SolvedPrivate

VTP LOG RUNTTIME ERROR

Posted on 2016-07-29
31
125 Views
Last Modified: 2016-08-26
Hello Experts

We have VTP version 3 running on all our switches in the network. All the clients switches are inheriting the VLANs except one.

We have Cisco WS-C2950G-24-EI running VTP version 2 because it doesn't support  ver 3. This switch is not taking VLAN information from the server.

By running the debug on this switch we saw the following message

006243: 1y15w: VTP LOG RUNTIME: Transmit vtp summary, domain COMPANY, rev 229, followers 0, tlv blk size 8 (inc #tlv field),
   MD5 digest calculated = 21 73 84 0C 73 D6 DE FD 97 3B 59 93 7C F8 14 D7

006244: 1y15w: VTP LOG RUNTIME: Incoming packet version rcvd 3 unknown

Open in new window


I've verified the VTP domain and password is same.

The only difference I noted the MDG Digest Hashes

Server: 0xE6 0x6D 0xD1 0x2E 0x99 0x1B 0x7B 0xB4
             0x05 0xE4 0xB2 0xAC 0x74 0x33 0x69 0xEA

Affected Client : 0x21 0x73 0x84 0x0C 0x73 0xD6 0xDE 0xFD

Thanks
0
Comment
Question by:cciedreamer
  • 14
  • 11
  • 3
  • +1
31 Comments
 
LVL 4

Expert Comment

by:El Fierro
ID: 41734767
hi,i had a similar issue once it turned out to the password encryption that version 3 has wasn't allowing my version 2 to properly authenticate and propagate any changes being sent down. i am assuming one of your ver 3 boxes is running on server mode
0
 
LVL 3

Author Comment

by:cciedreamer
ID: 41734830
I've verified none of the switch is running server mode.
No idea why client is not authenticating to the server

Thanks
0
 
LVL 57

Expert Comment

by:giltjr
ID: 41745685
--> "I've verified none of the switch is running server mode."

If none of your switches are running in server mode, how are you distributing your VLANs?

How did you get digest hash from "the server"?
0
 
LVL 3

Author Comment

by:cciedreamer
ID: 41745701
I mean we have only 1 Primary server and other switches are clients
We dont have any other server in the network
0
 
LVL 4

Expert Comment

by:El Fierro
ID: 41745731
What do u get when u run 'show vtp password'
0
 
LVL 57

Expert Comment

by:giltjr
ID: 41745732
O.K, is the server V3?  ElFierro stated that he had a similar problem where server was V3 and client was V2.
0
 
LVL 3

Author Comment

by:cciedreamer
ID: 41745748
The problematic is supporting only v1 and 2 and currently running v2
The password is appearing in clear text on this switch
On the server it is showing encrypted password
0
 
LVL 3

Author Comment

by:cciedreamer
ID: 41745750
The problematic switch is supporting only v1 and 2 and currently running v2
The server is running V3
The password is appearing in clear text on problematic switch

On the server it is showing encrypted password
0
 
LVL 57

Expert Comment

by:giltjr
ID: 41745784
I believe that only VTP V3 can store the password encrypted. VTP V2 and V1 it is stored in clear text, but you have to be in enable mode to see it.

Are you 100% sure that the password you entered in the V2 client is the correct password?

And that the V2 client and V3 server are connected to each other via a trunk link?
0
 
LVL 3

Author Comment

by:cciedreamer
ID: 41745787
Yes 100% sure

The current password on vtp server is cisco

The password appears encrypted on the server

I used the same password on problematic client switch i.e cisco

P.S the password cisco is only example
0
 
LVL 57

Expert Comment

by:giltjr
ID: 41751879
I'm not 100% sure of which show vtp commands will work on your devices, but can you post the output from commands (from the server and the router having the issue) like:

show vtp domain
show vtp status
show vtp counters
show vtp statistics
0
 
LVL 32

Expert Comment

by:harbor235
ID: 41752029
The fact that the MD5 hash is different on the server and the client indicated the input (or password) is different.


harbor235 ;}
0
 
LVL 32

Expert Comment

by:harbor235
ID: 41752035
The last post reads horribly, let me try again

The fact that the MD5 hash is different on the server and on the client indicates that the input (or password) is different on each device.


harbor235 ;}
0
 
LVL 57

Expert Comment

by:giltjr
ID: 41752510
Although we  have been down that path before, I agree with harbor235.  I still think you have the wrong password on the V2 client.

When you enter the password on the client are you entering the encrypted value that the server has as opposed to the actual password?
0
 
LVL 3

Author Comment

by:cciedreamer
ID: 41752514
Thanks
I'm putting the actual password
0
Control application downtime with dependency maps

Visualize the interdependencies between application components better with Applications Manager's automated application discovery and dependency mapping feature. Resolve performance issues faster by quickly isolating problematic components.

 
LVL 32

Expert Comment

by:harbor235
ID: 41752547
Clear the password and re-input, are you using the same version of code? hopefully it is a recommended version?


harbor235 ;}
0
 
LVL 3

Author Comment

by:cciedreamer
ID: 41757037
Actually I'm out of office and will return tomorrow, I'll do as suggested as soon as resume the office.

Thanks
0
 
LVL 3

Author Comment

by:cciedreamer
ID: 41767161
Hi,
I cleared and reconfigured the password but no luck.

Switch is running this code

Cisco Internetwork Operating System Software 
IOS (tm) C2950 Software (C2950-I6K2L2Q4-M), Version 12.1(22)EA14, RELEASE SOFTWARE (fc1)

Open in new window

0
 
LVL 57

Expert Comment

by:giltjr
ID: 41767461
0
 
LVL 3

Author Comment

by:cciedreamer
ID: 41767509
show vtp domain and statistics command is not working on our switch, below is the output for remaining commands

Server

SW-6500-B1WFB-SR1-CS1#sh vtp status 
VTP Version                     : 3 (capable)
VTP version running             : 3
VTP Domain Name                 : COMPANY
VTP Pruning Mode                : Enabled (Operationally Enabled)
VTP Traps Generation            : Disabled
Device ID                       : 001a.e3f5.4400

Feature VLAN:
--------------
VTP Operating Mode                : Primary Server
Number of existing VLANs          : 73
Number of existing extended VLANs : 0
Configuration Revision            : 41
Primary ID                        : 001a.e3f5.4400
Primary Description               : SW-6500-B1WFB-SR1-CS1
MD5 digest                        : 0x4C 0x08 0xFA 0x37 0xFA 0x0B 0x6A 0x93 
                                    0x1C 0x5A 0x3E 0x49 0xB0 0x71 0x12 0x30 


Feature MST:
--------------
VTP Operating Mode                : Transparent


Feature UNKNOWN:
--------------
VTP Operating Mode                : Transparent

show vtp counters

VTP statistics:
Summary advertisements received    : 1575721
Subset advertisements received     : 152
Request advertisements received    : 1410
Summary advertisements transmitted : 1749383
Subset advertisements transmitted  : 1859
Request advertisements transmitted : 418
Number of config revision errors   : 0
Number of config digest errors     : 0
Number of V1 summary errors        : 0

Open in new window


Client

sh vtp status 
VTP Version                     : 2
Configuration Revision          : 229
Maximum VLANs supported locally : 250
Number of existing VLANs        : 64
VTP Operating Mode              : Client
VTP Domain Name                 : COMPANY
VTP Pruning Mode                : Enabled
VTP V2 Mode                     : Enabled
VTP Traps Generation            : Disabled
MD5 digest                      : 0x32 0x7C 0x6C 0xD4 0xDC 0xAC 0x69 0x2A

show vtp counters

VTP statistics:
Summary advertisements received    : 33358
Subset advertisements received     : 96
Request advertisements received    : 0
Summary advertisements transmitted : 107551
Subset advertisements transmitted  : 24
Request advertisements transmitted : 0
Number of config revision errors   : 1
Number of config digest errors     : 0
Number of V1 summary errors        : 0

Open in new window

0
 
LVL 57

Expert Comment

by:giltjr
ID: 41767574
The client shows 64 VLAN's and the server shows 73.  Are any of the 73 on the server extended VLANs?

What happens if you add a VLAN to the server that is not an extended VLAN?  Will it show up on the client?
0
 
LVL 3

Author Comment

by:cciedreamer
ID: 41767597
This is the issue whatever VLANs I'm creating on the server its not propagating to this clients.

This is was debug log message I posted in original question

006243: 1y15w: VTP LOG RUNTIME: Transmit vtp summary, domain COMPANY, rev 229, followers 0, tlv blk size 8 (inc #tlv field),
   MD5 digest calculated = 21 73 84 0C 73 D6 DE FD 97 3B 59 93 7C F8 14 D7

006244: 1y15w: VTP LOG RUNTIME: Incoming packet version rcvd 3 unknown

Open in new window

0
 
LVL 57

Expert Comment

by:giltjr
ID: 41767799
The issue is how did the 64 VLAN on the client get there?  Unless I am mistaken, or something has changed,  I don't think you can't add a VLAN directly to a VTP client.  It can only get VLAN's from a VTP server.

Was this a brand new router, or a used one?  Are the VLAN's currently on the router the correct ones?
0
 
LVL 3

Author Comment

by:cciedreamer
ID: 41767854
Sorry for some missing information

We just upgraded all our switches to VTP version 3
Earlier all switches were running V2

The VLANs were propagating when they were running V2
0
 
LVL 57

Expert Comment

by:giltjr
ID: 41770150
Ah.  Did you change the password when you migrated from V2 to V3?

On the router that is having the problem can you clear the vtp counters and monitor?
0
 
LVL 57

Accepted Solution

by:
giltjr earned 500 total points
ID: 41770162
Ah, just notice one possible issue.  It looks like when you converted the primary from V2 to V3 the revision number got reset.  If you notice your primary server shows revision number 41, but the device you are having a problem with shows revision number 229.

Since the server's revision number is lower than the clients, the client will not update.

I have never had to do this, but what I suggest is that you backup the vlan.dat file and your startup config file.  You may even want to search to see how to backup the vlan database on a VTP client.  I would hate for you to have a worse problem than what you are currently experiencing.

Once you know how to backup the client's VLAN database and restore it, delete the vlan.dat file.  That should make its revision number "0" which should allow it to update the VLAN's via VTP.

I'm still worried about the MD5 hash mismatch on the passwords, but the revision number issue is most likely the cause.
1
 
LVL 3

Author Comment

by:cciedreamer
ID: 41770185
Thanks glitjr

Or changing the domain would also reset the configuration revision number. Correct?
0
 
LVL 57

Expert Comment

by:giltjr
ID: 41770236
I think it would, but that would cause other issues as you would need  to change the VTP domain name on every switch.

Wiping out the vlan.dat file on the one switch you are having a problem with should only affect that one switch.
0
 
LVL 3

Author Comment

by:cciedreamer
ID: 41770239
On the problematic switch, I can change vtp mode to transparent and change back to client, this will reset the configuration of the client switch to Zero.

I guess then this problematic switch should be able to take updates from server.

I will not do anything on the server.
0
 
LVL 3

Author Comment

by:cciedreamer
ID: 41770328
The issue is solved

I changed vtp mode to transparent and change back to client, configuration revision number became zero.
After moving back to client mode the VLANs were updated immediately on this switch

Thanks glitjr for pointing me to right direction
1

Featured Post

6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

Join & Write a Comment

Exchange server is not supported in any cloud-hosted platform (other than Azure with Azure Premium Storage).
Use of TCL script on Cisco devices:  - create file and merge it with running configuration to apply configuration changes
Saved searches can save you time by quickly referencing commonly searched terms on any topic. Whether you are looking for questions you can answer or hoping to learn about a specific issue, a saved search can help you get the most out of your time o…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now