Cisco Systems 3560X Manual De Usuario
16-5
Catalyst 3750-X and 3560-X Switch Software Configuration Guide
OL-21521-01
Chapter 16 Configuring VTP
Understanding VTP
•
Consistency Checks—In VTP version 2, VLAN consistency checks (such as VLAN names and
values) are performed only when you enter new information through the CLI or SNMP. Consistency
checks are not performed when new information is obtained from a VTP message or when
information is read from NVRAM. If the MD5 digest on a received VTP message is correct, its
information is accepted.
values) are performed only when you enter new information through the CLI or SNMP. Consistency
checks are not performed when new information is obtained from a VTP message or when
information is read from NVRAM. If the MD5 digest on a received VTP message is correct, its
information is accepted.
VTP Version 3
VTP version 3 supports these features that are not supported in version 1 or version 2:
•
Enhanced authentication—You can configure the authentication as hidden or secret. When hidden,
the secret key from the password string is saved in the VLAN database file, but it does not appear
in plain text in the configuration. Instead, the key associated with the password is saved in
hexadecimal format in the running configuration. You must reenter the password if you enter a
takeover command in the domain. When you enter the secret keyword, you can directly configure
the password secret key.
the secret key from the password string is saved in the VLAN database file, but it does not appear
in plain text in the configuration. Instead, the key associated with the password is saved in
hexadecimal format in the running configuration. You must reenter the password if you enter a
takeover command in the domain. When you enter the secret keyword, you can directly configure
the password secret key.
•
Support for extended range VLAN (VLANs 1006 to 4094) database propagation. VTP versions 1
and 2 propagate only VLANs 1 to 1005. If extended VLANs are configured, you cannot convert
from VTP version 3 to version 1 or 2.
and 2 propagate only VLANs 1 to 1005. If extended VLANs are configured, you cannot convert
from VTP version 3 to version 1 or 2.
Note
VTP pruning still applies only to VLANs 1 to 1005, and VLANs 1002 to 1005 are still
reserved and cannot be modified.
reserved and cannot be modified.
•
Private VLAN support (if the switch is running the IP base or IP services feature set).
•
Support for any database in a domain. In addition to propagating VTP information, version 3 can
propagate Multiple Spanning Tree (MST) protocol database information. A separate instance of the
VTP protocol runs for each application that uses VTP.
propagate Multiple Spanning Tree (MST) protocol database information. A separate instance of the
VTP protocol runs for each application that uses VTP.
•
VTP primary server and VTP secondary servers. A VTP primary server updates the database
information and sends updates that are honored by all devices in the system. A VTP secondary server
can only back up the updated VTP configurations received from the primary server to its NVRAM.
information and sends updates that are honored by all devices in the system. A VTP secondary server
can only back up the updated VTP configurations received from the primary server to its NVRAM.
By default, all devices come up as secondary servers. You can enter the vtp primary privileged
EXEC command to specify a primary server. Primary server status is only needed for database
updates when the administrator issues a takeover message in the domain. You can have a working
VTP domain without any primary servers. Primary server status is lost if the device reloads or
domain parameters change, even when a password is configured on the switch.
EXEC command to specify a primary server. Primary server status is only needed for database
updates when the administrator issues a takeover message in the domain. You can have a working
VTP domain without any primary servers. Primary server status is lost if the device reloads or
domain parameters change, even when a password is configured on the switch.
•
The option to turn VTP on or off on a per-trunk (per-port) basis. You can enable or disable VTP per
port by entering the [no] vtp interface configuration command. When you disable VTP on trunking
ports, all VTP instances for that port are disabled. You cannot set VTP to off for the MST database
and on for the VLAN database on the same port.
port by entering the [no] vtp interface configuration command. When you disable VTP on trunking
ports, all VTP instances for that port are disabled. You cannot set VTP to off for the MST database
and on for the VLAN database on the same port.
When you globally set VTP mode to off, it applies to all the trunking ports in the system. However,
you can specify on or off on a per-VTP instance basis. For example, you can configure the switch
as a VTP server for the VLAN database but with VTP off for the MST database.
you can specify on or off on a per-VTP instance basis. For example, you can configure the switch
as a VTP server for the VLAN database but with VTP off for the MST database.