[nsp] VLAN database propagation

Tim Stevenson tstevens at cisco.com
Thu Mar 18 22:03:24 EST 2004


Yes, changing the domain name resets the revision #.

The problem described (blowing away the vlan dbase) is fondly known as the "vtp bomb" problem. Let's face it, VTP v1/2 is not all that sophisticated a protocol.

VTPv3 prevents the VTP bomb problem. Of course, all switches must run v3. Also, you can't just configure vlans willy-nilly on any old vtp server. You must do the config on the primary vtp server. But v3 does provide safeguards against this problem.

Tim

At 06:49 PM 3/18/2004, cisco-nsp-request at puck.nether.net quipped:
>Message: 2
>Date: Thu, 18 Mar 2004 21:36:57 -0500 (EST)
>From: jlewis at lewis.org
>Subject: Re: [nsp] VLAN database propagation
>To: Cisco Nsp <cisco-nsp at puck.nether.net>
>Message-ID: <Pine.LNX.4.58.0403182132170.20192 at web1.mmaero.com>
>Content-Type: TEXT/PLAIN; charset=US-ASCII
>
>On Thu, 18 Mar 2004, Liviu Pislaru wrote:
>
>> It is very important to verify a switch's VTP configuration before
>> connecting it to a production network. If the switch has been previously
>> configured or used elsewhere , it might already be in a VTP server mode
>> with a VTP config revision number that is higher than other switches in
>> the production VTP domain.
>
>Isn't that what VTP domain names and VTP passwords are for?  To keep you
>from accidentally blowing away your VLANs by connecting a "strange"
>switch?
>
>Not having come to this point yet, how do you reset the VTP revision
>number?...or does it automatically reset when the VTP domain name is
>changed?
>
>----------------------------------------------------------------------
> Jon Lewis *jlewis at lewis.org*|  I route
> Senior Network Engineer     |  therefore you are
> Atlantic Net                |
>_________ http://www.lewis.org/~jlewis/pgp for PGP public key_________
>


Tim Stevenson, tstevens at cisco.com
Routing & Switching CCIE #5561
Technical Marketing Engineer, Catalyst 6500
Cisco Systems, http://www.cisco.com
IP Phone: 408-526-6759
********************************************************
The contents of this message may be *Cisco Confidential*
and are intended for the specified recipients only.



More information about the cisco-nsp mailing list