Just a quickie tonight folks…
I am expanding my network and relocating my servers and other “noisy” hardware to my basement. The cooling value of the dry subterranean environment is great but in all honesty I’m trying to keep my better half happy and my office is not a great place for network gear and servers apparently.
With this relocation I am expanding my switching infrastructure from my core 3560G to include a 2960G as well. The addition of this switch gives me the opportunity to play with VTP or the VLAN Trunking Protocol.
VTP is a Layer 2 protocol that allows you to configure all of your VLANs on the “server” and then feed them down to the “clients”. VTP is a proprietary Cisco protocol and for large, diverse networks it may not be the best option but for me it works, at least it was supposed to.
I say supposed to, because I configured it, using version 2 and nothing happened. Below are my configurations…
CORE-3560G-01(config-vlan)#do show vtp status VTP Version capable : 1 to 3 VTP version running : 2 VTP Domain Name : SPRNET VTP Pruning Mode : Disabled VTP Traps Generation : Disabled Device ID : 000a.b8d3.0400 Configuration last modified by 10.10.0.254 at 8-22-16 01:52:57 Local updater ID is 10.10.0.254 on interface Vl1 (lowest numbered VLAN interface found) Preferred interface name is gig0/49 Feature VLAN: -------------- VTP Operating Mode : Server Maximum VLANs supported locally : 1005 Number of existing VLANs : 23 Configuration Revision : 0 MD5 digest : 0x85 0x94 0x36 0x46 0xC1 0xCE 0xE0 0xD0 0x87 0x0A 0xF2 0xD4 0x24 0xD0 0xF8 0xD2
BASEMENT-2960G-01#show vtp sta VTP Version capable : 1 to 3 VTP version running : 2 VTP Domain Name : SPRNET VTP Pruning Mode : Disabled VTP Traps Generation : Disabled Device ID : 0017.594c.b180 Configuration last modified by 10.10.0.244 at 3-15-93 06:29:46 Feature VLAN: -------------- VTP Operating Mode : Client Maximum VLANs supported locally : 255 Number of existing VLANs : 5 Configuration Revision : 0 MD5 digest : 0x7D 0x73 0xB1 0x19 0x35 0xDC 0xE2 0xA8 0x3A 0x07 0xE0 0xBF 0x92 0xFA 0x53 0x2A
As you can see everything looks like it should work. My passwords match and my domain matches but still no joy. After banging my head on my desk to figure this out, I see the below error message at the bottom of my client’s VTP status.
*** MD5 digest checksum mismatch on trunk: Gi0/21 ***
What is this error? What does it mean?
What it means is that the key exchange between the VTP server and client is incorrect and thus no one talks. What it also means is that I am hitting a long running bug. See the Cisco forum post here
If you read that post, you’ll find the fix, but here it is for your reference.
Basically, you need to make your server regenerate its MD5 Checksum value. Once that value is regenerated, VTP messages are exchanged between the server and client(s) and VLAN joy is had by all. To regenerate this value, simply create a new Layer 2 Vlan. A simple fix for a complex problem. For those of you that want to upgrade code to solve the problem, good luck, Cisco hasn’t fixed this bug in over 20 revisions of IOS software.
I hope this has helped someone, thank you for reading.