Home > VTPv3 Sim

VTPv3 Sim

October 11th, 2018 in Lab Sim Go to comments

You have been asked to install and configure a new switch in a customer network. Use the console access to the existing and new switches to configure and verify correct device configuration.

VTP_Topology.jpg

Question 1

Explanation

To comply with the configuration of other switches, we need to get VTP configuration of Sw1 or Sw2. On Sw1 use the “show vtp status” command:

Sw1_show_vtp_status.jpg

From this output we learn on Sw1:
+ VTP is running version 3
+ VTP Domain is “CCNP”
+ Sw1 is the VTP Primary Server (we will explain about Primary Server later. Now just understand it is in VTP Server mode)

So on the New_Switch, the VTP Domain must match. New_Switch should run VTP version 3 if if can (but it is not a must as VTP version 2 is compatible with VTP version 3). The New_Switch is connecting to hosts so it is in Access Layer so it should be configured as a VTP Client (although Transparent mode is acceptable) so there are only two suitable choices D & E.

From the exhibit, the New_Switch is connecting to a host in VLAN 100 so its E0/0 interface should be in VLAN 100 -> only D is correct.

Question 2

Explanation

On Sw1 & Sw2 we can check with the “show interfaces trunk” command:

Sw1_show_interfaces_trunk.jpg

Sw2_show_interfaces_trunk.jpg

Sw1 & Sw2 are connected through E2/3 & E2/3 so we can see the native Vlan on these trunks are 99. We should check both Sw1 & Sw2 to see if the Native Vlan on both sides match.

Question 3

Explanation

Use the “show vtp status” on SW1 and SW2 we notice both of them are in “Server” mode so we should choose: A. Configure VLAN 500 & VLAN 600 on both SW1 & SW2.

In practical we only need to create VLANs on one of the “Server” switch and these VLANs will be propagated automatically to others “Server” and “Client” switch. But maybe it is not the answer Cisco wants (as it makes both answers B & C are correct).

Question 4

Explanation

To configure private VLAN we have to change VTP (even version 3) to Transparent mode. In fact, to disable VTP pruning on Sw4 (in Client mode) we also have to change to VTP Transparent mode so answer C can be understood as “change SW4 to Transparent mode” so it is the best choice.

Note: Unlike VTP version 1 and 2 in which VTP pruning is enabled on VTP Server only, VTP version 3 requires VTP pruning must be enabled on all the switches in the VTP domain so we can also disable VTP pruning on each switch separately. Here is the link for your reference: http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3750x_3560x/software/release/12-2_55_se/configuration/guide/3750xscg/swvtp.html

“With VTP versions 1 and 2, when you enable pruning on the VTP server, it is enabled for the entire VTP domain. In VTP version 3, you must manually enable pruning on each switch in the domain.”

Comments
Comment pages
1 8 9 10 749
  1. blah
    August 14th, 2018

    Disable VTP pruning on SW4 only is correct i believe

  2. RED1
    August 16th, 2018

    When using ftp V3, the pruning is to be disabled manually on every with in the network unlike with vtp V2, when the ftp pruning is enabled on the ftp server, it is enabled on all swathes which are not on transparent mode in the entire domain.
    Disable pruning manually on Switch 4 means doing it manually with the command: switch port trunk allowed clan (clan-list)

  3. RED1
    August 16th, 2018

    VTP not FTP

  4. RED1
    August 16th, 2018

    I passed today successfully

    I had been asked by the VTP V3 Sim

    I suggest you the command:
    show ftp devices
    on SW2 and Switch4
    in order to be sure that the SW1 is primary
    I had unfortunately 50% on VTP
    I suppose that because I answered bad the Question 3 and 4.
    Q.3 I answered, Only SW1, I think that the good answer is SW1 and SW2
    Q.4 I answered disable ftp pruning only on SW4, I think that the good response is on SW4 and new switch
    Because in VTP V3 pruning is to be enabled on every switch, unlike in VTP v2, if ftp pruning is in VTP server, so it is enabled in the entire ftp domain.

    50% I think that because I answered good the two first questions.

  5. RED1
    August 16th, 2018

    Sorry: Comand : show vtp devices

  6. confusement
    August 25th, 2018

    from cisco web
    ” In VTP version 3, you must manually enable pruning on each switch in the domain.”

    q4 this means only on SW4 then right?

  7. WARNING
    August 29th, 2018

    Q4 is Incorrect.

    You need to disable VTP Pruning on the VTPv3 Primary switch (SW1) because when you create a Private VLAN on SW1 while pruning is enabled you get this error :

    (config)#vlan 100
    (config-vlan)#private-vlan primary
    %Private VLANs can only be configured when VTP is in transparent/off modes in VTP v ersion 1 or 2 and in server/transparent/off modes in VTP version 3 when pruning is turned off

    As SW1 is the Primary VTPv3 server, disabling pruning on that device means that you can create the Private Vlan there and have VTP update SW4 with the Private VLAN info. Due to SW1 and 4 being directly connected, the VLAN will not be pruned on SW4 as it is active on the SW1 side of the trunk.

  8. WARNING2
    August 29th, 2018

    Q3 is Incorrect.

    SW1 is the Primary VTP Server and SW2 is only a server within the domain. VTPv3 only allows the Primary server to create VLANs.

    SW1# sh vtp status | i version | Mode
    VTP version running : 3
    VTP Pruning Mode : Enabled
    VTP Operating Mode : Primary Server

    SW2# sh vtp status | i version | Mode
    VTP version running : 3
    VTP Pruning Mode : Enabled
    VTP Operating Mode : Server

    If you attempted to actually create a vlan on SW2 you would see this error :

    SW2(config)#vlan 500
    VTP VLAN configuration not allowed when device is not the primary server for vlan database.

  9. thank you
    August 30th, 2018

    Tnx Warning you are awesome!!

  10. Exile
    September 6th, 2018

    So guys any ide what is the real correct answer on the exam for Q3 and Q4? I mean the answer that cisco actually accepts as correct.

  11. Anonymous
    September 18th, 2018

    Q4 previous statement is correct, must disable vtp pruning to create private VLANs also in primary switch SW1. Answer should be A

  12. MG
    September 19th, 2018

    I think Q3 Answer should be B as only primary switch can add VLANs

  13. exam taker
    September 22nd, 2018

    Hi, can anyone confirm about Q4 please? Did anyone score 100% by marking the answer as SW4 only? I think the answer is SW1.

  14. exam taker
    September 23rd, 2018

    For Q4, answer is SW4 only. Because SW1 is server and in VTP v3, and we cannot create private vlans in V3 server mode.

  15. exam taker
    September 23rd, 2018

    Sorry my bad ^, we can create private vlans in v3 server mode.
    But I would put SW4 only option since disabling pruning in SW1 will delete pruning in all the other switches.

  16. MG
    September 24th, 2018

    In VTP v3 pruning must be disabled for private VLANs to be added

    SW1(config)#vlan 100
    SW1(config-vlan)# private-vlan primary
    %Private VLANs can only be configured when VTP is in transparent/off modes in VTP version 1 or 2 and in server/transparent/off modes in VTP version 3 when pruning is turned off

    SW1(config)#vtp domain test
    Changing VTP domain name from NULL to test
    SW1(config)#vtp version 3
    SW1(config)#do vtp primary
    This system is becoming primary server for feature vlan
    No conflicting VTP3 devices found.
    Do you want to continue? [confirm]

    SW1(config)#vtp pruning
    Pruning switched on

    SW1(config)#vlan 100
    SW1(config-vlan)#private-vlan primary
    %Private VLANs can only be configured when VTP is in transparent/off modes in VTP version 1 or 2 and in server/transparent/off modes in VTP version 3 when pruning is turned off

  17. Floor Cow
    September 27th, 2018

    Have not taken test yet, however on Q3:

    “…you need to configure SW1 as primary root for VLAN 500 and secondary for VLAN 600 and SW2 as primary root for VLAN 600 and secondary for VLAN 500…”

    This question is worded tricky. Yes you can only add VLAN on the primary server, however it is asking you to make spanning-tree changes as well (Primary root / Secondary root) which needs to happen on both switches. Thus “A. Configure VLAN 500 & VLAN 600 on both SW1 & SW2” would be technically correct.

  18. Elvis
    October 4th, 2018

    Q3. Answer B is very correct. SW1 is the Primary Server. VLANS are only created in VTP Primary Server. VTP Secondary server only backs up the configuration but it does not allow the creation or modification of VLANs. VTP client mode and VTP secondary server are similar. The only difference is that you can promote VTP secondary server to Primary server(you enter vtp primary in privileged EXEC command) but you cannot do the same to a client.

  19. Elvis
    October 4th, 2018

    VTP primary server and VTP secondary servers. A VTP primary server updates the database information and sends updates that are honored by all devices in the system. A “VTP secondary server can only back up the updated VTP configurations received from the primary server to its NVRAM.”
    “By default, all devices come up as secondary servers. You can enter the vtp primary privileged EXEC command to specify a primary server. Primary server status is only needed for database updates when the administrator issues a takeover message in the domain. You can have a working VTP domain without any primary servers. Primary server status is lost if the device reloads or domain parameters change, even when a password is configured on the switch.”

  20. jonzo
    October 9th, 2018

    To disable VTP pruning, use the no vtp pruning global configuration command.

    With VTP versions 1 and 2, when you enable pruning on the VTP server, it is enabled for the entire VTP domain. In VTP version 3, you must manually enable pruning on each switch in the domain.

    source: https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3560/software/release/12-2_52_se/configuration/guide/3560scg/swvtp.html#wp1072526

  21. jonzo
    October 9th, 2018

    With VTP version 3, only a specific device in a domain, a primary server, is allowed to update other devices. This new feature reduces the risk of unintended automatic configuration changes, for example, by adding a configured switch with a high configuration revision number to an existing network.

    source: https://www.cisco.com/c/en/us/products/collateral/switches/catalyst-6500-series-switches/solution_guide_c78_508010.html

  22. Anonymous
    October 9th, 2018

    so based on these I would suggest:

    Question 3 answer is “B. Configure VLAN 500 and VLAN 600 on SW1 only”

    Question 4 answer is “C. Disable VTP pruning on SW4 only”

    Thoughts?

  23. jonzo
    October 10th, 2018

    With regards to question 3 ….

    Create the vlans using the primary vtp server (SW1) but the spanning tree configs need completed on both SW1 and SW2 …. so answer will need to be A – key word is “configure” not “create”

    Question 4 is answer C

  24. Dany1
    October 10th, 2018

    I don’t speak english well but i notice that:
    1.CREATE a VLAN means config-t= vlan 500,600 which in that case is done on SW1(VTP Primary Server)
    2. Configure the VLAN can means SW1(config-t)=spanning-tree vlan 500 root primary
    and SW2(config-t)=spanning-tree vlan 600 root primary. I can’t configure vlan 600 root primary from SW2 console. How is able to do it show us and then i said answer B is right.
    So i think for Q3 answer is A. Configure VLAN 500 & VLAN 600 on both SW1 & SW2

    Q4. very difficult
    Private VLANs can only be configured when VTP is in transparent/off modes in VTP version 1 or 2 and in server/transparent/off modes in VTP version 3 when pruning is turned off.

    So is necessary to create vlans only to SW1, which is PRIMARY SERVER. Then you must turn off VTP Pruning to define private-vlans, already created one step before.
    Next step is to verify with show vlan and show vlan private-vlan if those vlans are in SW4.
    VLAN 100 and 200 can be used as primary and community. In simulator i can’t see output of
    show vlan private-vlan.
    What is the reason to disable VTP pruning on SW4. I really don t know. But what can i told
    you what is written in Explanation ” to disable VTP pruning on Sw4 (in Client mode) we also have to change to VTP Transparent mode ” is not true. When you put SW4 in transparent mode you cannot disable VTP Pruning because it can be done ONLY in CLIENT and SERVER mode for VTP VERSION 3. Off course, in vtp mode transparent you can create private vlan IF you don’t have VTP Pruning ON.
    The right answer can be obtained only after somebody create a lab with real switches that scenario.

  25. Dany1
    October 10th, 2018

    At point 2 i try to said that you must configure on SW1 as root for VLAN 500 and SW2 as root for VLAN 600 and that is Answer A. You can create SW1 as secondary for VLAN 600 and SW2 as secondary for VLAN 500, but only from their consoles

  26. Dany 1
    October 12th, 2018

    I succeed to put on GNS3 this configuration and to test. Attention: not al VIRL support private-vlan. It take me one day and half to catch about that. Use IOU (this is Layer2).
    Problem to understand Q4: why is necessary to disabled VTP pruning on SW4.
    Conclusion: perhaps to be aligned with info received from SW1
    Argumentation:
    1. In vtp version 3 each switch client or server can be vtp pruning. That means a switch receive a JOIN message from VTP Prunning Enabled Switch
    “SW1#VTP PRUNING DEBUG: trunk Gi0/1 rx Join, len=166 (domain TEST)”
    2. To create private vlan is necessary to disable VTP pruning on SW1 (Primary Server).
    Result: no JOIN message received by SW4, but SW4 send JOIN to SW1
    3. After creation of private vlan, SW1 send VTP Advertisement Summary and SW4 notice Configuration Revision was change and require using VTP Adverisement Request to send all goof stuff
    4. When receive private vlan (and received because i saw with show vlan private-vlan)
    also receive a message to tell to DISABLE VTP Pruning for those private vlan
    “VTP PRUNING INFO: chg trunk Gi0/1 vlan 500 SPT st to 1
    VTP PRUNING INFO: TGi0/1,V500: st Disabled,event Fwd=>new st NoPrune”
    That was the reason which explain SW4 receive private-vlan even VTP Pruning is ON
    when i run show int trunk those network didn’t appear not prunned.
    Here is, maybe, the problem of alignment between SW1 and SW4
    And that was the reason to said “Disable VTP pruning on SW4 only”,
    From my point of view at question “Which of the following configuration steps will allow creating private VLANs?”
    i will answer SW1.
    Next step: time consuming. Configure in GNS3 community ports on SW4 to verify if is working with VTP pruning enable

  27. Dany 1
    October 12th, 2018

    Final: After two days of working at GNS3 i find a possible answers, but depend of each of you to choose the answer.
    Scenario 1:
    1. VTP Pruning enable on SW4. On SW1 bla,bla ….private vlan are in SW4 accompanied with messages before with those two curiosity staff:
    – show vlan private-vlan is showing correct
    -show int trunk show private vlan are prunned (BAD)
    After create few VPCS linked to SW1 and SW4 i noticed PC1/PC2 for SW1 can ping PC3/PC4 from SW4, but pc s from SW4 cannot ping even between them ( was defined in community vlan)
    Scenario 2
    Define from beginning SW4 as VTP Pruning off and follow the above steps and now
    PC1-PC4 ping between them
    So, at least in GNS3, is MANDATORY to define VTP Pruning off on SW4, even private vlan are defined in SW1 (PRIMARY VTP SERVER)
    This type of question is in category: you know or not, is useless to think about that.
    Cisco is my master and i must obey.
    Have a nice day

  28. Dany1
    October 12th, 2018

    The short solution for be aligned with Answer C. “Disable VTP pruning on SW4 ONLY” . This is the almost the same with Certprepare solution:
    Steps:
    1. Disable VTP Pruning only to SW4 (can do in VTP v3 Server/Client but not in transparent)
    2. Change vtp mode on SW4 to transparent (to be able to define private vlans)
    3, define private vlans
    It works in GNS3 and is simple. Two wasted days ….

  29. Dany1
    October 12th, 2018

    Summary for all staff for Q4
    A. Disable VTP pruning on SW1 only
    B. Disable VTP pruning on SW2 only
    C. Disable VTP pruning on SW4 only
    D. Disable VTP pruning on SW2, SW4 and New_Switch
    E. Disable VTP pruning on New_Switch and SW4 only.
    A is NOK because it must disable aVTP Pruning on SW4 also, otherwise will not work
    B. Worst than A case
    C. Right Answer
    D. Pointless to disable VTP on SW2 and New_SWtich
    E. No reason to disable on New_Switch

  30. Anonymous
    October 30th, 2018

    Guys, I’m looking the dump about Q3 and I see a problem:

    Everybody agrees that if there are 2 Switch in server mode you have to add the VLAN 500 and 600 on both switches….but in that situation, there is VTP V3!

    The dump shows us that in both switches, SW1 and SW2. the “primary description” it’s SW1…
    It means that both switches know that SW1 is the primary…

    Maybe the dump is wrong?

  31. burns
    November 3rd, 2018

    I Agree with anonymous vtp v3 if in server or client mode will receive updates and i think cisco will like the simpler answer because adding it on both switches would make it sound bad after all the trouble they had with vtp 1 and 2 they would prefer the answer change on switch 1.

  32. Raziel
    November 4th, 2018

    Q3:

    “VTP VERSION 3 – VTPv3 Sim”

    SW1: Primary Server SW2 Server answer: “B”

    SW1: Server SW2 Server answer: “A”

    VTP VERSION 3 OPERATION

    VTP primary server: only the primary server is able to create / modify / delete VLANs. This is a great change as you can no longer “accidently” wipe all VLANs like you could with VTP version 1 or 2.

    Server: In VTP server mode, you can create, modify, and delete VLANs, and specify other configuration parameters (such as the VTP version) for the entire VTP domain. VTP servers advertise their VLAN configurations to other switches in the same VTP domain and synchronize their VLAN configurations with other switches based on advertisements received over trunk links.VTP v3 expands and enhances the concept of the server role. Only one server per domain can be prompted to be a primary server. Client and secondary server devices receive a configuration from a primary server. A secondary server stores the received configuration in a local permanent storage space (for example, NVRAM) and updates other devices in the same domain and for the same instance.
    https://ipwithease.com/vtp-version-3/

    https://networklessons.com/switching/vtp-version-3/

  33. Raziel
    November 4th, 2018

    Q4:

    “With VTP versions 1 and 2, when you enable pruning on the VTP server, it is enabled for the entire VTP domain. In VTP version 3, you must manually enable pruning on each switch in the domain”.

  34. CCNPSoon
    November 10th, 2018

    Ok folks, so I was tired of all the confusion about the following question:

    “You are adding new VLANs: VLAN500 and VLAN600 to the topology in such way that you need to configure SW1 as primary root for VLAN 500 and secondary for VLAN 600 and SW2 as primary root for VLAN 600 and secondary for VLAN 500. Which configuration step is valid?”

    In actuality, I think this would require also performing other commands, and I will get to that, but first lets just address the deployment of the VLANs.

    A “show vtp status” of Switch1 shows that it is using VTP version 3 and the VTP Operating Mode = Primary Server.
    A “show vtp status” of Switch2 shows that it is using VTP version 3 and the VTP Operating Mode = Server.

    So I have a home lab running two 3750’s and updated firmware. I set the switches the same. I tried adding vlan 500 and vlan 600 to both switches and you cant. You can only add them on the Primary Server. When I tried to add them to Switch2 I got the following output:

    “Switch2(config)#vlan 500
    VTP VLAN configuration not allowed when device is not the primary server for vlan database.”

    So it looks to me like the answer of “Configure VLAN 500 & VLAN 600 on both SW1 & SW2” can’t be correct.

    I configured the VLANs on Switch1 and they were added to Switch2. So when I test later today, I am going to have to go with the answer of “Configure VLAN 500 and VLAN 600 on SW1 only.”

    The option of “On SW2; configure vtp mode as off and configure VLAN 500 and VLAN 600; configure back to vtp server mode” did not work and once vtp server mode was re-enabled, the vlans were wiped.

    All the other options wouldn’t do anything. So as I mentioned, I am sticking to “Configure VLAN 500 and VLAN 600 on SW1 only.”

    Now, lets get to the way the question describes the primary and secondary.
    NOTE**** I do not think this is on test, so please don’t study this portion of my post, but it helps in understanding. They say “configure SW1 as primary root for VLAN 500 and secondary for VLAN 600 and SW2 as primary root for VLAN 600 and secondary for VLAN 500.”

    Do not let that process throw you off. I also configured this in my lab and it would require the following commands:

    Switch1:
    Switch1(config)#spanning-tree vlan 500 root primary
    Switch1(config)#spanning-tree vlan 600 root secondary

    Switch2:
    Switch2(config)#spanning-tree vlan 600 root primary
    Switch2(config)#spanning-tree vlan 500 root secondary

    I am not sure you have to do the second command on each, but it doesn’t hurt.

    I then checked the status by issuing the following commands:

    Switch1#sh spanning-tree vlan 500
    VLAN0500
    Spanning tree enabled protocol ieee
    Root ID Priority 25076
    Address 0021.a0a0.9a00
    This bridge is the root

    Switch1#sh spanning-tree vlan 600

    VLAN0600
    Spanning tree enabled protocol ieee
    Root ID Priority 25176
    Address 0016.477d.e880
    Cost 19
    Port 5 (FastEthernet1/0/3)

    Switch2#sh spanning-tree vlan 500
    VLAN0500
    Spanning tree enabled protocol ieee
    Root ID Priority 25076
    Address 0021.a0a0.9a00
    Cost 19
    Port 5 (FastEthernet1/0/3)

    Switch2#sh spanning-tree vlan 600
    VLAN0600
    Spanning tree enabled protocol ieee
    Root ID Priority 25176
    Address 0016.477d.e880
    This bridge is the root

    I hope this helps people to understand the answer more and not just to take what the dump says.

    Now if I fail this portion I’m gonna have a bone to pick with Cisco since it was tested in real world lab.

    Thanks Everyone

  35. Anonymous
    November 11th, 2018

    @CCNPSoon is correct, the answer is B (Configure VLAN 500 and VLAN 600 on SW1 only). The dump is wrong, and if the answer isn’t B on the exam, they’re wrong. It says “configure” and SW1 is the PRIMARY SERVER and SW2 is the SECONDARY. You CANNOT configure the vlans on SW2 with the given options, ONLY SW1 can configure anything. SW2 will get the vlans created on SW1, and SW1 can be made the primary for vlan X and secondary for vlan Y. SW2 will need to have its mode changed in order to configure the primary\secondary roles which we cannot assume is done based on the answers given. Answer is B, A is NOT possible.

  36. KING
    November 12th, 2018

    copy link to your address bar: (remove spacs)
    goo . g l /FkMoqt

    GUARANTEED valid
    ROUTE
    SWITCH
    TSHOOT

    Just prepare our package and pass guarantee.

    Thanks

  37. CCNPSoon
    November 12th, 2018

    @Anonymous thanks, this is where real world equipment really helps. I took the exam this last Saturday and didn’t even have this sim. I also studied the AAAdot1x really well and din’t have it either. The only two I had was the LACP/STP and the HSRP. They were the same as on here. However, the normal questions were brutal. I did see some question I recognized from the dump, but it seems like they are changing them a lot. I scraped by with an 810 and passed. I truly believe that I got most of the questions wrong, but then I aced the labs, so it passed me. Good luck to everyone else. My suggestions are as follows:

    1. Pay the measly $15 on here to become a Premium Member to get access to the basic labs on here.
    2. Get the dumps and VCE file from IPHelper.
    3. Get the application A+ VCE Silver Exam Simulation. (If you have windows, use bluestacks to run this application)
    3. Pay the measly $20 for the A+ VCE license for full version.
    4. Import the VCE file from the IP Helper dump and disable the test timer on VCE.
    5. If possible, get real world equipment. I found that having a router and two switches would be enough to do all the labs. If you can’t get equipment, know the commands and topology of the labs here on certprepare.
    6. Practice, practice, and more practice, know your labs 100%. This will give you some cushioning if you are like me and have a hard time keeping up with over 900+ questions, lol..

    Good Luck..

  38. Buzzer
    November 15th, 2018

    Which HSRP are you referring to?

Comment pages
1 8 9 10 749
  1. No trackbacks yet.