From: Cisco Field Manual: Catalyst Switch Configuration
<http://www.ciscopress.com/title/1587050439>
VTP version 2 offers the following support options not available with
version 1:
*
*Unrecognized /type-length-value/ (TLV) support*—A VTP server or
client propagates configuration changes to its other trunks, even
for TLVs it is not able to parse. The unrecognized TLV is saved in
NVRAM.
*
*Version-dependent transparent mode*—In VTP version 1, a VTP
transparent switch inspects VTP messages for the domain name and
version and forwards a message only if the version and domain name
match. Because only one domain is supported in the Supervisor
engine software, VTP version 2 forwards VTP messages in
transparent mode, without checking the version.
*
*Consistency checks*—In VTP version 2, VLAN consistency checks
(such as VLAN names and values) are performed only when you enter
new information through the /command-line interface/ (CLI) or
/Simple Network Management Protocol/ (SNMP). Consistency checks
are not performed when new information is obtained from a VTP
message or when information is read from NVRAM. If the digest on a
received VTP message is correct, its information is accepted
without consistency checks.
>>as you can see int the last part of the last sentence this seems to
indicate that if the Hash Matches in VTP version 2 then the consistency
checks are not performed.
Where the task seems to indicate that it is NOT checked in VTPv1 but in
VTPv2 only. But if you do a "debug sw-VLAN vtp events" in either mode
the output indicates that the MD5 digest is calculated each time there
is an update performed at the CLI. This is the source of my confusion. <<
Regards,
Terry
prakash patel wrote:
> •Consistency Checks—In VTP Version 2, VLAN consistency checks (such as
> VLAN names and values) are performed only when you enter new
> information through the CLI or SNMP. Consistency checks are not
> performed when new information is obtained from a VTP message or when
> information is read from NVRAM. If the MD5 digest on a received VTP
> message is correct, its information is accepted.
>
>
>
> VTP Version 1 and Version 2 Configuration Guidelines
>
> This section describes the guidelines for implementing VTP in your
> network:
>
> •All switches in a VTP domain must run the same VTP version.
>
> •You must configure a password on each switch in the management domain
> when you are in secure mode.
>
> ------------------------------------------------------------------------
> *Caution *If you configure VTP in secure mode, the management domain
> will not function properly if you do not assign a management domain
> password to each switch in the domain.
> ------------------------------------------------------------------------
>
> •A VTP version 2-capable switch can operate in the same VTP domain as
> a switch running VTP version 1 if VTP version 2 is disabled on the VTP
> version 2-capable switch (VTP version 2 is disabled by default).
>
> •Do not enable VTP version 2 on a switch unless all of the switches in
> the same VTP domain are version 2 capable. When you enable VTP
> version 2 on a switch, all of the version 2-capable switches in the
> domain enable VTP version 2.
>
> •In a Token Ring environment, you must enable VTP version 2 for Token
> Ring VLAN switching to function properly.
>
> •Enabling or disabling VTP pruning on a VTP server enables or disables
> VTP pruning for the entire management domain.
>
> •Making VLANs pruning eligible or pruning ineligible on a switch
> affects pruning eligibility for those VLANs on that device only (not
> on all switches in the VTP domain).
>
>
>
>
> Passwords
>
> You can configure a password for the VTP domain, but it is not
> required. If you do configure a domain password, all domain switches
> must share the same password and you must configure the password on
> each switch in the management domain. Switches without a password or
> with the wrong password reject VTP advertisements.
>
> If you configure a VTP password for a domain, a switch that is booted
> without a VTP configuration does not accept VTP advertisements until
> you configure it with the correct password. After the configuration,
> the switch accepts the next VTP advertisement that uses the same
> password and domain name in the advertisement.
>
> If you are adding a new switch to an existing network with VTP
> capability, the new switch learns the domain name only after the
> applicable password has been configured on it.
>
> ------------------------------------------------------------------------
> *Caution *When you configure a VTP domain password, the management
> domain does not function properly if you do not assign a management
> domain password to each switch in the domain.
>
>
>
> > Date: Fri, 10 Jul 2009 13:19:48 -0400
> > From: [email protected]
> > To: [email protected]
> > Subject: Re: [OSL | CCIE_RS] Question Regarding Ver 11 WB 1 task 2.2
> >
> > Let me change my question. In VTP version 1 is the MD5 consistency not
> > checked? Is it just the version and domain name?
> >
> > Terry
> >
> >
> >
> > prakash patel wrote:
> > > Basically , I like to stress on
> > >
> > > "mismatch version" will kill you . so maintain uniformity among all.
> > >
> > > so though ur password, domain will match...version discrepancy will
> > > give u trouble.
> > >
> > > Message digest is the a algorhithm itself.
> > >
> > > I try not to give u solution but like to make u think a little.
> > >
> > > thanks
> > >
> > > Prakash
> > >
> > > > Date: Fri, 10 Jul 2009 12:53:41 -0400
> > > > From: [email protected]
> > > > To: [email protected]
> > > > Subject: Re: [OSL | CCIE_RS] Question Regarding Ver 11 WB 1 task 2.2
> > > >
> > > > Prakash,
> > > >
> > > > I have tried both, and I realize that both support MD5, I was
> > > > commenting on the fact that "it seemed to imply that VTPv1 didn't
> > > > support MD5 (based on the solution)" not that I thought it didn't.
> > > >
> > > > My question was regarding the differences between V2 and V1 and
> what is
> > > > happening in the background.
> > > >
> > > > Unless I misunderstand, what you are asking me too look for I don't
> > > > think that's the answer to my question.
> > > >
> > > > Thanks,
> > > > Terry
> > > >
> > > > prakash patel wrote:
> > > > > try using both versions
> > > > >
> > > > > and do show vtp status ( word message digest)
> > > > >
> > > > > that should answer ur question
> > > > >
> > > > > > Date: Fri, 10 Jul 2009 11:50:16 -0400
> > > > > > From: [email protected]
> > > > > > To: [email protected]
> > > > > > Subject: [OSL | CCIE_RS] Question Regarding Ver 11 WB 1 task 2.2
> > > > > >
> > > > > > Hi guys,
> > > > > >
> > > > > > I have a question regarding this specific part of task 2.2:
> > > > > >
> > > > > > The task is Cat1 should send VLAN updates with an MD5
> one-way hash
> > > > > > value. Other switches should not be able to process these
> updates
> > > > > > unless they have the same MD5 value.
> > > > > >
> > > > > > My question is in regards to the solution, where we are told to
> > > use VTP
> > > > > > Version 2 to require this matching of hash values.
> > > > > >
> > > > > > It was my understanding the both V1 and V2 use consistency
> > > checks, and
> > > > > > furthermore V1 checks more values than V2. Further more my
> > > > > > understanding was the if V2 is used and the Hash's match the
> > > VTPv2 will
> > > > > > forward it (on that criteria alone), thus reducing the overhead
> > > > > > incumbent in VTPv1.
> > > > > >
> > > > > > Reading the question initially seems to imply (based on the
> > > solution)
> > > > > > that VTPv1 would not check the hash, where VTPv2 would.
> > > > > >
> > > > > > Just asking for clarifications sake.
> > > > > >
> > > > > > Warmest Regards,
> > > > > > Terry
> > > > > >
> > > > > > _______________________________________________
> > > > > > For more information regarding industry leading CCIE Lab
> training,
> > > > > please visit www.ipexpert.com
> > > > >
> > > > >
> > >
> ------------------------------------------------------------------------
> > > > > Hotmail® has ever-growing storage! Don’t worry about storage
> limits.
> > > > > Check it out.
> > > > >
> > >
> <http://windowslive.com/Tutorial/Hotmail/Storage?ocid=TXT_TAGLM_WL_HM_Tutorial_Storage_062009>
> > > >
> > >
> > >
> ------------------------------------------------------------------------
> > > Windows Live™ SkyDrive™: Get 25 GB of free online storage. Get it on
> > > your BlackBerry or iPhone.
> > >
> <http://windowslive.com/online/skydrive?ocid=TXT_TAGLM_WL_SD_25GB_062009>
> >
>
> ------------------------------------------------------------------------
> Lauren found her dream laptop. Find the PC that’s right for you.
> <http://www.microsoft.com/windows/choosepc/?ocid=ftp_val_wl_290>
_______________________________________________
For more information regarding industry leading CCIE Lab training, please visit
www.ipexpert.com
