VTP
-
I am working on VTP. That said, suppose you have a remote office where a replacement switch is sent. The switch will 'operate' in the default configuration out of the box. However, to get it to work in the VTP, receiving VTP advertisements, what is the minimum the person at the remote office has to do? Should he assign (by console) the VTY username and password, an IP address and etc so you can remote in and configure it?
I guess the answer I am looking for would be something like this:
- This is the first thing I would have the remote office do.
- This is the second thing I would have the remote office do.
and so on until the switch is configured 'all the way'.
Thank you,
David JR
-
David,
Remember that VTP is Layer 2 technology and that to reach that remote site you normally connect through a router (Layer 3). So in reality this is not something you want to do. But...can it be done? possibly.
It's not enough to just configure the switch at the remote site for remote access: setting up ssh access, ip address, default gateway, username and password database. Even with all that, you're still connecting remotely through layer 3...and remember that VTP works on Layer 2. But, you could create a L2TP tunnel from your site to your remote office, then you'd have to create a virtual trunk link between the switches (I don't know how) and be sure it could function as a 802.1q trunk between the switches at each site. Even with all this, you're still sending data from every VLAN across that trunk. This wouldn't be a wise use of VTP. Usually VTP is great between building on campus or even between different floors in the same building but not at different sites.
Let me know if you have any additional questions.
Cordially,
Ronnie Wong
Host, ITProTV -
I guess I wasn't clear.
I worked in an 8 story bldg. that had switches on each floor. The local system admins were not allowed access to connect to the routers and switches.
I was just a help desk low level tech. Wanted to 'move up' but got laid off and the system admins (three of them) weren't going anywhere anyhow.
So if a switch failed and needed replacing, it would need some configuring. I know they used VLANS because the printers were on one VLAN and the VoIP telephones (I think) were on a different VLAN.
With VTP running, the new switch would receive the advertisement from the local switch that was a VTP server? But could it receive that advertisement without any configuration?
And to remotely access the switch, wouldn't someone local have to some minimum configuration so it could be accessed?
So that is the question / scenario. What exactly would need to be done on a replacement switch besides unpacking it, installing it, connecting the data cables and powering it on?
Thank you,
David JR
-
Follow up: Ok, using real switches (after practicing using Packet Tracer), I now know I can set the hostname, enable the password, then install the switch and connect a port to another configured switch that has the port I am connecting to set up for Trunk Mode and a domain name set for the VTP. That will allow VTP to add the VLAN (or VLANs) to the database.
However, it does not add any of the ports to the VLAN or VLANs on the replaced switch and without an assigned IP address to manage it, I don't see how it can be remotely accessed.
So is this possibly how it would be done when a switch fails - instead of sending an unconfigured, brand new, out of the box switch, have the switch sent to the IT dept where they will configure it, then ship it to the remote office?
Thanks,
David JR
-
David,
This is a matter of preference rather than any set rules:
Normally, you would set a management IP address on interface vlan 1SW1(config)# interface vlan 1 SW1(config-if )# ip address 172.16.10.220 255.255.255.0 SW1(config-if )# no shutdown
I would set a username/password database and enable password:
SW1(config)#username Ronnie password Cisco123
SW1(config)#enable password cisco321Configure for SSH Access:
SW1(config)#ip domain-name itpro.tv SW1(config)#ip default-gateway 172.16.10.1 SW1(config)# crypto key generate rsa 1024 SW1(config)# ip ssh version 2
Protect vty and console access:
SW1(config)# line vty 0 15 SW1(config-line)#login local SW1(config-line)#transport input ssh SW1(config-line)#exec-timeout 10 0 SW1(config)#logging synchronous SW1(config)# line con 0 SW1(config-line)#login local SW1(config-line)#exec-timeout 10 0 SW1(config)#logging synchronous
Configure for VTP and set switch in
VTP mode Client or Transparent (later to be set to client before installation)
Configure Trunks,
Set Native VLANS
Set Unused ports to administratively disabled
Set Access Ports toSwitchport mode Access
set Access Port toSwitchport nonegotiate
Verify Native VLAN is set to same as VTP domain
Save configuration
SW1(config)# copy run start
-
Hey David,
In the companies I've worked for we would have the new switches sent to us, then we'd upload the config from the old switch to the new (this can be done by copy/paste or TFTP) and then ship it out to the branch office where anyone would be able to transfer the cables from the old to the new. This is probably the best and easiest way of changing out a device. The trick here is that you have to keep copies of the startup configs for all your equipment in case one dies which is best practice. -
I agree with Daniel. Having a current copy of all the switch and router configs in one place is also useful in other ways, such as planning major changes. It's well worth the effort to set up an automated configuration collection mechanism. But be sure the configuration copies are well protected; getting access to all of a company's network device configurations is a hacker's dream!