A friend of mine, who is also studying for CCNP SWITCH, pointed out a weird issue to me today: Dynamic Trunking Protocol does not work when switches are in different VTP domains.
At first I did not believe him, as these two technologies do not have a common point in which they could interfere with each other. But he showed me the error message, and after setting up my switches as VTP servers DOMAIN1 and DOMAIN2, and setting up trunk links with ‘switchport mode dynamic desirable’ I got the same error message: ‘%DTP-5-DOMAINMISMATCH’. Using a ‘show interface f0/x trunk’ reveals that the interface still is in non-trunking mode.
I’ve done some more testing and came to the following conclusion when two switches try to form a trunk with DTP, using different VTP domains:
- Transparent – Transparent: works.
- Client – Transparent: doesn’t work.
- Client – Client: doesn’t work.
- Server – Transparent: doesn’t work.
- Server – Client: doesn’t work.
- Server – Server: doesn’t work.
What surprises me even more is that the combinations Client-Transparent and Client-Client fail too, otherwise one could argue that it’s not a best-practice to put a VTP server at the edge of a VTP domain. But now, the IOS forces you to either don’t use VTP at all, use one VTP domain for the entire switch fabric, or use static trunk links.
The first solution is easy at first sight and often VTP is not used, but VTP does offer some nice scalability for large networks. The second solution isn’t a good one at all: as explained perfectly by Greg Ferro in his blog post on Etherealmind.com, partitioning VTP into multiple domains increases flexibility and decreases risks. The third option is a better one again: most network engineers these days don’t use DTP anymore because of the switch spoofing risks, and a proper network design uses static trunks anyway.
VTP is Cisco proprietary, and as with most proprietary solutions, an open-standards one also exists: 802.1ak MRP or Multiple Registration Protocol. Since Cisco only supports this on their 6500 models, I can’t test this at home. The configuration guide does briefly suggest DTP interoperability on 802.1q trunk links, but no details are provided.
Reggle 