CCIE Pursuit Blog

August 11, 2007

VTP Domain Mismatches Can Break Your Trunking

Filed under: Cisco,Cisco Certification,IOS,Lab Tips,Switching,Tech Tips,VTP — cciepursuit @ 3:41 pm

If your VTP domains do not match on each side of a trunk link, then DTP will NOT work.  You need to watch out for this as the ports will be up/up, but trunking will not be negotiated.  You’ll need to either make both VTP domains the same, or hard-set the trunks with “switchport nonegotiate”.

In this example, one side of the trunk is in VTP domain CCIE, and the other is in VTP domain FAILED:

sw1(config-if-range)#^Z
sw1#
*Mar  1 05:58:26: %SYS-5-CONFIG_I: Configured from console by console
*Mar  1 05:58:27: %LINK-3-UPDOWN: Interface FastEthernet0/13, changed state to up
*Mar  1 05:58:27: %LINK-3-UPDOWN: Interface FastEthernet0/14, changed state to up
*Mar  1 05:58:27: %LINK-3-UPDOWN: Interface FastEthernet0/15, changed state to down
*Mar  1 05:58:28: %DTP-5-DOMAINMISMATCH: Unable to perform trunk negotiation on port Fa0/13 because of VTP domain mismatch.
*Mar  1 05:58:28: %DTP-5-DOMAINMISMATCH: Unable to perform trunk negotiation on port Fa0/14 because of VTP domain mismatch.
*Mar  1 05:58:28: %DTP-5-DOMAINMISMATCH: Unable to perform trunk negotiation on port Fa0/15 because of VTP domain mismatch.

Hmmm…looks like it “righted itself”:
*Mar  1 05:58:29: %LINK-3-UPDOWN: Interface FastEthernet0/15, changed state to up
*Mar  1 05:58:31: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/13, changed state to up
*Mar  1 05:58:31: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/14, changed state to up
*Mar  1 05:58:31: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/15, changed state to up
Looks good (actually we want to see “trunk” instead of “1”):
sw1#sh int status | b 0/13
Fa0/13    ->sw2              connected    1          a-full  a-100 10/100BaseTX
Fa0/14    ->sw2              connected    1          a-full  a-100 10/100BaseTX
Fa0/15    ->sw2              connected    1          a-full  a-100 10/100BaseTX

Zoiks!!! No trunks!!!
sw1#sh int trunk

sw1#

sw1#sh int fa0/13 switch
Name: Fa0/13
Switchport: Enabled
Administrative Mode: dynamic desirable
Operational Mode: static access
Administrative Trunking Encapsulation: negotiate
Operational Trunking Encapsulation: native
Negotiation of Trunking: On
Access Mode VLAN: 1 (default)
Trunking Native Mode VLAN: 1 (default)
sw1#sh int fa0/13 count trunk

Port        TrunkFramesTx  TrunkFramesRx  WrongEncap
Fa0/13                  0              0           0  <-no frames

To fix this issue configure the following on the port-channel interface on each switch:

sw2(config)#int po1
sw2(config-if)# switchport trunk encapsulation isl
sw2(config-if)# switchport mode trunk
sw2(config-if)# switchport nonegotiate

Now we have trunking established (without DTP) even though our VTP domains are different:

sw1:
sw1#sh vtp stat | i Domain
VTP Domain Name                 : CCIE

sw1#sh int trunk

Port        Mode         Encapsulation  Status        Native vlan
Po1         on           isl            trunking      1

sw1#sh int po1 eth
Age of the Port-channel   = 00d:00h:04m:09s
Logical slot/port   = 2/1          Number of ports = 3
GC                  = 0x00000000      HotStandBy port = null
Port state          = Port-channel Ag-Inuse
Protocol            =    –

Ports in the Port-channel:

Index   Load   Port     EC state        No of bits
——+——+——+——————+———–
  0     00     Fa0/13   On/FEC             0
  0     00     Fa0/14   On/FEC             0
  0     00     Fa0/15   On/FEC             0

Time since last port bundled:    00d:00h:03m:18s    Fa0/15
sw1#sh int status | b 0/13
Fa0/13    ->sw2              connected    trunk      a-full  a-100 10/100BaseTX
Fa0/14    ->sw2              connected    trunk      a-full  a-100 10/100BaseTX
Fa0/15    ->sw2              connected    trunk      a-full  a-100 10/100BaseTX

sw2:

sw2#sh vtp statu | i Domain
VTP Domain Name                 : PASSED

sw2#sh int trunk | i trunking
Po1         on           isl            trunking      1

sw2#sh int po1 eth
Age of the Port-channel   = 00d:00h:08m:02s
Logical slot/port   = 2/1          Number of ports = 3
GC                  = 0x00000000      HotStandBy port = null
Port state          = Port-channel Ag-Inuse
Protocol            =    –

Ports in the Port-channel:

Index   Load   Port     EC state        No of bits
——+——+——+——————+———–
  0     00     Fa0/13   On/FEC             0
  0     00     Fa0/14   On/FEC             0
  0     00     Fa0/15   On/FEC             0

Time since last port bundled:    00d:00h:05m:06s    Fa0/15
Time since last port Un-bundled: 00d:00h:07m:19s    Fa0/15

sw2#sh int status | b 0/13
Fa0/13    ->sw1              connected    trunk      a-full  a-100 10/100BaseTX
Fa0/14    ->sw1              connected    trunk      a-full  a-100 10/100BaseTX
Fa0/15    ->sw1              connected    trunk      a-full  a-100 10/100BaseTX

Advertisements

5 Comments »

  1. Hello; you’ve popped up on my Google Search and your page looks great. I have a stupid question:

    I just obtained a 3750 switch from our sales engineering group. It appears to have absolutely no configuration on it. PLug it in, turn it on, and I get this over and over:

    “00:31:32: %DTP-5-DOMAINMISMATCH: Unable to perform trunk negotiation on port Fa1/0/2 because of VTP domain mismatch.”

    How can I get this thing to stop DOING that? 🙂

    Best,
    Rich Grace
    Vernier Networks

    Comment by Richard Grace — September 19, 2007 @ 7:58 pm | Reply

  2. Hi Rich.

    Is there something connected to fa1/0/2? If not then you’ve got a fried switch. You can try deleting the vlan.dat file and reloading it, but outside of that it’s TAC case time.

    If there is another device connected to fa1/0/2 then you’ll need to either make both VTP domains the same, or hard-set the trunks with “switchport nonegotiate”.

    Comment by cciepursuit — September 25, 2007 @ 3:24 pm | Reply

  3. by the way this ‘feature’ doesn’t apply to DTP if one switch doesn’t have a domain name set (null) and the other does.

    Comment by long way to go — October 3, 2007 @ 6:31 am | Reply

  4. Thanks for the reply! I already tried the switchport nonnegotiate option and also attempted a simply connection to a different port; this error persists. Ouch. Nicccce, crunchy fried switchesssss… I’ll attempt deletion of the vlan.dat file but it doens’t sound like there’s much hope.

    Comment by Richard Grace — October 10, 2007 @ 6:10 pm | Reply

  5. Well, I simply wiped the configuration and the little devil works fine now. Able to create new VLAN spanning-tree domains and get spanning tree to converge properly. Good times. Good times.

    Comment by Richard Grace — December 17, 2007 @ 7:26 pm | Reply


RSS feed for comments on this post. TrackBack URI

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Blog at WordPress.com.

%d bloggers like this: