0x53 0x94

                                                      0x16 0x14 0xAF 0xA4 0xDF 0xC2 0xF5 0x4B


                  So how come its now stopped working? the MD5 Digest is still different between the V2 and V3 switches?

                   

                  • 6. Re: VTP version 3 and version 2 interoperability and MD5 digest
                    Aref - CCIE #62163 (Security) / CCNPx2 (R&S - Security) / Network+ / Security+

                    As I mentioned before, I think the md5 digest mismatch would be taken in consideration in this case when the password is set in the VTP domain. Ok, now please try to delete the vlan.dat on V2 switch, reload it and check it again.

                     

                    Regards | Aref.

                    • 7. Re: VTP version 3 and version 2 interoperability and MD5 digest
                      Urfan Khaliq

                      OK so deleting the vlan.dat file on the V2 switch and then rebooting the switch causes the switch to come back with no VTP config - (Does that mean the VTP config is saved in vlan.dat?)

                       

                      So after I reconfigure the switch with version 2, domain and the vtp password, it re learns all the VLANS.

                       

                       

                      Switch#sh vtp status

                      VTP Version capable             : 1 to 3

                      VTP version running             : 2

                      VTP Domain Name                 : CCIE

                      VTP Pruning Mode                : Disabled

                      VTP Traps Generation            : Disabled

                      Device ID                       : 547c.69d0.9480

                      Configuration last modified by 192.168.1.1 at 10-11-15 09:45:45

                      Local updater ID is 192.168.1.1 on interface LIIN0 (first layer3 interface found)

                       

                      Feature VLAN:

                      --------------

                      VTP Operating Mode                : Server

                      Maximum VLANs supported locally   : 1005

                      Number of existing VLANs          : 104

                      Configuration Revision            : 7

                      MD5 digest                        : 0xAB 0xEC 0xA0 0xD2 0x9B 0xF8 0x65 0x3B

                                                          0xAF 0x41 0x1A 0x31 0x73 0x7D 0xE7 0xD0

                       

                       

                      SW2(config)# do show vtp status

                      VTP Version capable             : 1 to 3

                      VTP version running             : 3

                      VTP Domain Name                 : CCIE

                      VTP Pruning Mode                : Disabled

                      VTP Traps Generation            : Disabled

                      Device ID                       : 547c.6919.d880

                       

                      Feature VLAN:

                      --------------

                      VTP Operating Mode                : Server

                      Number of existing VLANs          : 104

                      Number of existing extended VLANs : 0

                      Maximum VLANs supported locally   : 4096

                      Configuration Revision            : 0

                      Primary ID                        : 0000.0000.0000

                      Primary Description               :

                      MD5 digest                        :

                       

                       

                       

                       

                       

                      There is also a lack of an MD5 Digest on the V3 switches

                      • 8. Re: VTP version 3 and version 2 interoperability and MD5 digest
                        Aref - CCIE #62163 (Security) / CCNPx2 (R&S - Security) / Network+ / Security+

                        Indeed Urfan, deleting the vlan.dat file would reset the VTP configuration. In regard to the lacking of the md5 digest, I'm not sure why it is lacking, please try to create a new VLAN and see if that changes anything.

                         

                        Regards | Aref.