Tuesday 9 February 2010

VTP Version 3 and MSTP Walkthrough.

This article assumes you are familiar with MSTP and VTP.

The latest incarnation of VTP version 3 is now available on versions of IOS from 12.2(50)SE3 onwards for 3560, 3750 and 2960s.

It supports distribution of two databases:

  • VLAN Database.

  • MSTP Vlan-to-MSTI mapping database.




Other than support for extended ID VLANs the VLAN database functionality is the same as previous versions. The MST mappings were not previously supported however and you had to manually create them on every device before. They show which VLANs are part of which spanning tree (or MSTI).

Another VTP version 3 function is to define a primary server that will not accept updates from any other device. This is meant to stop VTP bombs. When a switch is configured as the primary server it broadcasts itself on the network, the other VTP devices then create an entry with the MAC of this primary server and refuse to accept updates from any other device.

Implementation


The outputs here are from a sup720 running SXI3 IOS.

Previously you only had to set the VTP server, version and spanning-tree mode globally with commands such as:

RTR01(config)#vtp mode server
RTR01(config)#vtp version 3
RTR01(config)#spanning-tree mode mst


This configures the VTP status as follows, VTP server but leaves VTP support for MSTP in transparent mode.

RTR01#sh vtp status
VTP Version : 3 (capable)
VTP version running : 3
VTP Domain Name : VTPDOMAIN
VTP Pruning Mode : Disabled (Operationally Disabled)
VTP Traps Generation : Enabled
Device ID : 0200.0000.000a

Feature VLAN:
--------------
VTP Operating Mode : Server
Number of existing VLANs : 5
Number of existing extended VLANs : 0
Configuration Revision : 0
Primary ID : 0000.0000.0000
Primary Description :
MD5 digest : 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00
0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00


Feature MST:
--------------
VTP Operating Mode : Transparent


To set the server as the primary use the command “vtp primary vlan”, in enable mode not config mode.

RTR01#vtp primary vlan
This system is becoming primary server for feature vlan
No conflicting VTP3 devices found.
Do you want to continue? [confirm]

This then shows the log message:

000087: Feb 8 14:12:55.145: %SW_VLAN-SW1_SP-4-VTP_PRIMARY_SERVER_CHG: 0200.0000.000a has become the primary server for the VLAN VTP feature


At this point only the configured primary server can send VTP updates to the networks. Clients should ignore updates from any other device. The VTP status is now updated to show the VTP primary server.

RTR01#sh vtp status
[snip]

Feature VLAN:
--------------
VTP Operating Mode : Primary Server
Number of existing VLANs : 5
Number of existing extended VLANs : 0
Configuration Revision : 1
Primary ID : 0200.0000.000a
Primary Description : RTR01
MD5 digest : 0x87 0xBB 0xDB 0xEC 0xE5 0x9F 0x9C 0xCA
0x75 0xCE 0x4A 0x67 0xA7 0x67 0xBF 0xDA


The VLAN database is being synced but the MST mappings are not. To set up the device as the primary server for MST requires a few more steps:

RTR01(config)#vtp mode server mst
Setting device to VTP Server mode for MST.
RTR01(config)#^Z
RTR01#vtp primary mst
This system is becoming primary server for feature mst
No conflicting VTP3 devices found.
Do you want to continue? [confirm]
000091: Feb 8 14:15:20.932: %SW_VLAN-SW1_SP-4-VTP_PRIMARY_SERVER_CHG: 0200.0000.000a has become the primary server for the MST VTP feature


Now the VTP status is updated to show the primary server for both VLAN and MST.

RTR01#show vtp status
VTP Version : 3 (capable)
VTP version running : 3
VTP Domain Name : VTPDOMAIN
VTP Pruning Mode : Disabled (Operationally Disabled)
VTP Traps Generation : Enabled
Device ID : 0200.0000.000a

Feature VLAN:
--------------
VTP Operating Mode : Primary Server
Number of existing VLANs : 5
Number of existing extended VLANs : 0
Configuration Revision : 1
Primary ID : 0200.0000.000a
Primary Description : RTR01
MD5 digest : 0x87 0xBB 0xDB 0xEC 0xE5 0x9F 0x9C 0xCA
0x75 0xCE 0x4A 0x67 0xA7 0x67 0xBF 0xDA


Feature MST:
--------------
VTP Operating Mode : Primary Server
Configuration Revision : 1
Primary ID : 0200.0000.000a
Primary Description : RTR01
MD5 digest : 0xC6 0x62 0xA6 0x96 0x7E 0x98 0x14 0xCB
0x80 0xA1 0xA6 0x2D 0x60 0x39 0x49 0x39


Any devices on the network running VTP version 3 in the correct VTP domain should now sync VLANs and MST mappings.

EDIT:
Should really include the client configuration as that has also changed slightly, the old way was:

vtp domain XXXX
vtp mode client


To get the MST mappings you also need to run the command:

vtp mode client mst


And because changing the MST mapping later causes a total STP reconvergence you should configure all the MST mappings on day 1, but more about that later :-)