Techrunner
asked on
VTP LOG RUNTTIME ERROR
Hello Experts
We have VTP version 3 running on all our switches in the network. All the clients switches are inheriting the VLANs except one.
We have Cisco WS-C2950G-24-EI running VTP version 2 because it doesn't support ver 3. This switch is not taking VLAN information from the server.
By running the debug on this switch we saw the following message
I've verified the VTP domain and password is same.
The only difference I noted the MDG Digest Hashes
Server: 0xE6 0x6D 0xD1 0x2E 0x99 0x1B 0x7B 0xB4
0x05 0xE4 0xB2 0xAC 0x74 0x33 0x69 0xEA
Affected Client : 0x21 0x73 0x84 0x0C 0x73 0xD6 0xDE 0xFD
Thanks
We have VTP version 3 running on all our switches in the network. All the clients switches are inheriting the VLANs except one.
We have Cisco WS-C2950G-24-EI running VTP version 2 because it doesn't support ver 3. This switch is not taking VLAN information from the server.
By running the debug on this switch we saw the following message
006243: 1y15w: VTP LOG RUNTIME: Transmit vtp summary, domain COMPANY, rev 229, followers 0, tlv blk size 8 (inc #tlv field),
MD5 digest calculated = 21 73 84 0C 73 D6 DE FD 97 3B 59 93 7C F8 14 D7
006244: 1y15w: VTP LOG RUNTIME: Incoming packet version rcvd 3 unknown
I've verified the VTP domain and password is same.
The only difference I noted the MDG Digest Hashes
Server: 0xE6 0x6D 0xD1 0x2E 0x99 0x1B 0x7B 0xB4
0x05 0xE4 0xB2 0xAC 0x74 0x33 0x69 0xEA
Affected Client : 0x21 0x73 0x84 0x0C 0x73 0xD6 0xDE 0xFD
Thanks
hi,i had a similar issue once it turned out to the password encryption that version 3 has wasn't allowing my version 2 to properly authenticate and propagate any changes being sent down. i am assuming one of your ver 3 boxes is running on server mode
ASKER
I've verified none of the switch is running server mode.
No idea why client is not authenticating to the server
Thanks
No idea why client is not authenticating to the server
Thanks
--> "I've verified none of the switch is running server mode."
If none of your switches are running in server mode, how are you distributing your VLANs?
How did you get digest hash from "the server"?
If none of your switches are running in server mode, how are you distributing your VLANs?
How did you get digest hash from "the server"?
ASKER
I mean we have only 1 Primary server and other switches are clients
We dont have any other server in the network
We dont have any other server in the network
What do u get when u run 'show vtp password'
O.K, is the server V3? ElFierro stated that he had a similar problem where server was V3 and client was V2.
ASKER
The problematic is supporting only v1 and 2 and currently running v2
The password is appearing in clear text on this switch
On the server it is showing encrypted password
The password is appearing in clear text on this switch
On the server it is showing encrypted password
ASKER
The problematic switch is supporting only v1 and 2 and currently running v2
The server is running V3
The password is appearing in clear text on problematic switch
On the server it is showing encrypted password
The server is running V3
The password is appearing in clear text on problematic switch
On the server it is showing encrypted password
I believe that only VTP V3 can store the password encrypted. VTP V2 and V1 it is stored in clear text, but you have to be in enable mode to see it.
Are you 100% sure that the password you entered in the V2 client is the correct password?
And that the V2 client and V3 server are connected to each other via a trunk link?
Are you 100% sure that the password you entered in the V2 client is the correct password?
And that the V2 client and V3 server are connected to each other via a trunk link?
ASKER
Yes 100% sure
The current password on vtp server is cisco
The password appears encrypted on the server
I used the same password on problematic client switch i.e cisco
P.S the password cisco is only example
The current password on vtp server is cisco
The password appears encrypted on the server
I used the same password on problematic client switch i.e cisco
P.S the password cisco is only example
I'm not 100% sure of which show vtp commands will work on your devices, but can you post the output from commands (from the server and the router having the issue) like:
show vtp domain
show vtp status
show vtp counters
show vtp statistics
show vtp domain
show vtp status
show vtp counters
show vtp statistics
The fact that the MD5 hash is different on the server and the client indicated the input (or password) is different.
harbor235 ;}
harbor235 ;}
The last post reads horribly, let me try again
The fact that the MD5 hash is different on the server and on the client indicates that the input (or password) is different on each device.
harbor235 ;}
The fact that the MD5 hash is different on the server and on the client indicates that the input (or password) is different on each device.
harbor235 ;}
Although we have been down that path before, I agree with harbor235. I still think you have the wrong password on the V2 client.
When you enter the password on the client are you entering the encrypted value that the server has as opposed to the actual password?
When you enter the password on the client are you entering the encrypted value that the server has as opposed to the actual password?
ASKER
Thanks
I'm putting the actual password
I'm putting the actual password
Clear the password and re-input, are you using the same version of code? hopefully it is a recommended version?
harbor235 ;}
harbor235 ;}
ASKER
Actually I'm out of office and will return tomorrow, I'll do as suggested as soon as resume the office.
Thanks
Thanks
ASKER
Hi,
I cleared and reconfigured the password but no luck.
Switch is running this code
I cleared and reconfigured the password but no luck.
Switch is running this code
Cisco Internetwork Operating System Software
IOS (tm) C2950 Software (C2950-I6K2L2Q4-M), Version 12.1(22)EA14, RELEASE SOFTWARE (fc1)
ASKER
show vtp domain and statistics command is not working on our switch, below is the output for remaining commands
Server
Client
Server
SW-6500-B1WFB-SR1-CS1#sh vtp status
VTP Version : 3 (capable)
VTP version running : 3
VTP Domain Name : COMPANY
VTP Pruning Mode : Enabled (Operationally Enabled)
VTP Traps Generation : Disabled
Device ID : 001a.e3f5.4400
Feature VLAN:
--------------
VTP Operating Mode : Primary Server
Number of existing VLANs : 73
Number of existing extended VLANs : 0
Configuration Revision : 41
Primary ID : 001a.e3f5.4400
Primary Description : SW-6500-B1WFB-SR1-CS1
MD5 digest : 0x4C 0x08 0xFA 0x37 0xFA 0x0B 0x6A 0x93
0x1C 0x5A 0x3E 0x49 0xB0 0x71 0x12 0x30
Feature MST:
--------------
VTP Operating Mode : Transparent
Feature UNKNOWN:
--------------
VTP Operating Mode : Transparent
show vtp counters
VTP statistics:
Summary advertisements received : 1575721
Subset advertisements received : 152
Request advertisements received : 1410
Summary advertisements transmitted : 1749383
Subset advertisements transmitted : 1859
Request advertisements transmitted : 418
Number of config revision errors : 0
Number of config digest errors : 0
Number of V1 summary errors : 0
Client
sh vtp status
VTP Version : 2
Configuration Revision : 229
Maximum VLANs supported locally : 250
Number of existing VLANs : 64
VTP Operating Mode : Client
VTP Domain Name : COMPANY
VTP Pruning Mode : Enabled
VTP V2 Mode : Enabled
VTP Traps Generation : Disabled
MD5 digest : 0x32 0x7C 0x6C 0xD4 0xDC 0xAC 0x69 0x2A
show vtp counters
VTP statistics:
Summary advertisements received : 33358
Subset advertisements received : 96
Request advertisements received : 0
Summary advertisements transmitted : 107551
Subset advertisements transmitted : 24
Request advertisements transmitted : 0
Number of config revision errors : 1
Number of config digest errors : 0
Number of V1 summary errors : 0
The client shows 64 VLAN's and the server shows 73. Are any of the 73 on the server extended VLANs?
What happens if you add a VLAN to the server that is not an extended VLAN? Will it show up on the client?
What happens if you add a VLAN to the server that is not an extended VLAN? Will it show up on the client?
ASKER
This is the issue whatever VLANs I'm creating on the server its not propagating to this clients.
This is was debug log message I posted in original question
This is was debug log message I posted in original question
006243: 1y15w: VTP LOG RUNTIME: Transmit vtp summary, domain COMPANY, rev 229, followers 0, tlv blk size 8 (inc #tlv field),
MD5 digest calculated = 21 73 84 0C 73 D6 DE FD 97 3B 59 93 7C F8 14 D7
006244: 1y15w: VTP LOG RUNTIME: Incoming packet version rcvd 3 unknown
The issue is how did the 64 VLAN on the client get there? Unless I am mistaken, or something has changed, I don't think you can't add a VLAN directly to a VTP client. It can only get VLAN's from a VTP server.
Was this a brand new router, or a used one? Are the VLAN's currently on the router the correct ones?
Was this a brand new router, or a used one? Are the VLAN's currently on the router the correct ones?
ASKER
Sorry for some missing information
We just upgraded all our switches to VTP version 3
Earlier all switches were running V2
The VLANs were propagating when they were running V2
We just upgraded all our switches to VTP version 3
Earlier all switches were running V2
The VLANs were propagating when they were running V2
Ah. Did you change the password when you migrated from V2 to V3?
On the router that is having the problem can you clear the vtp counters and monitor?
On the router that is having the problem can you clear the vtp counters and monitor?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks glitjr
Or changing the domain would also reset the configuration revision number. Correct?
Or changing the domain would also reset the configuration revision number. Correct?
I think it would, but that would cause other issues as you would need to change the VTP domain name on every switch.
Wiping out the vlan.dat file on the one switch you are having a problem with should only affect that one switch.
Wiping out the vlan.dat file on the one switch you are having a problem with should only affect that one switch.
ASKER
On the problematic switch, I can change vtp mode to transparent and change back to client, this will reset the configuration of the client switch to Zero.
I guess then this problematic switch should be able to take updates from server.
I will not do anything on the server.
I guess then this problematic switch should be able to take updates from server.
I will not do anything on the server.
ASKER
The issue is solved
I changed vtp mode to transparent and change back to client, configuration revision number became zero.
After moving back to client mode the VLANs were updated immediately on this switch
Thanks glitjr for pointing me to right direction
I changed vtp mode to transparent and change back to client, configuration revision number became zero.
After moving back to client mode the VLANs were updated immediately on this switch
Thanks glitjr for pointing me to right direction