From: ccie2be (ccie2be@nyc.rr.com)
Date: Mon Nov 29 2004 - 15:07:33 GMT-3
I think there are 3 possibilities to be aware of:
a) disable vtp
b) filter vtp traffic on a port
c) stop unneeded vlan traffic
Which one of the 3 will depend on the wording of the task.
If a), use vtp transparent mode on both 3550's
If b), create an mac acl - off-hand, I don't know what mac address to use.
If c), enable vtp pruning
HTH, Tim
----- Original Message -----
From: "Keane, James" <James.Keane@agriculture.gov.ie>
To: "Larry Roberts" <groupstudy@american-hero.com>; "Georg Pauwen"
<pauwen@hotmail.com>
Cc: <vishalp@fasttelco.net>; <groupstudy@users.hotpop.com>;
<john_t_mathai@hotmail.com>; <ccielab@groupstudy.com>
Sent: Monday, November 29, 2004 12:40 PM
Subject: RE: Stop VTP updates
> Good Analogy Larry -
> even though we havent resolved the issue feel like I understand this much
better now !
>
> I suppose we shouldnt deviate
>
> Maybe use a mac acl on the port for those packets !
>
> http://www.cisco.com/warp/public/473/21.html
>
> will blocking 01-00-0c-cc-cc-cc cause other problems? Well at least you
have stopped the vtp updates
>
> (please leave, you have failed your lab ... LOL!!)
>
> Anybody any better ideas to stop VTP updates from entering a port ?
>
>
> -----Original Message-----
> From: Larry Roberts [mailto:groupstudy@american-hero.com]
> Sent: 29 November 2004 16:16
> To: Georg Pauwen
> Cc: Keane, James; vishalp@fasttelco.net; groupstudy@users.hotpop.com;
> john_t_mathai@hotmail.com; ccielab@groupstudy.com
> Subject: Re: Stop VTP updates
>
>
> Using pruning will not stop VTP updates about Vlans from propagating, it
> will only stop data on those VLAN's that are prune eligible from being
> passed.
>
> To use a rather bad analogy, think of VTP as an OSPF LSA.
> Each switch needs to have a correct view of the network as it exists,
> regardless of whether it needs the VLAN traffic itself.
>
> When you filter LSA's, you only prevent them from being installed into
> your routing table, you don't stop other routers from hearing about them
> from youre flooding of the LSA's. ( assuming they are downstream )
>
> When you Prune VLAN's, you still need to know which VLAN's exist, as
> does your neighbors, you just dont need traffic that exists on the VLAN.
>
> What your trying to accomplish is to have each switch have a different
> view of the network which is a BAD thing. VTP overhead is very minimal,
> especially between a couple of large scale switches. As long as the
> second 6509 doesn't have any ports in this VLAN, and you have enabled
> VLAN pruning on the link, traffic for that VLAN will be restricted to
> the initial 6509.
>
>
> Is this part of a lab task, or do you have a real world problem ?
>
> Just curious as to the reasoning on trying to stop VTP updates.
>
> Larry
>
>
>
>
>
> Georg Pauwen wrote:
> > Hello,
> >
> > since VLANs 1 and 1002-1005 cannot be pruned, even with pruning VTP
> > traffic will pass over the trunk links.
> > So if it is not pruning or VTP transparent, how can VTP updates be
> > stopped ? I guess putting the ports in static access mode is not the
> > right answer, but it would solve the problem...
> >
> > Regards,
> >
> > Georg
> >
> >> From: "Keane, James" <James.Keane@agriculture.gov.ie>
> >> Reply-To: "Keane, James" <James.Keane@agriculture.gov.ie>
> >> To: "Vishal B Patel" <vishalp@fasttelco.net>, "mmj"
> >> <groupstudy@users.hotpop.com>, <john_t_mathai@hotmail.com>,
> >> <ccielab@groupstudy.com>
> >> Subject: RE: Stop VTP updates
> >> Date: Mon, 29 Nov 2004 08:37:03 -0000
> >>
> >> Without getting too picky
> >>
> >> 'Is there a way of preventing vtp updates on the switch ports apart
from
> >> configuring the switch in vtp transparent mode ?'
> >>
> >> Transparent mode will pass updates between switches and ports but just
> >> wont 'heed/use' them itself on its VTP domain
> >>
> >> eg
> >>
> >> s1 ---- s2 ----- s3
> >>
> >> s1 will see vtp updates from s3, s2 will see the updates but doesnt
> >> updates and passes them on.
> >>
> >>
> >> I hope my understanding is correct, if not please let me know !!!
> >>
> >>
> >> -----Original Message-----
> >> From: Vishal B Patel [mailto:vishalp@fasttelco.net]
> >> Sent: 29 November 2004 06:33
> >> To: 'mmj'; john_t_mathai@hotmail.com; ccielab@groupstudy.com
> >> Subject: RE: Stop VTP updates
> >>
> >>
> >> Hi,
> >>
> >> Well I have enabled VTP pruning between two 6500
> >>
> >> And there some VLANs which don't existing on both the 6500 but
> >> only on
> >> one 6500.
> >>
> >> Still when I give show vlan on the 6500s I get the details of all the
> >> VLANs
> >> existing both the switches.
> >>
> >> Do I have to do something more for stopping the VTP updates , I have
> >> a ISL
> >> trunk between these two switches.
> >>
> >> Thanks
> >>
> >> Vishal
> >>
> >> -----Original Message-----
> >> From: mmj [mailto:groupstudy@users.hotpop.com]
> >> Sent: Sunday, November 28, 2004 6:56 PM
> >> To: john_t_mathai@hotmail.com; ccielab@groupstudy.com
> >> Subject: RE: Stop VTP updates
> >>
> >>
> >> John,
> >>
> >> Maybe pruning VTP packets when no end-user ports are alive downstream?
> >>
> >> vtp {domain domain-name | password password | pruning ....
> >>
> >> pruning
> >> Enable pruning in the VTP administrative domain. VTP pruning causes
> >> information about each pruning-eligible VLAN to be removed from VTP
> >> updates
> >> if there are no stations belonging to that VLAN.
> >>
> >> Martijn
> >>
> >> -----Oorspronkelijk bericht-----
> >> Van: nobody@groupstudy.com [mailto:nobody@groupstudy.com] Namens
> >> john_t_mathai@hotmail.com
> >> Verzonden: vrijdag 12 november 2004 15:46
> >> Aan: ccielab@groupstudy.com
> >> Onderwerp: Stop VTP updates
> >>
> >>
> >> Is there a way of preventing vtp updates on the switch ports apart from
> >> configuring the switch in vtp transparent mode ?
> >>
> >> John
> >>
> >> _______________________________________________________________________
> >> Subscription information may be found at:
> >> http://www.groupstudy.com/list/CCIELab.html
> >>
> >> _______________________________________________________________________
> >> Subscription information may be found at:
> >> http://www.groupstudy.com/list/CCIELab.html
> >>
> >> _______________________________________________________________________
> >> Subscription information may be found at:
> >> http://www.groupstudy.com/list/CCIELab.html
> >>
> >>
> >> **********************************************************************
> >> *********** Department of Agriculture and Food ***************
> >>
> >> The information contained in this email and in any
> >> attachments is confidential and is designated solely
> >> for the attention and use of the intended recipient(s).
> >> This information may be subject to legal and professional
> >> privilege. If you are not an intended recipient of
> >> this email, you must not use, disclose, copy,
> >> distribute or retain this message or any part of it.
> >> If you have received this email in error, please
> >> notify the sender immediately and delete all copies of
> >> this email from your computer system(s).
> >> **********************************************************************
> >>
> >> _______________________________________________________________________
> >> Subscription information may be found at:
> >> http://www.groupstudy.com/list/CCIELab.html
> >
> >
> > _________________________________________________________________
> > MSN Hotmail : antivirus et antispam intigris
> > http://www.msn.fr/newhotmail/Default.asp?Ath=f
> >
> > _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Thu Dec 02 2004 - 06:57:51 GMT-3