Troubleshooting VTP

Troubleshooting VTP

Determining Why VTP Is Not Currently Working

First step: Determine that a problem exists in the first place.  A problem can be identified when any two neighboring switches have differing VLAN databases ie. they know about different VLAN IDs, with different names, and with a different configuration revision number.

Step 1: Confirm the switch names, topology (which interfaces connect which switches), and switch VTP modes.

Step 2: Identify sets of two neighboring switches that should be either VTP clients or servers whose VLAN databases differ with the show vlan command.

Step 3: On each pair of two neighboring switches whose databases differ, verify the following: a) At least one operational trunk should exist between the two switches (use the show interfaces trunk, show interfaces switchport, or show cdp neighbors command). b) The switches must have the same case-sensitive VTP domain name (show vtp status), c) If configured, the switches must have the same case-sensitive VTP password (show vtp password), d) While VTP pruning should be enabled or disabled on all servers in the same domain, having two servers configured with opposite pruning settings does not prevent the synchronization process.

Step 4: For each pair of switches identified in Step 3, solve the problem by either troubleshooting the trunking problem or reconfiguring a switch to correctly match the domain name or password.

Problems When Connecting New Switches and Bringing Up Trunks

Steps VTP switches go through when coming online.

Step 1: Confirm that trunking will occur on the new link.

Step 2: Confirm that the two switches use the same case-sensitive VTP domain name and password.

Step 3: If Steps 1 and 2 confirm that VTP will work, the switch with the lower revision number updates its VLAN database to match the other switch.

Before you connect a new switch to an existing VTP domain, reset the new switch’s VTP revision number to 0 by one of these methods:

* Configure the new switch for VTP transparent mode and then back to VTP client or server mode.

* Erase the new switch’s vlan.dat file in flash and reload the switch.  This file contains the switch’s VLAN database, including the revision number.

Avoiding VTP Problems Through Best Practices

* If you do not intend to use VTP, configure each switch to use transparent mode.

* If using VTP server or client mode, always use a VTP password.

* Disable trunking with the switchport mode access and switchport nonegotiate commands on all interfaces except known trunks, preventing VTP attacks by preventing the dynamic establishment of trunks.