Skip to main content

Configuring and Verifying VTP v2

 Configuring and Verifying VTP v2

Configuring VTP

Verifying the topology

Before you start configuring VLAN Trunking Protocol on Cisco switches, it is very important to first verify that all inter-switch links are trunks. Especially in lab/test environments, engineers often spent time troubleshooting VTP issues and in the end, it turns out that the problem is not with the VTP but with the Interswitch links.


IMPORTANT TO REMEMBER VTP messages are sent and received on trunk links only.


In this configuration example, we will use the topology shown in Figure 1. Before we start configuring the VTP, let's verify the trunks and how many VLANs are configured.





The easiest way to verify this by checking Switch 2, because it has links to all other switches.



SW2#sh interfaces trunk Port Mode Encapsulation Status Native vlan Fa0/1 desirable n-802.1q trunking 1 Fa0/2 desirable n-802.1q trunking 1 Fa0/3 desirable n-802.1q trunking 1 Port Vlans allowed on trunk Fa0/1 1-1005 Fa0/2 1-1005 Fa0/3 1-1005 Port Vlans allowed and active in management domain Fa0/1 1 Fa0/2 1 Fa0/3 1 Port Vlans in spanning tree forwarding state and not pruned Fa0/1 1 Fa0/2 1 Fa0/3 1 SW2# sh vlan VLAN Name Status Ports ---- -------------------------------- --------- ------------------------------- 1 default active Fa0/4, Fa0/5, Fa0/6, Fa0/7 Fa0/8, Fa0/9, Fa0/10, Fa0/11 Fa0/12, Fa0/13, Fa0/14, Fa0/15 Fa0/16, Fa0/17, Fa0/18, Fa0/19 Fa0/20, Fa0/21, Fa0/22, Fa0/23 Fa0/24, Gig0/1, Gig0/2 1002 fddi-default active 1003 token-ring-default active 1004 fddinet-default active 1005 trnet-default active



As you can see, SW2 has only the default VLANs and all inter-switch links are trunks. 

VTP Domain Name

When setting up VTP for the first time, we always start with the domain name. All switches in the topology must be in the same domain. There are two ways to configure this. First more explicit way is to manually configure the name on each switch. The other one is to configure the name only on the VTP server switch and it will advertise it to the others.


SW1#conf t Enter configuration commands, one per line. End with CNTL/Z. SW1(config)#vtp domain ? WORD The ascii name for the VTP administrative domain. SW1(config)#vtp domain CISCO Changing VTP domain name from NULL to CISCO SW1(config)#end SW1# %SYS-5-CONFIG_I: Configured from console by console SW1#show vtp status VTP Version capable : 1 to 2 VTP version running : 2 VTP Domain Name : CISCO VTP Pruning Mode : Disabled VTP Traps Generation : Disabled Device ID : 0001.43A9.0200 Configuration last modified by 0.0.0.0 at 0-0-00 00:00:00 Local updater ID is 0.0.0.0 (no valid interface found) Feature VLAN : -------------- VTP Operating Mode : Server Maximum VLANs supported locally : 1005 Number of existing VLANs : 5 Configuration Revision : 0 MD5 digest : 0x1A 0xFC 0x64 0xDA 0x8E 0xA1 0x8A 0x3B  

0x47 0x97 0x87 0xB1 0x8B 0x59 0xE9 0x52



VTP Password

There is no need to explain what the VTP password does. It is set to protect the VTP domain from rouge switches. Let's configure a password on SW1.


SW1#conf t Enter configuration commands, one per line. End with CNTL/Z. SW1(config)#vtp password ? WORD The ascii password for the VTP administrative domain. SW1(config)#vtp password cisco Setting device VLAN database password to cisco SW1(config)#end SW1# %SYS-5-CONFIG_I: Configured from console by console SW1#show vtp status VTP Version capable : 1 to 2 VTP version running : 2 VTP Domain Name : CISCO VTP Pruning Mode : Disabled VTP Traps Generation : Disabled Device ID : 0001.43A9.0200 Configuration last modified by 0.0.0.0 at 0-0-00 00:00:00 Local updater ID is 0.0.0.0 (no valid interface found) Feature VLAN : -------------- VTP Operating Mode : Server Maximum VLANs supported locally : 1005 Number of existing VLANs : 5 Configuration Revision : 0 MD5 digest : 0x68 0xDE 0x27 0x00 0xEB 0x43 0x67 0x3F 0x47 0xB4 0xB4 0x18 0x7F 0x7C 0xF5 0x81 SW1#show vtp password  

VTP Password: cisco


You can see that the password is stored and shown in cleartext. 



Labels:

Comments

Post a Comment

Popular posts from this blog

Rectangular Microstrip Patch Antenna

Microstrip is a type of electrical transmission line which can be fabricated using printed circuit board technology, and is used to convey microwave-frequency signals. It consists of a conducting strip separated from a ground plane by a dielectric layer known as the substrate. The most commonly employed microstrip antenna is a rectangular patch which looks like a truncated  microstrip  transmission line. It is approximately of one-half wavelength long. When air is used as the dielectric substrate, the length of the rectangular microstrip antenna is approximately one-half of a free-space  wavelength . As the antenna is loaded with a dielectric as its substrate, the length of the antenna decreases as the relative  dielectric constant  of the substrate increases. The resonant length of the antenna is slightly shorter because of the extended electric "fringing fields" which increase the electrical length of the antenna slightly. An early model of the microst...
Read more

How to Set Up Guest Access on Ruckus ZoneDirector – Step-by-Step Guide

 Are you looking to configure guest access on your Ruckus wireless network? In this blog, we’ll take you through the entire process of setting up secure guest access using Ruckus ZoneDirector. Whether you're an IT admin or a network manager, this guide will help you create a BYOD guest WLAN, set up guest pass authentication, and secure your network with wireless client isolation. Step-by-Step Tutorial Includes: Logging into the Ruckus ZoneDirector controller Configuring Guest Access services for BYOD devices Creating a dedicated guest WLAN Using guest pass authentication for added security Isolating guest devices on the network for better privacy Accessing the guest network from a client device By following this tutorial, you'll be able to provide a seamless and secure experience for visitors connecting to your WiFi network. Check out our video tutorial for a detailed walkthrough! #RuckusZoneDirector #GuestAccess #WiFiSetup #BYOD #WLANConfiguration #WirelessNetwork #NetworkSecu...
Post a Comment
Read more

Cracking Passwords Using John the Ripper: A Complete Step-by-Step Guide

Cracking Passwords Using John the Ripper: A Complete Step-by-Step Guide In today's post, we’re diving into a practical lab exercise that shows how to use John the Ripper, one of the most effective password-cracking tools in cybersecurity. Whether you're an IT professional or a cybersecurity student, mastering John the Ripper will help you understand password vulnerabilities and enhance your penetration testing skills. Lab Objective: The goal of this lab is to crack the root password on a Linux system (Support) and extract the password from a password-protected ZIP file (located on IT-Laptop). Both tasks are performed using John the Ripper. Steps to Crack the Root Password on Support: Open the Terminal on the Support system. Change directories to /usr/share/john . List the files and open password.lst to view common password guesses. Use John the Ripper to crack the root password by running john /etc/shadow . Once cracked, the password is stored in the john.pot file for future u...
Post a Comment
Read more