VTP transparent mode and using VTP domain

Similar Messages

• VTP Transparent Mode in 2924XL/3524XL

  I have a 2924XL ver12.0(5)WC11 connected to two 3550 ver12.1(22)EA5 via 802.1Q trunks. They are all in the same VTP domain. The 2924XL is in VTP Client mode & the two 3550s are in VTP Server mode. There are only 6 vlans - 1, 223, 1002, 1003, 1004, & 1005. I am attempting to change all switches to VTP Transparent mode.
  Starting w/the 2924XL, when I change mode from VPT Client mode to VTP Transparent mode, the interfaces w/the trunk links immediately bounce & when they come back up, communication is only established thru VLAN1 & am no longer to communicate to devices in VLAN223.
  Connection was restored when I reconfigured the 2924XL back to VTP Client mode.
  What is causing this problem & what is the proper way to convert to Transparent mode w/o interruption of service?
  Thanks!

  Humm ...
  well, please help me to understand the problem.
  The VTP Client saves the vlan infos in RAM, and not in NVRAM like VTP Server ... when you change the VTP mode Client to Transparent, why you lose you vlan infos?
  If you do a "sh vlan" on one of your switches that is in client mode, then change it to be in transparent mode, none of them would disappear.
  It will simply stop listening to vtp messages regarding the creation and deletion of vlans.
  Then, of course, you have to create the vlan database in NVRAM ...
  Thanks for your support
  Regards
  Andrea

• Move a switch from VTP client mode to VTP transparent mode

  Hi,
  Does anybody have an experience / knowledge if I move a switch from VTP client mode to VTP transparent mode, should I re-create all the VLANs on this switch?
  Thank you!

  Hi there,
  The VTP and the VLANs are seperate beasts.
  The switch has a vlan database which is held in a seperate file to the config. If you type "sh flash" you'll see it in there.
  VTP passes around the VLAN information and the switch stores it in the vlan database. If you remove the switch from the VTP domain, then VTP will not be able to update this file and it will remain exactly as it was.
  In short - if you've got 20 vlans, when you go to VTP transparent, you'll still have 20 vlans
  Regards,
  LH
  Please rate all posts

• ASA in transparent mode and IP addresses

  Hello,
  I need to put an ASA in transparent mode.
  Our router (managed by the carrier) routes more than one public IP class in a single VLAN.
  On the "Cisco Security Appliance Command Line Configuration guide", in "Trasnaprent Firewall Guidelines" it's written: "Each directly connected network must be on the same network".
  This means also that I can have ONLY ONE subnet that flows fron the outside and the inside, or can I have more than one class?
  If I can have only one class, the only solution is to use multiple context (and separate each classes in different interfaces)?
  Thanks a lot

  The ASA in trasparent mode works at layer 2. So it really does not care if the traffic that flows through it is from different subnet as long as the L3 devices it connects to knows how to reach these subnet. TheASA in transparent is basically a bump in the wire (a bridge) and for that reason you can only use 2 interfaces on the ASA in transparent implementation.
  P.S. When people see attitude in your threads, they will refrain from answering your question. That's for future reference.

• Transparent Mode and Logging

  Is it possible for an 5505 ASA to be in transparent mode such as ethernet0/0 outside, ethernet 0/1 inside, and use ethernet 0/2 for syslog only on a seperate network other than the one that 0/0 and 0/1 is using.  The tranparent part being on a 192.168.168.X/24 and the syslog server being on say a 10.2.1.X/24 network?
  Thanks

  Hello Will,
  Havent try it, but I am sure you should be able to Use the OOB management interface (management 0/0) to accomplish such.
  Let us know.
  Mike

• I want to put Acrobat in full screen mode, and use the pencil to write simultaneously.

  I want to put Acrobat in full screen mode for a presentation, and use the pencil to write on the page at the same time. Is there any way both can be used simultaneously?

  George is on the money - you'll not be able to use the pencil tool while in full screen.
  Something to try:
  Use F8 and F9 to hide what is at the top of Acrobat's window.
  Have the Pencil tool selected for use first.
  You'll be able to use the Pencil tool.
  The PDF, with Acrobat's window maximized, will give the appearance of "full screen".
  Be well...

• Nexus 9396PX support only with VTP transparent mode

  Why Nexus 9396PX not support vtp server and client mode ?
  We are using with 6.1(2)I3(2) version.
  Thanks.

  Is any expert out there who can answer my query ?. Much appreciated.

• Can a Transparent mode firewall use /30 and still work.

  Here is my question, I have a ASA 5510 that is connected to my ISP and the inside interface that is connected to my router.  I have a /30 and need to determine if the configuration of x.x.x.121/30 which is my ISP and also the BVI address on the ASA.  The inside router address is x.x.x.122/30 same subnet as my ISP will allow me to pass traffic.  Management interface works using a different ip address but not able to get the traffic to pass traffic out to the internet thru the ASA
  ISP-------->ASA-------->Router 
  Bottom Line is that I only have one usable address that is being used by the router and the ISP and ASA are using the other.  Will this work?

  Transparent firewall needs a management ip address in the same subnet as the passing traffic. Also please check the vlans of the switch port (if any) of the outside and inside interfaces. The vlans needs to be different for both interfaces.
  Posted by WebUser Fawad Khan from Cisco Support Community App

• Transparent mode and DHTML menus

  Hi,
  I was wondering if anyone has found any workarounds that work
  better when Flash content falls on top of dynamic content such as
  DHTML menus? I set the wmode to transparent for my flash because it
  sits below drop down menus. However, this 'fix' does not work
  consistently. It works for me, but not for others. Some are using
  IE, like me. It does not work at all in Firefox. I've read that
  this is a hugh bug and besides setting the wmode to transparent
  there is not much else one can do. Even fooling with the zindexes
  does not work. THERE MUST BE A WAY TO GET AROUND THIS! Does anyone
  know if the newer versions of Flash are addressing this issue?
  Unfortunately, I'm still stuck in FlashMX at work. We have
  the newer version but it's not installed yet.
  Thanks,
  Suzanne A

  Suzanne A,
  >> I was wondering if anyone has found any workarounds
  >> that work better when Flash content falls on top of
  >> dynamic content such as DHTML menus? I set the
  >> wmode to transparent for my flash because it sits
  below
  >> drop down menus. However, this 'fix' does not work
  >> consistently.
  True enough. This is well documented in the forum archives
  and in
  macromedia.com technotes. Of course, you only need
  "transparent" if the
  SWF's background is supposed to be invisible. Another value
  for this
  attribute is "opaque," which some have noted as less prone to
  bugs.
  The main thing is that wmode provides a way to display
  "active content"
  in a manner that doesn't obscure other objects in the
  document -- some
  browsers support this feature better than others. It's worth
  noting that
  wmode is not an invention of Adobe or Macromedia. It is a
  mechanism that
  can be used for QuickTime video and any other content not
  normally displayed
  by the browser, including Java applets, and so on. In other
  words, content
  that requires a plug-in or virtual machine.
  >> It works for me, but not for others. Some are using
  IE,
  >> like me. It does not work at all in Firefox.
  Sure it works in Firefox.
  http://www.communitymx.com/content/source/E5141/wmodenone.htm
  >> THERE MUST BE A WAY TO GET AROUND THIS!
  I would be nice, for sure. But in general, the idea that any
  given
  thing *must* be accomplishable can sometimes lead to
  disappointment.
  There *must* be a way to display CSS properly in IE, for
  example -- but
  sometimes there isn't. Sure, there are hacks and workarounds,
  and sometimes
  those are worth the effort ... but sometimes they aren't, and
  in those
  cases, IE's CSS support is frustrating.
  >> Unfortunately, I'm still stuck in FlashMX at work.
  We have the
  >> newer version but it's not installed yet.
  This isn't solved in Flash 8. Remember, this isn't, per se,
  a Flash
  issue.
  David
  stiller (at) quip (dot) net
  Dev essays:
  http://www.quip.net/blog/
  "Luck is the residue of good design."

• Compile project in release mode and "use mfc in a static dll"

  Hi,all. I'm new to occi . I compiled the project with the option "Use MFC in a Shared DLL",it ran fine. But when I complied the project with the option "Use MFC in a static dll",It showed error "can't find msvcr90.dll",
  then i find the exception caused by env = Environment::createEnvironment(Environment::DEFAULT); ,can anybody tell me why ?
  my computer info:
  OS: Windows XP sp3
  Instant Client 11.1.0.6.0
  OCCI: occivc9win32_111060
  vc 2008 sp1
  mode release /MT

  Hi Businesskasper,
  >>It works also when i register the debug version - the activex is shown in IE.
  >>But the release version of ActiveX is failed to load in IE: because bar.dll is not found.
  The Internet Explorer Extension Development is a better place for IE extension development questions. I’ve moved it there for you.
  We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
  Click
  HERE to participate the survey.

• Scrollbar missing on Mac OS 10.7.4 when viewing in Cover Flow mode and using wireless mouse

  Mac OS 10.7.4 + using wireless mouse + viewing files in Cover Flow mode, you will find Scrollbar is missing. This problem won't happen in other combination of OS versoin + Mouse.
  Look at attached file at this link: http://www.vtm-vn.com/downloads/MACOS-Scrollbar-Missing.png

  Hi..
  Might be help for you here >  OS X Lion: Vanishing Scroll Bars & How to Get Them Back | Apartment Therapy Unplggd

• The difference between VTP server and transparent mode on Catalyst Switch.

  Hello 
  I have a question about the difference between VTP server mode and VTP transparent mode on general catalyst switch.
  Basically VTP server mode can create and modify VLAN configuration but  actually there is not any VLAN configuration through running-config, is it true?  When I checked it on Cat3550, certainly there is not VLAN configuration on VTP server mode. But VTP transparent can create VLAN and configuration but does not synchronize with other switch VLAN status. I appreciate any related information and reason of the VTP server mode specification, thank you very much.
  [VTP Transparent mode]
  3550#sh vtp status
  VTP Version                     : 2
  Configuration Revision          : 0
  Maximum VLANs supported locally : 1005
  Number of existing VLANs        : 27
  VTP Operating Mode              : Transparent
  VTP Domain Name                 :
  VTP Pruning Mode                : Disabled
  VTP V2 Mode                     : Disabled
  VTP Traps Generation            : Disabled
  *omit
  3550#
  3550#sh run
  Building configuration...
  *omit
  vlan 99
   name TEST-VLAN
  [VTP Server mode]
  3550#sh vtp status
  VTP Version                     : 2
  Configuration Revision          : 0
  Maximum VLANs supported locally : 1005
  Number of existing VLANs        : 27
  VTP Operating Mode              : Server
  VTP Domain Name                 :
  VTP Pruning Mode                : Disabled
  VTP V2 Mode                     : Disabled
  VTP Traps Generation            : Disabled
  *omit
  3550#
  3550#sh run
  Building configuration...
  *no VLAN like above configuration on VTP transparent mode.
  Best Regards,
  Masanobu Hiyoshi

  Hi mhiyoshi,
  3550#sh vtp status
  VTP Version                     : 2
  Configuration Revision          : 0
  Maximum VLANs supported locally : 1005
  Number of existing VLANs        : 27
  VTP Operating Mode              : Transparent
  VTP Domain Name                 :
  VTP Pruning Mode                : Disabled
  VTP V2 Mode                     : Disabled
  VTP Traps Generation            : Disabled
  *omit
  3550#
  3550#sh run
  Building configuration...
  *omit
  vlan 99
   name TEST-VLAN
  The above out put indicates that Vlan is created and then mode changed to transparent. i.e why revision no is 0.
  3550#sh vtp status
  VTP Version                     : 2
  Configuration Revision          : 0
  Maximum VLANs supported locally : 1005
  Number of existing VLANs        : 27
  VTP Operating Mode              : Server
  VTP Domain Name                 :
  VTP Pruning Mode                : Disabled
  VTP V2 Mode                     : Disabled
  VTP Traps Generation            : Disabled
  *omit
  3550#
  3550#sh run
  Building configuration...
  *no VLAN like above configuration on VTP transparent mode.
  This indicates that vlan never created in server mode nor learnt from another switch as revision no is 0

• Trying to figure out whether I can use an ASA cluster in Transparent mode to facilitate VRF based network ??

  Hi Guys,
  I had to re-post this here because I did not get any comments earlier.. hopefully I'll get something here.. :)
  I'm investigating the ways that I can use 2 x ASA (5525x) to accommodate Multi-tenancy situation with overlapping addresses. Unfortunately in this particular scenario we have to stick with 5525x firewalls.
  The ASAs are going to be placed in north-south traffic path between 2 routers and these routers need to be configured with multiple VRFs to segregate the traffic for each tenant with overlapping IP subnets ( We are not looking at NAT as a workaround for the time being).
  As we know, this ASA model won't support VRFs so we can't use the ASA as a intermediary routing hop and therefore this is not an option.. and using security contexts per VRF seems not scale-able enough (correct me if I'm wrong). So my thinking is that, if we put the ASAs in to the transparent mode and just use the ASAs as a layer 2 interconnect (configured with different VLANs connecting VRFs served by top and bottom routers)  I should be able to go up to maximum of 50 VRFs (since 5525x only supports 200 VLANs).  
  I'm also planning to use the 2 ASAs in a cluster mode to aggregate the bandwidth of both ASAs for better throughput.
  So I need to clarify following with you guys.. 
  1) Can I actually do this or am I missing something.
  2) Are there any limitations that I might run in to with this setup
  3) Is there anyone out there who's doing the same thing or can you think of a better way to tackle this scenario (with same hardware and requirements)
  4) Instead of using clustering, can I use simple Active/Stanby pare and still configure transparent mode and use it that way ?
  Appreciate your input.
  Thanks
  Shamal 

  There is a limitation on how many context you can have, which depends on the license you have.  This is quite possible with ASA multi routed mode and even with multi transparent mode.  You can have overlapping ip in each context without the need of using nat as long as you have unique mac address for each sub interface.
  Thanks

• Using Clustered ASAs in Transparent mode to support VRF based Network ?

  Hi Guys,
  I'm investigating the ways that I can use 2 x ASA (5525x) to accommodate Multi-tenancy situation with overlapping addresses. Unfortunately in this particular scenario we have to stick with 5525x firewalls.
  The ASAs are going to be placed in north-south traffic path between 2 routers and these routers need to be configured with multiple VRFs to segregate the traffic for each tenant with overlapping IP subnets ( We are not looking at NAT as a workaround for the time being).
  As we know, this ASA model won't support VRFs so we can't use the ASA as a intermediary routing hop and therefore this is not an option.. and using security contexts per VRF seems not scale-able enough (correct me if I'm wrong). So my thinking is that, if we put the ASAs in to the transparent mode and just use the ASAs as a layer 2 interconnect (configured with different VLANs connecting VRFs served by top and bottom routers)  I should be able to go up to maximum of 50 VRFs (since 5525x only supports 200 VLANs).  
  I'm also planning to use the 2 ASAs in a cluster mode to aggregate the bandwidth of both ASAs for better throughput.
  So I need to clarify following with you guys.. 
  1) Can I actually do this or am I missing something.
  2) Are there any limitations that I might run in to with this setup
  3) Is there anyone out there who's doing the same thing or can you think of a better way to tackle this scenario (with same hardware and requirements)
  4) Instead of using clustering, can I use simple Active/Stanby pare and still configure transparent mode and use it that way ?
  Appreciate your input.
  Thanks
  Shamal 

  Is any expert out there who can answer my query ?. Much appreciated.

• Transparent wsa and https traffic

  folks
  i've deploying a S300V in transparent mode and using wccp
  i have a single policy allowing http and https
  http works fine but https doesn't
  i can see both sets of requests go out through my outer firewalls but the https handshake doesn't get past the client hello
  the VM is being used on a guest wifi network so clients won't be authenticated, won't have a common root certificate and i don't want to decrypt traffic
  tac are telling me i need to enable the https proxy but i can't as clients won't have the root certificate required
  do i need to use https proxy?
  thanks to anyone taking the time to reply

  Ken,
  If I dont to decrypt HTTPS but still want the traffic to be inspected for URL and web reputation, do I need to upload a root certificate still? I would have assume not as I do not want to decrypt HTTPS but the GUI doesn't allow me to enal HTTPS Proxy without uploading a certificate; basically I cannot "Enable HTTPS Proxy" and submit without a cert.
  Basically what I just want to do is just pass through the HTTPS traffic to be check against the Access policies that the HTTP is being checked against.
  Is this viable? If so can you let me know how I can achieve the above?
  Thanks