Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Private
  • Views: 184
  • Last Modified:

VTP LOG RUNTTIME ERROR

Hello Experts

We have VTP version 3 running on all our switches in the network. All the clients switches are inheriting the VLANs except one.

We have Cisco WS-C2950G-24-EI running VTP version 2 because it doesn't support  ver 3. This switch is not taking VLAN information from the server.

By running the debug on this switch we saw the following message

006243: 1y15w: VTP LOG RUNTIME: Transmit vtp summary, domain COMPANY, rev 229, followers 0, tlv blk size 8 (inc #tlv field),
   MD5 digest calculated = 21 73 84 0C 73 D6 DE FD 97 3B 59 93 7C F8 14 D7

006244: 1y15w: VTP LOG RUNTIME: Incoming packet version rcvd 3 unknown

Open in new window


I've verified the VTP domain and password is same.

The only difference I noted the MDG Digest Hashes

Server: 0xE6 0x6D 0xD1 0x2E 0x99 0x1B 0x7B 0xB4
             0x05 0xE4 0xB2 0xAC 0x74 0x33 0x69 0xEA

Affected Client : 0x21 0x73 0x84 0x0C 0x73 0xD6 0xDE 0xFD

Thanks
0
cciedreamer
Asked:
cciedreamer
  • 14
  • 11
  • 3
  • +1
1 Solution
 
El FierroNetwork EngineerCommented:
hi,i had a similar issue once it turned out to the password encryption that version 3 has wasn't allowing my version 2 to properly authenticate and propagate any changes being sent down. i am assuming one of your ver 3 boxes is running on server mode
0
 
cciedreamerAuthor Commented:
I've verified none of the switch is running server mode.
No idea why client is not authenticating to the server

Thanks
0
 
giltjrCommented:
--> "I've verified none of the switch is running server mode."

If none of your switches are running in server mode, how are you distributing your VLANs?

How did you get digest hash from "the server"?
0
[Video] Create a Disruption-Free Workspace

Open offices have their challenges. And Sometimes, it's even hard to work at work. It's time to reclaim your office and create a disruption-free workspace. With the MB 660, you can:

-Increase Concentration
-Improve well-being
-Boost Productivity

 
cciedreamerAuthor Commented:
I mean we have only 1 Primary server and other switches are clients
We dont have any other server in the network
0
 
El FierroNetwork EngineerCommented:
What do u get when u run 'show vtp password'
0
 
giltjrCommented:
O.K, is the server V3?  ElFierro stated that he had a similar problem where server was V3 and client was V2.
0
 
cciedreamerAuthor Commented:
The problematic is supporting only v1 and 2 and currently running v2
The password is appearing in clear text on this switch
On the server it is showing encrypted password
0
 
cciedreamerAuthor Commented:
The problematic switch is supporting only v1 and 2 and currently running v2
The server is running V3
The password is appearing in clear text on problematic switch

On the server it is showing encrypted password
0
 
giltjrCommented:
I believe that only VTP V3 can store the password encrypted. VTP V2 and V1 it is stored in clear text, but you have to be in enable mode to see it.

Are you 100% sure that the password you entered in the V2 client is the correct password?

And that the V2 client and V3 server are connected to each other via a trunk link?
0
 
cciedreamerAuthor Commented:
Yes 100% sure

The current password on vtp server is cisco

The password appears encrypted on the server

I used the same password on problematic client switch i.e cisco

P.S the password cisco is only example
0
 
giltjrCommented:
I'm not 100% sure of which show vtp commands will work on your devices, but can you post the output from commands (from the server and the router having the issue) like:

show vtp domain
show vtp status
show vtp counters
show vtp statistics
0
 
harbor235Commented:
The fact that the MD5 hash is different on the server and the client indicated the input (or password) is different.


harbor235 ;}
0
 
harbor235Commented:
The last post reads horribly, let me try again

The fact that the MD5 hash is different on the server and on the client indicates that the input (or password) is different on each device.


harbor235 ;}
0
 
giltjrCommented:
Although we  have been down that path before, I agree with harbor235.  I still think you have the wrong password on the V2 client.

When you enter the password on the client are you entering the encrypted value that the server has as opposed to the actual password?
0
 
cciedreamerAuthor Commented:
Thanks
I'm putting the actual password
0
 
harbor235Commented:
Clear the password and re-input, are you using the same version of code? hopefully it is a recommended version?


harbor235 ;}
0
 
cciedreamerAuthor Commented:
Actually I'm out of office and will return tomorrow, I'll do as suggested as soon as resume the office.

Thanks
0
 
cciedreamerAuthor Commented:
Hi,
I cleared and reconfigured the password but no luck.

Switch is running this code

Cisco Internetwork Operating System Software 
IOS (tm) C2950 Software (C2950-I6K2L2Q4-M), Version 12.1(22)EA14, RELEASE SOFTWARE (fc1)

Open in new window

0
 
cciedreamerAuthor Commented:
show vtp domain and statistics command is not working on our switch, below is the output for remaining commands

Server

SW-6500-B1WFB-SR1-CS1#sh vtp status 
VTP Version                     : 3 (capable)
VTP version running             : 3
VTP Domain Name                 : COMPANY
VTP Pruning Mode                : Enabled (Operationally Enabled)
VTP Traps Generation            : Disabled
Device ID                       : 001a.e3f5.4400

Feature VLAN:
--------------
VTP Operating Mode                : Primary Server
Number of existing VLANs          : 73
Number of existing extended VLANs : 0
Configuration Revision            : 41
Primary ID                        : 001a.e3f5.4400
Primary Description               : SW-6500-B1WFB-SR1-CS1
MD5 digest                        : 0x4C 0x08 0xFA 0x37 0xFA 0x0B 0x6A 0x93 
                                    0x1C 0x5A 0x3E 0x49 0xB0 0x71 0x12 0x30 


Feature MST:
--------------
VTP Operating Mode                : Transparent


Feature UNKNOWN:
--------------
VTP Operating Mode                : Transparent

show vtp counters

VTP statistics:
Summary advertisements received    : 1575721
Subset advertisements received     : 152
Request advertisements received    : 1410
Summary advertisements transmitted : 1749383
Subset advertisements transmitted  : 1859
Request advertisements transmitted : 418
Number of config revision errors   : 0
Number of config digest errors     : 0
Number of V1 summary errors        : 0

Open in new window


Client

sh vtp status 
VTP Version                     : 2
Configuration Revision          : 229
Maximum VLANs supported locally : 250
Number of existing VLANs        : 64
VTP Operating Mode              : Client
VTP Domain Name                 : COMPANY
VTP Pruning Mode                : Enabled
VTP V2 Mode                     : Enabled
VTP Traps Generation            : Disabled
MD5 digest                      : 0x32 0x7C 0x6C 0xD4 0xDC 0xAC 0x69 0x2A

show vtp counters

VTP statistics:
Summary advertisements received    : 33358
Subset advertisements received     : 96
Request advertisements received    : 0
Summary advertisements transmitted : 107551
Subset advertisements transmitted  : 24
Request advertisements transmitted : 0
Number of config revision errors   : 1
Number of config digest errors     : 0
Number of V1 summary errors        : 0

Open in new window

0
 
giltjrCommented:
The client shows 64 VLAN's and the server shows 73.  Are any of the 73 on the server extended VLANs?

What happens if you add a VLAN to the server that is not an extended VLAN?  Will it show up on the client?
0
 
cciedreamerAuthor Commented:
This is the issue whatever VLANs I'm creating on the server its not propagating to this clients.

This is was debug log message I posted in original question

006243: 1y15w: VTP LOG RUNTIME: Transmit vtp summary, domain COMPANY, rev 229, followers 0, tlv blk size 8 (inc #tlv field),
   MD5 digest calculated = 21 73 84 0C 73 D6 DE FD 97 3B 59 93 7C F8 14 D7

006244: 1y15w: VTP LOG RUNTIME: Incoming packet version rcvd 3 unknown

Open in new window

0
 
giltjrCommented:
The issue is how did the 64 VLAN on the client get there?  Unless I am mistaken, or something has changed,  I don't think you can't add a VLAN directly to a VTP client.  It can only get VLAN's from a VTP server.

Was this a brand new router, or a used one?  Are the VLAN's currently on the router the correct ones?
0
 
cciedreamerAuthor Commented:
Sorry for some missing information

We just upgraded all our switches to VTP version 3
Earlier all switches were running V2

The VLANs were propagating when they were running V2
0
 
giltjrCommented:
Ah.  Did you change the password when you migrated from V2 to V3?

On the router that is having the problem can you clear the vtp counters and monitor?
0
 
giltjrCommented:
Ah, just notice one possible issue.  It looks like when you converted the primary from V2 to V3 the revision number got reset.  If you notice your primary server shows revision number 41, but the device you are having a problem with shows revision number 229.

Since the server's revision number is lower than the clients, the client will not update.

I have never had to do this, but what I suggest is that you backup the vlan.dat file and your startup config file.  You may even want to search to see how to backup the vlan database on a VTP client.  I would hate for you to have a worse problem than what you are currently experiencing.

Once you know how to backup the client's VLAN database and restore it, delete the vlan.dat file.  That should make its revision number "0" which should allow it to update the VLAN's via VTP.

I'm still worried about the MD5 hash mismatch on the passwords, but the revision number issue is most likely the cause.
1
 
cciedreamerAuthor Commented:
Thanks glitjr

Or changing the domain would also reset the configuration revision number. Correct?
0
 
giltjrCommented:
I think it would, but that would cause other issues as you would need  to change the VTP domain name on every switch.

Wiping out the vlan.dat file on the one switch you are having a problem with should only affect that one switch.
0
 
cciedreamerAuthor Commented:
On the problematic switch, I can change vtp mode to transparent and change back to client, this will reset the configuration of the client switch to Zero.

I guess then this problematic switch should be able to take updates from server.

I will not do anything on the server.
0
 
cciedreamerAuthor Commented:
The issue is solved

I changed vtp mode to transparent and change back to client, configuration revision number became zero.
After moving back to client mode the VLANs were updated immediately on this switch

Thanks glitjr for pointing me to right direction
1

Featured Post

WatchGuard Case Study: NCR

With business operations for thousands of customers largely depending on the internal systems they support, NCR can’t afford to waste time or money on security products that are anything less than exceptional. That’s why they chose WatchGuard.

  • 14
  • 11
  • 3
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now