In my line of work, we tend to do network assessments fairly regular basis. Customers will request them in order to help better understand what’s wrong with their network and how to improve it. This entails digging into the customer’s network and hopping from device to device and reviewing configurations.
One of the things that I cite quite often are VTP misconfigurations or not following best practices. Since many customers aren’t intimately familiar with VTP and how it works, a lot of times I’ll end up in discussions on the some of the finer points of VTP, and one of those finer points usually ends up being how a misconfiguration can blow away all of your VLANs. I’ll usually mention that even as a VTP client, a switch can still update the VLAN info on a VTP server, given the correct configuration. However, I can never seem to remember what the exact configuration is for this scenario to occur, so here it is.
- A trunk link must be present (either statically or dynamically created)
- The VTP client switch must have the same VTP domain name
- The VTP client switch must have the same VTP password
- The VTP client switch must have a higher revision number than the rest of the network
Given these circumstances, a VTP client switch can update your VTP servers with whatever VLANs the client has on it…and that may be all of the same VLANs plus a few new ones, or just the default VLAN!