Wednesday, September 9, 2009

VTP password mismatch

I found 2 ways to check the vtp password mismatch problem. The first method is to check the md5 digest line in the result of show vtp status

here an example;
swpoe has a vtp password of P@ssw0rd
sw2950_12 has a vtp password of P@ss

SW2950_12#
SW2950_12#sh vtp status
VTP Version : 2
Configuration Revision : 4
Maximum VLANs supported locally : 128
Number of existing VLANs : 9
VTP Operating Mode : Server
VTP Domain Name : titi
VTP Pruning Mode : Disabled
VTP V2 Mode : Disabled
VTP Traps Generation : Disabled
MD5 digest : 0xD1 0x81 0xD8 0xF8 0xF9 0x26 0x99 0xBE
Configuration last modified by 192.168.1.30 at 9-9-09 18:57:29
Local updater ID is 0.0.0.0 (no valid interface found)
SW2950_12#
access_server#1
[Resuming connection 1 to swpoe ... ]

SWPOE#sh vtp stsat a atus
VTP Version : running VTP1 (VTP2 capable)
Configuration Revision : 4
Maximum VLANs supported locally : 1005
Number of existing VLANs : 9
VTP Operating Mode : Server
VTP Domain Name : titi
VTP Pruning Mode : Disabled
VTP V2 Mode : Disabled
VTP Traps Generation : Disabled
MD5 digest : 0xB0 0x3C 0x3C 0x80 0xBF 0xF5 0x23 0x6F
Configuration last modified by 192.168.1.30 at 9-9-09 18:57:29
Local updater ID is 192.168.1.30 on interface Vl1 (lowest numbered VLAN interface found)
SWPOE#
access_server#2 3
[Resuming connection 3 to sw12 ... ]

Now I am going to change the password on sw2950_12 to the correct password of P@ssw0rd

SW2950_12#conf t
Enter configuration commands, one per line. End with CNTL/Z.
SW2950_12(config)#vtp password P@ssw0rd
Setting device VLAN database password to P@ssw0rd
SW2950_12(config)#^Z
SW2950_12#
01:59:08: %SYS-5-CONFIG_I: Configured from console by console
SW2950_12#sh vtp status
VTP Version : 2
Configuration Revision : 4
Maximum VLANs supported locally : 128
Number of existing VLANs : 9
VTP Operating Mode : Server
VTP Domain Name : titi
VTP Pruning Mode : Disabled
VTP V2 Mode : Disabled
VTP Traps Generation : Disabled
MD5 digest : 0xB0 0x3C 0x3C 0x80 0xBF 0xF5 0x23 0x6F
Configuration last modified by 192.168.1.30 at 9-9-09 18:57:29
Local updater ID is 0.0.0.0 (no valid interface found)

Now you see - md5 digest of swpoe and sw2950_12 are identical.


the second method is simple - run debug sw-vlan vtp events on the switch that is not receiving the update. For fast result, shut down and activate the trunk interface

SW2950_12#sh int trunk

Port Mode Encapsulation Status Native vlan
Fa0/12 desirable 802.1q trunking 1

Port Vlans allowed on trunk
Fa0/12 1-4094

Port Vlans allowed and active in management domain
Fa0/12 1-4,100

Port Vlans in spanning tree forwarding state and not pruned
Fa0/12 1-4,100
SW2950_12#conf t
Enter configuration commands, one per line. End with CNTL/Z.
SW2950_12(config)#int fa0/12
SW2950_12(config-if)#shut
SW2950_12(config-if)#^Z
SW2950_12#
02:09:45: %SYS-5-CONFIG_I: Configured from console by console
02:09:46: %LINK-5-CHANGED: Interface FastEthernet0/12, changed state to administratively downshow
02:09:47: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/12, changed state to down
% Type "show ?" for a list of subcommands
SW2950_12#debug sw-vlan vtp events
vtp events debugging is on
SW2950_12#conf t
Enter configuration commands, one per line. End with CNTL/Z.
SW2950_12(config)#int fa0/12
SW2950_12(config-if)#no shut
SW2950_12(config-if)#^Z
SW2950_12#
02:10:34: %LINK-3-UPDOWN: Interface FastEthernet0/12, changed state to up
02:10:34: %SYS-5-CONFIG_I: Configured from console by console
02:10:37: VTP LOG RUNTIME: switchport trunk mode on Fa0/12 has changed

02:10:37: VTP LOG RUNTIME: delaying first flood on new trunk

02:10:38: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/12, changed state to up
02:10:42: VTP LOG RUNTIME: Summary packet received, domain = titi, rev = 4, followers = 0

02:10:42: VTP LOG RUNTIME: Summary packet rev 4 equal to domain titi rev 4

02:10:42: VTP LOG RUNTIME: MD5 digest checksum mismatch on receive of equal revision summary

02:10:42: VTP LOG RUNTIME: Transmit vtp summary, domain titi, rev 4, followers 0
MD5 digest calculated = D1 81 D8 F8 F9 26 99 BE 10 94 BF EA FE 3A B0 9F

SW2950_12#


DID YOU SEE THE MD5 MISMATCH?

1 comment:

Unknown said...

It may be easy to use command 'sh vtp password' to compare two passwords.