Differences

This shows you the differences between two versions of the page.

--- os:ios:vlan.dat [2016-11-15 20:14] – root
+++ os:ios:vlan.dat [2023-01-03 12:36] – Manuel Frei
@@ Line 1: / Line 1: @@
 ====== vlan.dat ======
-FIXME under construction...
+I wrote a Python module/utility to parse vlan.dat files: https://github.com/frei-style/vlandat
+This page shows some information about the reverse engineering.
+===== About the File =====
+On Cisco IOS the VLAN and VTP information is stored in the VLAN database. This database is represented as the file vlan.dat.
+<code>
+Switch#dir flash:/vlan.dat
+Directory of flash:/vlan.dat
+  -rwx        1164  Nov 19 2016 23:15:21 +02:00  vlan.dat
+27998208 bytes total (14103040 bytes free)
+</code>
+Some facts about the file:
+  * It stores between 4 (1, 1002-1005) and 1005 VLANs. If there are more, the configuration goes to the config file.
+  * If VTP mode is defined as transparent in the database and the config file and if the domain name matches, the VLAN information in the vlan.dat is ignored.
+  * vlan.dat is the default name. It can be changed with //vtp file <filename>//.
+Links:
+  * [[http://www.cisco.com/c/en/us/support/docs/switches/catalyst-2940-series-switches/109304-manage-vlandat.html|Managing vlan.dat in Cisco Catalyst Switches Running Cisco IOS Software]]
+===== Influence of VTP Configuration =====
+>In VTP Server Mode, switch "saves VLAN configuration information in a file named vlan.dat in flash memory."
+>In VTP Client Mode, switch saves "VLAN information in RAM only, not stored in NVRAM or FLash memory; must be repopulated from a VTP server if switch is power-cycled."
+>In VTP Transparent Mode, switch saves VLAN configuration in NVRAM.
+//-- SWITCH (642-813) Student Guide Volume I//
 ===== Structure =====
+There is no guarantee that the information in the following table is correct. It's based on some information I found on the internet and was extended by my own research and experiments.
 ^ Offset ^ Bytes ^ Type    ^ IOS Name                 ^ Values ^ Notes                ^
-| 000    | 4     | bytes   | -                        | BADB10 | Magic Number? |
+| 000    | 4     | bytes   | -                        | BADB100D | Magic Number? |
 | 004    | 4     | int     | VTP Version              | 2, 3 | -                    |
 | 008    | 1     | char    | VTP Operating Mode ID    | 1 (client), 2 (server), 3 (transparent) | - |
@@ Line 12: / Line 49: @@
 | 00a    | 32    | string  | VTP Domain Name          | ascii, 0-32 chars | -                    |
 | 02a    | 2     | :?:     | :?:                      | ? | |
-| 02c    | 4     | int     | Configuration Revision   | <nowiki>0-2^31</nowiki> | <del>this may is only 4 bytes, like in the VTP network package</del> |
+| 02c    | 4     | int     | Configuration Revision   | <nowiki>0-2^31</nowiki> | <del>this may is only 4 bytes, like in the VTP network package</del> //Max revision number is 2,147,483,648then counter will reset back to zero// -- [[https://www.coursehero.com/file/p6k41no/Max-revision-number-is-2147483648-then-counter-will-reset-back-to-zero-VLAN/|source]] |
 | 030    | 4     | int     | Local updater ID         |  | IP address        |
 | 034    | 4     | int     | Last update on           |  | vlan interface with lowest number. :?: this may is only 2 bytes |
@@ Line 43: / Line 80: @@
 | 0d9    | 1     | char    | Backup CRF Mode | 0 (disabled), 1 (enabled) | type must be trcrf |
 | 0da    | 1     | char    | Remote SPAN | 0 (disabled), 1 (enabled) | |
-| 0db    | 1     | char    | :?:         | :?:  | :?: I have no idea. I changed the value to 1 and 2 but I didn't notice some differences on the switch with the show command. |
+| 0db    | 1     | char    | :?:         | :?:  | :?: I have no idea. I changed the value to 1 and 2 but I didn't notice any differences on the switch with the show command. |
 ^ Following Stuff is yet unknown ^^^^^^
 | ...    | :?:   | :?:     | :?: | :?: | :?: Looks like garbage, will be harder to figure that out. |
-//The initial data for this table is from a blog post of Chris Welsh ([[https://rednectar.net/2010/12/06/decoding-vlan-dat/|decoding vlan.dat]]). Thank you.//
+//The initial data for this table is from a blog post of Chris Welsh ([[https://rednectar.net/2010/12/06/decoding-vlan-dat/|decoding vlan.dat]]).//
+===== Information in IOS =====
+Here will be shown, how the information in the VLAN database can be displayed with IOS commands.
+==== VLAN Information ====
+<code>
+affe#sh vl
+VLAN Name                             Status    Ports
+---- -------------------------------- --------- -------------------------------
+    default                          active    Gi1/0/1, Gi1/0/2, Gi1/0/3, Gi1/0/4,
+                                                Gi1/0/22, Gi1/0/23, Gi1/0/25, Gi1/0/26
+    VLAN0003                         active
+    VLAN0005                         active
+   Affe                             active
+   Banane                           active    Gi1/0/13, Gi1/0/14
+  Entensuppe                       active
+fddi-default                     act/unsup
+token-ring-default               act/unsup
+fddinet-default                  act/unsup
+trnet-default                    act/unsup
+VLAN Type  SAID       MTU   Parent RingNo BridgeNo Stp  BrdgMode Trans1 Trans2
+---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
+    enet  100001     1500  -      -      -        -    -        0      0
+VLAN Type  SAID       MTU   Parent RingNo BridgeNo Stp  BrdgMode Trans1 Trans2
+---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
+    enet  100003     1500  -      -      -        -    -        0      0
+    enet  100005     1500  -      -      -        -    -        0      0
+   enet  100050     1500  -      -      -        -    -        0      0
+   enet  100052     1500  -      -      -        -    -        0      0
+  enet  100915     1500  -      -      -        -    -        0      0
+fddi  101002     1500  -      -      -        -    -        0      0
+tr    101003     1500  -      -      -        -    srb      0      0
+fdnet 101004     1500  -      -      1        ieee -        0      0
+trnet 101005     1500  -      -      1        ibm  -        0      0
+Remote SPAN VLANs
+------------------------------------------------------------------------------
+Primary Secondary Type              Ports
+------- --------- ----------------- ------------------------------------------
+</code>
+==== VTP Configuration / Status ====
+<code>
+affe#sh vtp status
+VTP Version capable             : 1 to 3
+VTP version running             : 1
+VTP Domain Name                 : ENTENSUPPE
+VTP Pruning Mode                : Disabled
+VTP Traps Generation            : Disabled
+Device ID                       : a2a3.2b63.ef21
+Configuration last modified by 192.168.2.230 at 10-21-16 16:41:50
+Local updater ID is 192.168.1.200 on interface Vl1 (lowest numbered VLAN interface found)
+Feature VLAN:
+--------------
+VTP Operating Mode                : Server
+Maximum VLANs supported locally   : 255
+Number of existing VLANs          : 42
+Configuration Revision            : 321
+MD5 digest                        : 0x00 0x11 0x22 0x33 0x44 0x55 0xE4 0x66
+x77 0x88 0x99 0xAA 0xBB 0xCC 0xDD 0xEE
+</code>
+----
+----
+----
+----
 ==== Notes About Missing Parts ====
+=== Garbage ===
+There is some garbage at the end of the file. Marco Rizzi ([[http://rizzitech.blogspot.ch/2010_08_01_archive.html|Playing with vlan.dat]], the blog post was deleted unfortunately. It's available via Web Archive: [[https://web.archive.org/web/20150115040419/http://rizzitech.blogspot.com/2010/08/playing-with-vlandat.html|WebArchive]]) assumes, that it's additional information about FDDI/Token Ring vlans. I think he's right.
+I deleted the vlan.dat and reloaded the switch to get this clean config:
+<code>
+switch>sh vl
+VLAN Name                             Status    Ports
+---- -------------------------------- --------- -------------------------------
+    default                          active    Gi0/1, Gi0/2, Gi0/3, Gi0/4
+                                                Gi0/5, Gi0/6, Gi0/7, Gi0/8
+fddi-default                     act/unsup
+token-ring-default               act/unsup
+fddinet-default                  act/unsup
+trnet-default                    act/unsup
+VLAN Type  SAID       MTU   Parent RingNo BridgeNo Stp  BrdgMode Trans1 Trans2
+---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
+VLAN Type  SAID       MTU   Parent RingNo BridgeNo Stp  BrdgMode Trans1 Trans2
+---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
+fddi  101002     1500  -      -      -        -    -        0      0
+tr    101003     1500  -      -      -        -    -        0      0
+fdnet 101004     1500  -      -      -        ieee -        0      0
+trnet 101005     1500  -      -      -        ibm  -        0      0
+Remote SPAN VLANs
+------------------------------------------------------------------------------
+Primary Secondary Type              Ports
+------- --------- ----------------- ------------------------------------------
+</code>
+I extracted the garbage at the end of the fresh config and also after some changes. It looks like this are 24 byte blocks, so i splitted them up. I also looked at an old config which I played too much with it, which hasn't the length of a multiple of 24 bytes (this config isn't trustworthy anymore but I should keep this in mind. Maybe there are additional data or there is a variable field).
+**initial config**
+<code>
+23 c4 90 00 00 03 ea 00 00 00 08 02 23 ca 04 01 01 00 00 04 01 00 00 # vl 1002
+23 c5 18 00 00 03 eb 00 00 00 08 02 23 c4 d4 01 01 00 00 04 01 00 00 # vl 1003
+23 c5 a0 00 00 03 ec 00 00 00 08 02 23 c5 5c 02 01 00 00 03 01 00 01 # vl 1004
+00 00 00 00 00 03 ed 00 00 00 08 02 23 c5 e4 02 01 00 00 03 01 00 02 # vl 1005
+                  ## ##
+                 vlan id
+</code>
+**1. change**
+<code>
+vl 777
+media tokenring
+</code>
+<code>
+23 eb 10 00 00 03 09 00 00 00 08 02 23 ea cc 01 01 00 00 04 01 00 00 # vl 777
+23 fc 7c 00 00 03 ea 00 00 00 08 02 23 fc 38 01 01 00 00 04 01 00 00 # vl 1002
+23 fd 04 00 00 03 eb 00 00 00 08 02 23 fc c0 01 01 00 00 04 01 00 00 # vl 1003
+23 fd 8c 00 00 03 ec 00 00 00 08 02 23 fd 48 02 01 00 00 03 01 00 01 # vl 1004
+00 00 00 00 00 03 ed 00 00 00 08 02 23 fd d0 02 01 00 00 03 01 00 02 # vl 1005
+                  ## ##
+                 vlan id
+</code>
+I did a small change (just add something) and some random portions of the whole data got changed. I have no idea, yet.
+**2. change**
+<code>
+vl 777
+ring 1002
+</code>
+<code>
+07 4b bc 00 00 03 09 00 00 00 08 02 07 45 74 01 01 03 ea 04 01 00 00 # vl 777
+23 fc 38 00 00 03 ea 00 00 00 08 02 23 e8 a8 01 01 00 00 04 01 00 00 # vl 1002
+23 fc c0 00 00 03 eb 00 00 00 08 02 23 fc 7c 01 01 00 00 04 01 00 00 # vl 1003
+23 fd 48 00 00 03 ec 00 00 00 08 02 23 fd 04 02 01 00 00 03 01 00 01 # vl 1004
+00 00 00 00 00 03 ed 00 00 00 08 02 23 fd 8c 02 01 00 00 03 01 00 02 # vl 1005
+</code>
+**3. change**
+<code>
+vl 777
+are 1
+ste 1
+</code>
+<code>
+1e 61 d8 00 00 03 09 00 00 00 08 02 1e 43 64 01 01 03 ea 04 01 00 00 # vl 777
+24 14 40 00 00 03 ea 00 00 00 08 02 23 c9 8c 01 01 00 00 04 01 00 00 # vl 1002
+24 09 24 00 00 03 eb 00 00 00 08 02 07 41 cc 01 01 00 00 04 01 00 00 # vl 1003
+ed b0 64 00 00 03 ec 00 00 00 08 01 b0 75 d4 02 01 00 00 03 01 00 01 # vl 1004
+00 00 00 00 00 03 ed 00 00 00 08 01 ea a0 34 02 01 00 00 03 01 00 02 # vl 1005
+</code>
 === VLAN ===
@@ Line 129: / Line 342: @@
-===== Information in IOS =====
-==== VLAN Information ====
-<code>
-affe#sh vl
-VLAN Name                             Status    Ports
----- -------------------------------- --------- -------------------------------
-    default                          active    Gi1/0/1, Gi1/0/2, Gi1/0/3, Gi1/0/4,
-                                                Gi1/0/22, Gi1/0/23, Gi1/0/25, Gi1/0/26
-    VLAN0003                         active
-    VLAN0005                         active
-   Affe                             active
-   Banane                           active    Gi1/0/13, Gi1/0/14
-  Entensuppe                       active
-fddi-default                     act/unsup
-token-ring-default               act/unsup
-fddinet-default                  act/unsup
-trnet-default                    act/unsup
-VLAN Type  SAID       MTU   Parent RingNo BridgeNo Stp  BrdgMode Trans1 Trans2
----- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
-    enet  100001     1500  -      -      -        -    -        0      0
-VLAN Type  SAID       MTU   Parent RingNo BridgeNo Stp  BrdgMode Trans1 Trans2
----- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
-    enet  100003     1500  -      -      -        -    -        0      0
-    enet  100005     1500  -      -      -        -    -        0      0
-   enet  100050     1500  -      -      -        -    -        0      0
-   enet  100052     1500  -      -      -        -    -        0      0
-  enet  100915     1500  -      -      -        -    -        0      0
-fddi  101002     1500  -      -      -        -    -        0      0
-tr    101003     1500  -      -      -        -    srb      0      0
-fdnet 101004     1500  -      -      1        ieee -        0      0
-trnet 101005     1500  -      -      1        ibm  -        0      0
-Remote SPAN VLANs
-------------------------------------------------------------------------------
-Primary Secondary Type              Ports
-------- --------- ----------------- ------------------------------------------
-</code>
-==== VTP Configuration / Status ====
-<code>
-affe#sh vtp status
-VTP Version capable             : 1 to 3
-VTP version running             : 1
-VTP Domain Name                 : ENTENSUPPE
-VTP Pruning Mode                : Disabled
-VTP Traps Generation            : Disabled
-Device ID                       : a2a3.2b63.ef21
-Configuration last modified by 192.168.2.230 at 10-21-16 16:41:50
-Local updater ID is 192.168.1.200 on interface Vl1 (lowest numbered VLAN interface found)
-Feature VLAN:
---------------
-VTP Operating Mode                : Server
-Maximum VLANs supported locally   : 255
-Number of existing VLANs          : 42
-Configuration Revision            : 321
-MD5 digest                        : 0x00 0x11 0x22 0x33 0x44 0x55 0xE4 0x66
-x77 0x88 0x99 0xAA 0xBB 0xCC 0xDD 0xEE
-</code>