Tonight I encountered something in my home lab I have never seen before. It had me puzzled for quite some time and frankly was driving me nuts. I finally just figured it out and had to share it with the world. Now, I am not fortunate enough to have access to any 3550/3560s yet, but I do have 4 2950’s connected in a square topology with fiber…enough to at least graze STP and many other things. Tonight I was going over the IPexpert switching VOD again, which involved some basic VTP.

My setup was simple: Make SW1 my VTP server, and make SW2-4 clients. Create some vlans on SW1, make sure they propogate…no big deal. Well, I was finding that every switch except for SW3 was working properly and I couldn’t put my finger on it.

I checked show vtp status at least 3 times… domain name matched, rev number on SW3 was lower than the server, all my trunks were up, VLAN 1 was not pruned… hmmmm, time for debugs!

I flipped on debug sw-vlan vtp events

VTP LOG RUNTIME: MD5 digest failing

It then showed me the calculated hash was different from the received hash…hmmm well I didn’t configure any VTP password or anything on any of the switches….aha! These switches must have been using VTP somewhere previously

I went into vlan database mode and did no vtp password followed by apply and exit just to be sure…poof magic! It started working. So, the moral of the story is that at least on the 2950 in my experience even if you are not running vtp passwords, you may still need to clear any old ones left in the vlan database

Hopefully this will save somebody else out there some headache, or better yet lab points!