VTP transparent mode and using VTP domain
Hi all,
Need to ask question when using VTP transparent mode is it good idea to use VTP domain name and password?
I know for switches in transparent mode they act as independent of each other.
So need to know why we should use vtp domain and password with transparent mode?
thanks
mahesh
Mahesh,
I know this 2 years later, but it will help others who will come across this. If you have a Transparent switch mixed with Server and Clients switches. This is your concern....... If you do not put the Transparent switch in the same domain, then it will not forward VLAN changes to other swithces.
So Sw1(Server-CCIE Domain) <-------> Sw2(Transparent-CCIE Domain) <-------> Sw3(Client-CCIE Domain)
The above will work because the Transparent switch is in the same domain. This means that SW3 will get any Vlan changes that are done on SW1.
Now lets look at it the other way.........
Sw1(Server-CCIE Domain) <-------> Sw2(Transparent-Null Domain) <-------> Sw3(Client-CCIE Domain)
Two things are going to happen here
1) The transparent switch is not on same domain, so SW3 will never get any updates when changes to Vlans are done on SW1. So if I add one vlan to SW1, and that make the Configuration Revision increase to the value of 10, that means SW3's Revision will still be 9, and will remain that way until the issue is corrected.
2) If you are dynamically negotiating trunks, this will never happen due to the mismatch domains. Meaning that your trunks will never come up because you did not put your Transparent switch in the same domain.
Kiel Martin
Similar Messages
-
VTP Transparent Mode in 2924XL/3524XL
I have a 2924XL ver12.0(5)WC11 connected to two 3550 ver12.1(22)EA5 via 802.1Q trunks. They are all in the same VTP domain. The 2924XL is in VTP Client mode & the two 3550s are in VTP Server mode. There are only 6 vlans - 1, 223, 1002, 1003, 1004, & 1005. I am attempting to change all switches to VTP Transparent mode.
Starting w/the 2924XL, when I change mode from VPT Client mode to VTP Transparent mode, the interfaces w/the trunk links immediately bounce & when they come back up, communication is only established thru VLAN1 & am no longer to communicate to devices in VLAN223.
Connection was restored when I reconfigured the 2924XL back to VTP Client mode.
What is causing this problem & what is the proper way to convert to Transparent mode w/o interruption of service?
Thanks!Humm ...
well, please help me to understand the problem.
The VTP Client saves the vlan infos in RAM, and not in NVRAM like VTP Server ... when you change the VTP mode Client to Transparent, why you lose you vlan infos?
If you do a "sh vlan" on one of your switches that is in client mode, then change it to be in transparent mode, none of them would disappear.
It will simply stop listening to vtp messages regarding the creation and deletion of vlans.
Then, of course, you have to create the vlan database in NVRAM ...
Thanks for your support
Regards
Andrea -
Move a switch from VTP client mode to VTP transparent mode
Hi,
Does anybody have an experience / knowledge if I move a switch from VTP client mode to VTP transparent mode, should I re-create all the VLANs on this switch?
Thank you!Hi there,
The VTP and the VLANs are seperate beasts.
The switch has a vlan database which is held in a seperate file to the config. If you type "sh flash" you'll see it in there.
VTP passes around the VLAN information and the switch stores it in the vlan database. If you remove the switch from the VTP domain, then VTP will not be able to update this file and it will remain exactly as it was.
In short - if you've got 20 vlans, when you go to VTP transparent, you'll still have 20 vlans
Regards,
LH
Please rate all posts -
ASA in transparent mode and IP addresses
Hello,
I need to put an ASA in transparent mode.
Our router (managed by the carrier) routes more than one public IP class in a single VLAN.
On the "Cisco Security Appliance Command Line Configuration guide", in "Trasnaprent Firewall Guidelines" it's written: "Each directly connected network must be on the same network".
This means also that I can have ONLY ONE subnet that flows fron the outside and the inside, or can I have more than one class?
If I can have only one class, the only solution is to use multiple context (and separate each classes in different interfaces)?
Thanks a lotThe ASA in trasparent mode works at layer 2. So it really does not care if the traffic that flows through it is from different subnet as long as the L3 devices it connects to knows how to reach these subnet. TheASA in transparent is basically a bump in the wire (a bridge) and for that reason you can only use 2 interfaces on the ASA in transparent implementation.
P.S. When people see attitude in your threads, they will refrain from answering your question. That's for future reference. -
Is it possible for an 5505 ASA to be in transparent mode such as ethernet0/0 outside, ethernet 0/1 inside, and use ethernet 0/2 for syslog only on a seperate network other than the one that 0/0 and 0/1 is using. The tranparent part being on a 192.168.168.X/24 and the syslog server being on say a 10.2.1.X/24 network?
ThanksHello Will,
Havent try it, but I am sure you should be able to Use the OOB management interface (management 0/0) to accomplish such.
Let us know.
Mike -
I want to put Acrobat in full screen mode, and use the pencil to write simultaneously.
I want to put Acrobat in full screen mode for a presentation, and use the pencil to write on the page at the same time. Is there any way both can be used simultaneously?
George is on the money - you'll not be able to use the pencil tool while in full screen.
Something to try:
Use F8 and F9 to hide what is at the top of Acrobat's window.
Have the Pencil tool selected for use first.
You'll be able to use the Pencil tool.
The PDF, with Acrobat's window maximized, will give the appearance of "full screen".
Be well... -
Nexus 9396PX support only with VTP transparent mode
Why Nexus 9396PX not support vtp server and client mode ?
We are using with 6.1(2)I3(2) version.
Thanks.Is any expert out there who can answer my query ?. Much appreciated.
-
Can a Transparent mode firewall use /30 and still work.
Here is my question, I have a ASA 5510 that is connected to my ISP and the inside interface that is connected to my router. I have a /30 and need to determine if the configuration of x.x.x.121/30 which is my ISP and also the BVI address on the ASA. The inside router address is x.x.x.122/30 same subnet as my ISP will allow me to pass traffic. Management interface works using a different ip address but not able to get the traffic to pass traffic out to the internet thru the ASA
ISP-------->ASA-------->Router
Bottom Line is that I only have one usable address that is being used by the router and the ISP and ASA are using the other. Will this work?Transparent firewall needs a management ip address in the same subnet as the passing traffic. Also please check the vlans of the switch port (if any) of the outside and inside interfaces. The vlans needs to be different for both interfaces.
Posted by WebUser Fawad Khan from Cisco Support Community App -
Transparent mode and DHTML menus
Hi,
I was wondering if anyone has found any workarounds that work
better when Flash content falls on top of dynamic content such as
DHTML menus? I set the wmode to transparent for my flash because it
sits below drop down menus. However, this 'fix' does not work
consistently. It works for me, but not for others. Some are using
IE, like me. It does not work at all in Firefox. I've read that
this is a hugh bug and besides setting the wmode to transparent
there is not much else one can do. Even fooling with the zindexes
does not work. THERE MUST BE A WAY TO GET AROUND THIS! Does anyone
know if the newer versions of Flash are addressing this issue?
Unfortunately, I'm still stuck in FlashMX at work. We have
the newer version but it's not installed yet.
Thanks,
Suzanne ASuzanne A,
>> I was wondering if anyone has found any workarounds
>> that work better when Flash content falls on top of
>> dynamic content such as DHTML menus? I set the
>> wmode to transparent for my flash because it sits
below
>> drop down menus. However, this 'fix' does not work
>> consistently.
True enough. This is well documented in the forum archives
and in
macromedia.com technotes. Of course, you only need
"transparent" if the
SWF's background is supposed to be invisible. Another value
for this
attribute is "opaque," which some have noted as less prone to
bugs.
The main thing is that wmode provides a way to display
"active content"
in a manner that doesn't obscure other objects in the
document -- some
browsers support this feature better than others. It's worth
noting that
wmode is not an invention of Adobe or Macromedia. It is a
mechanism that
can be used for QuickTime video and any other content not
normally displayed
by the browser, including Java applets, and so on. In other
words, content
that requires a plug-in or virtual machine.
>> It works for me, but not for others. Some are using
IE,
>> like me. It does not work at all in Firefox.
Sure it works in Firefox.
http://www.communitymx.com/content/source/E5141/wmodenone.htm
>> THERE MUST BE A WAY TO GET AROUND THIS!
I would be nice, for sure. But in general, the idea that any
given
thing *must* be accomplishable can sometimes lead to
disappointment.
There *must* be a way to display CSS properly in IE, for
example -- but
sometimes there isn't. Sure, there are hacks and workarounds,
and sometimes
those are worth the effort ... but sometimes they aren't, and
in those
cases, IE's CSS support is frustrating.
>> Unfortunately, I'm still stuck in FlashMX at work.
We have the
>> newer version but it's not installed yet.
This isn't solved in Flash 8. Remember, this isn't, per se,
a Flash
issue.
David
stiller (at) quip (dot) net
Dev essays:
http://www.quip.net/blog/
"Luck is the residue of good design." -
Compile project in release mode and "use mfc in a static dll"
Hi,all. I'm new to occi . I compiled the project with the option "Use MFC in a Shared DLL",it ran fine. But when I complied the project with the option "Use MFC in a static dll",It showed error "can't find msvcr90.dll",
then i find the exception caused by env = Environment::createEnvironment(Environment::DEFAULT); ,can anybody tell me why ?
my computer info:
OS: Windows XP sp3
Instant Client 11.1.0.6.0
OCCI: occivc9win32_111060
vc 2008 sp1
mode release /MTHi Businesskasper,
>>It works also when i register the debug version - the activex is shown in IE.
>>But the release version of ActiveX is failed to load in IE: because bar.dll is not found.
The Internet Explorer Extension Development is a better place for IE extension development questions. I’ve moved it there for you.
We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
Click
HERE to participate the survey. -
Mac OS 10.7.4 + using wireless mouse + viewing files in Cover Flow mode, you will find Scrollbar is missing. This problem won't happen in other combination of OS versoin + Mouse.
Look at attached file at this link: http://www.vtm-vn.com/downloads/MACOS-Scrollbar-Missing.pngHi..
Might be help for you here > OS X Lion: Vanishing Scroll Bars & How to Get Them Back | Apartment Therapy Unplggd -
The difference between VTP server and transparent mode on Catalyst Switch.
Hello
I have a question about the difference between VTP server mode and VTP transparent mode on general catalyst switch.
Basically VTP server mode can create and modify VLAN configuration but actually there is not any VLAN configuration through running-config, is it true? When I checked it on Cat3550, certainly there is not VLAN configuration on VTP server mode. But VTP transparent can create VLAN and configuration but does not synchronize with other switch VLAN status. I appreciate any related information and reason of the VTP server mode specification, thank you very much.
[VTP Transparent mode]
3550#sh vtp status
VTP Version : 2
Configuration Revision : 0
Maximum VLANs supported locally : 1005
Number of existing VLANs : 27
VTP Operating Mode : Transparent
VTP Domain Name :
VTP Pruning Mode : Disabled
VTP V2 Mode : Disabled
VTP Traps Generation : Disabled
*omit
3550#
3550#sh run
Building configuration...
*omit
vlan 99
name TEST-VLAN
[VTP Server mode]
3550#sh vtp status
VTP Version : 2
Configuration Revision : 0
Maximum VLANs supported locally : 1005
Number of existing VLANs : 27
VTP Operating Mode : Server
VTP Domain Name :
VTP Pruning Mode : Disabled
VTP V2 Mode : Disabled
VTP Traps Generation : Disabled
*omit
3550#
3550#sh run
Building configuration...
*no VLAN like above configuration on VTP transparent mode.
Best Regards,
Masanobu HiyoshiHi mhiyoshi,
3550#sh vtp status
VTP Version : 2
Configuration Revision : 0
Maximum VLANs supported locally : 1005
Number of existing VLANs : 27
VTP Operating Mode : Transparent
VTP Domain Name :
VTP Pruning Mode : Disabled
VTP V2 Mode : Disabled
VTP Traps Generation : Disabled
*omit
3550#
3550#sh run
Building configuration...
*omit
vlan 99
name TEST-VLAN
The above out put indicates that Vlan is created and then mode changed to transparent. i.e why revision no is 0.
3550#sh vtp status
VTP Version : 2
Configuration Revision : 0
Maximum VLANs supported locally : 1005
Number of existing VLANs : 27
VTP Operating Mode : Server
VTP Domain Name :
VTP Pruning Mode : Disabled
VTP V2 Mode : Disabled
VTP Traps Generation : Disabled
*omit
3550#
3550#sh run
Building configuration...
*no VLAN like above configuration on VTP transparent mode.
This indicates that vlan never created in server mode nor learnt from another switch as revision no is 0 -
Hi Guys,
I had to re-post this here because I did not get any comments earlier.. hopefully I'll get something here.. :)
I'm investigating the ways that I can use 2 x ASA (5525x) to accommodate Multi-tenancy situation with overlapping addresses. Unfortunately in this particular scenario we have to stick with 5525x firewalls.
The ASAs are going to be placed in north-south traffic path between 2 routers and these routers need to be configured with multiple VRFs to segregate the traffic for each tenant with overlapping IP subnets ( We are not looking at NAT as a workaround for the time being).
As we know, this ASA model won't support VRFs so we can't use the ASA as a intermediary routing hop and therefore this is not an option.. and using security contexts per VRF seems not scale-able enough (correct me if I'm wrong). So my thinking is that, if we put the ASAs in to the transparent mode and just use the ASAs as a layer 2 interconnect (configured with different VLANs connecting VRFs served by top and bottom routers) I should be able to go up to maximum of 50 VRFs (since 5525x only supports 200 VLANs).
I'm also planning to use the 2 ASAs in a cluster mode to aggregate the bandwidth of both ASAs for better throughput.
So I need to clarify following with you guys..
1) Can I actually do this or am I missing something.
2) Are there any limitations that I might run in to with this setup
3) Is there anyone out there who's doing the same thing or can you think of a better way to tackle this scenario (with same hardware and requirements)
4) Instead of using clustering, can I use simple Active/Stanby pare and still configure transparent mode and use it that way ?
Appreciate your input.
Thanks
ShamalThere is a limitation on how many context you can have, which depends on the license you have. This is quite possible with ASA multi routed mode and even with multi transparent mode. You can have overlapping ip in each context without the need of using nat as long as you have unique mac address for each sub interface.
Thanks -
Using Clustered ASAs in Transparent mode to support VRF based Network ?
Hi Guys,
I'm investigating the ways that I can use 2 x ASA (5525x) to accommodate Multi-tenancy situation with overlapping addresses. Unfortunately in this particular scenario we have to stick with 5525x firewalls.
The ASAs are going to be placed in north-south traffic path between 2 routers and these routers need to be configured with multiple VRFs to segregate the traffic for each tenant with overlapping IP subnets ( We are not looking at NAT as a workaround for the time being).
As we know, this ASA model won't support VRFs so we can't use the ASA as a intermediary routing hop and therefore this is not an option.. and using security contexts per VRF seems not scale-able enough (correct me if I'm wrong). So my thinking is that, if we put the ASAs in to the transparent mode and just use the ASAs as a layer 2 interconnect (configured with different VLANs connecting VRFs served by top and bottom routers) I should be able to go up to maximum of 50 VRFs (since 5525x only supports 200 VLANs).
I'm also planning to use the 2 ASAs in a cluster mode to aggregate the bandwidth of both ASAs for better throughput.
So I need to clarify following with you guys..
1) Can I actually do this or am I missing something.
2) Are there any limitations that I might run in to with this setup
3) Is there anyone out there who's doing the same thing or can you think of a better way to tackle this scenario (with same hardware and requirements)
4) Instead of using clustering, can I use simple Active/Stanby pare and still configure transparent mode and use it that way ?
Appreciate your input.
Thanks
ShamalIs any expert out there who can answer my query ?. Much appreciated.
-
Transparent wsa and https traffic
folks
i've deploying a S300V in transparent mode and using wccp
i have a single policy allowing http and https
http works fine but https doesn't
i can see both sets of requests go out through my outer firewalls but the https handshake doesn't get past the client hello
the VM is being used on a guest wifi network so clients won't be authenticated, won't have a common root certificate and i don't want to decrypt traffic
tac are telling me i need to enable the https proxy but i can't as clients won't have the root certificate required
do i need to use https proxy?
thanks to anyone taking the time to replyKen,
If I dont to decrypt HTTPS but still want the traffic to be inspected for URL and web reputation, do I need to upload a root certificate still? I would have assume not as I do not want to decrypt HTTPS but the GUI doesn't allow me to enal HTTPS Proxy without uploading a certificate; basically I cannot "Enable HTTPS Proxy" and submit without a cert.
Basically what I just want to do is just pass through the HTTPS traffic to be check against the Access policies that the HTTP is being checked against.
Is this viable? If so can you let me know how I can achieve the above?
Thanks
Maybe you are looking for
-
How do I allow a second user of my computer to view my photos.
My wife logs in under her name and she can't see our pics? Message was edited by: Old Mutt
-
Any way to Lock the Decoration Free Label in place so that the Clean Up Diagram process doesn't move it soemplace unreasonable? The Clean Up Diagram process moves things to very strange places and often makes the diagram more complicated than it need
-
Print Production Order with status CRTD
Hi gurus, Our system is configured to print production order when the order is released, but when the order is in status CRTD,Created, (not Released) we try print the order an error message appears "Object ORD xxxxxx has system status CRTD (Created).
-
Hi, I have created a infotype 210 records for an employee Tax authority - FED Filling status - single allowance - 0 tax exempt indicator - blank Add withholding - 30 defualt formula = 1 Now the issue when i running the regaluar payroll for the same e
-
Is there a way to get my movies that i have on cloud to my itunes?
a while ago i bought a lot of movies from itunes and i cant play them anymore because there files have been lost on my laptops hd but than when i go to my iphone they're in cloud.. if so please help me out. thank you