Help with VLAN and VTP issue

[cyr0n_k0r]

Cisco switches running IOS 12.2

switch1 is set as VTP server
switch2 is set as VTP client

Created vlan 10 on switch1 named "wireless"
Confirmed it has replicated to switch2

Trying to assign a port on switch2 to vlan 10 using:
switch2(config) int fa0/37
switch2(config-if) switchport access vlan 10

but this is the error I keep getting:

%VTP VLAN configuration not allowed when device is in CLIENT mode


I'm not trying to configure vlans, im trying to assign a port to a vlan. Any help?

 

[Vito_Corleone]

Do "sh vlan b" and see if the VLAN is in the db on sw2. It sounds like the VLAN isn't there and the switch is trying to create it (which is what happens when you issue that command and the VLAN doesn't exist).

Edit: Just saw that you already confirmed that it's in the DB. Lemme think.

 

[xphil3]

its 100% trying to create the VLAN because it thinks it doesn't exist. delete the vlan.dat file on each switch, and recreate the VLAN again from the VTP server. Transparent mode is your friend This could be some kind of corruption in the vlan dbase, or some hinky bug.. either way, its not working like it should if you confirmed that the VLAN was replicated.

 

[cyr0n_k0r]

found the problem. It was 2 fold

1) the vtp wasn't sharing correctly because the clocks were too different.

2) the ports weren't in trunk so vtp wasnt happy.
I would have sworn I say vlan 10 show up on switch2 but it seems it wasn't.

Everythings working great now. Thanks guys.

 

[Vito_Corleone]

I would have sworn I say vlan 10 show up on switch2 but it seems it wasn't.

Ok, I feel better now. My brain was melting.

 

[xphil3]

found the problem. It was 2 fold

1) the vtp wasn't sharing correctly because the clocks were too different.
Everythings working great now. Thanks guys.

Clocks dont need to be in sync for VTP to function, the only thing that VTP looks at is stuff like config rev, domain, pw, etc...

Glad you got it working.

Ok, I feel better now. My brain was melting.

Indeed, VTP is pretty basic. Theres not much that can go wrong unless you throw some switch in there with a bad config rev, then you're hosed.

 

[Captain Colonoscopy]

Why use VTP Server/Client? Unless you have like a thousand VLANs or something. Just do transparent mode. I haven't used VTP server/client in years. Of course, I got burned, twice, by someone turning on a brand new switch and setting the VTP domain and then plugging it into the network . . . .

 

[Vito_Corleone]

someone turning on a brand new switch and setting the VTP domain and then plugging it into the network . . . .

This shouldn't cause any problems. What happened?

 

[kwmarc]

I believe if it is a new switch with a lower MAC address and you plug it into the network unconfigured it will consider itself the root/server switch. After that it will erase everything across all switches in that VTP domain and replace it with what is in its own vlan db (which is nothing).

 

[Vito_Corleone]

I believe if it is a new switch with a lower MAC address and you plug it into the network unconfigured it will consider itself the root/server switch. After that it will erase everything across all switches in that VTP domain and replace it with what is in its own vlan db (which is nothing).

You're kind of combining VTP and STP.

VTP works with config revisions, higher revision number > lower revision number. So a new switch will have a lower revision number than an existing switch, therefore it shouldn't be an issue. You also have server, client and transparent mode. Transparent mode does not accept VLAN information from other switches. It does pass on VTP updates though, IIRC.

The VTP issue you hear about is when someone puts a switch with the same VTP domain and a higher revision number (something like a lab switch) into the network, which then overwrites all the current/valid VLANs.

 

[Captain Colonoscopy]

What happened was that the new switch had the correct vtp domain and was set to server mode. It decided it was authoritative and cleared out the vlan database on every switch in a small school district. Needless to say that was fun fixing. That was my second bad experience with VTP server/client modes. The first was similar. That's why I don't use it anymore. That and I find manually configuring evrything more fun.
Posted via [H] Mobile Device

 

[Vito_Corleone]

What happened was that the new switch had the correct vtp domain and was set to server mode. It decided it was authoritative and cleared out the vlan database on every switch in a small school district. Needless to say that was fun fixing. That was my second bad experience with VTP server/client modes. The first was similar. That's why I don't use it anymore. That and I find manually configuring evrything more fun.
Posted via [H] Mobile Device

That shouldn't have happened. If it was a new switch, the revision number should have been lower than anything else in your network. Either the switch wasn't new, and had a higher revision number, or something else was at fault.

 

[SpaceHonkey]

Furthermore, changing to transparent mode and back to client/server resets your revision number to 1.

 

[Captain Colonoscopy]

That shouldn't have happened. If it was a new switch, the revision number should have been lower than anything else in your network. Either the switch wasn't new, and had a higher revision number, or something else was at fault.

I know it shouldn't have happened and I understand why as well. I just know that it did happen and that's why I don't use it anymore...

 

[Vito_Corleone]

So you're saying VTP has a mind of its own and just does whatever it wants?

 

[Valnar]

I use VTP all the time and never have problems with it. If I have a dozen or so switches in a location, it's a no brainer.

 

[SYN ACK]

never use it for reasons above.
just configure everything static - it's not a lot of extra work considering you're removing an element that can possibly cause an outage in the future.

not to mention, you dont want every vlan being pushed to every edge switch. especially for security reasons, or if certains vlans will never be used at an edge switch. yes, you can prune them out - but that is even more work and even more possibility of misconfiguration.

 

[Captain Colonoscopy]

So you're saying VTP has a mind of its own and just does whatever it wants?

That's not what I was trying to say. I'm just saying I had a few bad experiences with it and that is why I don't run server/client mode anymore.

 

[Vito_Corleone]

I gotcha.

 

[just2cool]

After bringing down a branch in Puerto Rico in the late 90s, my organization will never use it again. Can't say I disagree with the decision.

 

[prochobo]

never use it for reasons above.
just configure everything static - it's not a lot of extra work considering you're removing an element that can possibly cause an outage in the future.

not to mention, you dont want every vlan being pushed to every edge switch. especially for security reasons, or if certains vlans will never be used at an edge switch. yes, you can prune them out - but that is even more work and even more possibility of misconfiguration.

All things equal and configuration done correctly without the possibility of misconfiguration, what is your stance then?

 

[SYN ACK]

All things equal and configuration done correctly without the possibility of misconfiguration, what is your stance then?

adding vlans manually to every switch.
how can you 100% eliminate the possibility of misconfiguration (either at time of deployment, or a year from now)...

 

[Valnar]

Just use a VTP password if you're worried about misconfiguration or "lab" switches being introduced into production.

 

[SYN ACK]

Just use a VTP password if you're worried about misconfiguration or "lab" switches being introduced into production.

but then you still have vlans being pushed to edge switches who shouldnt have those vlans in the first place (or vlans not in use)...sure you can prune them out, but that becomes more work and induces more room for misconfiguration than just configuring vlans statically/manually in the first place.