From: Larry Roberts (groupstudy@american-hero.com)
Date: Mon Nov 29 2004 - 15:16:20 GMT-3
If the task is to filter updates coming IN a port, then I would think
some type of filter would be required.
You can't control what the other side of the link is, so configuring the
local side as a static vlan doesn't prevent the other side from still
trying to negotiate.
disabling VTP doesn't prevent you from recieving an update either.
I haven't spent much time on vlan filters, but I suspect that there is
some way to filter VTP. If it also blocks CDP, I don't know that I would
be that concerned with that. CDP is one of those nice to have, but not
real secure protocols that many people turn off anyways, so blocking
might not be a big deal. YMMV though.
just my thoughts.
adeolu@sympatico.ca wrote:
> Hi guys,
>
> I believe blocking that mac addresses will also stop CDP from functioning properly.
>
> The link below is a good reference
>
> http://www.lex-con.com/protocols/en-bcast.txt
>
> Ade
>
>>From: "Keane, James" <James.Keane@agriculture.gov.ie>
>>Date: 2004/11/29 Mon PM 12:40:59 EST
>>To: "Larry Roberts" <groupstudy@american-hero.com>,
>> "Georg Pauwen"
>> <pauwen@hotmail.com>
>>CC: <vishalp@fasttelco.net>, <groupstudy@users.hotpop.com>,
>> <john_t_mathai@hotmail.com>, <ccielab@groupstudy.com>
>>Subject: RE: Stop VTP updates
>>
>>Good Analogy Larry -
>>even though we havent resolved the issue feel like I understand this much better now !
>>
>>I suppose we shouldnt deviate
>>
>>Maybe use a mac acl on the port for those packets !
>>
>>http://www.cisco.com/warp/public/473/21.html
>>
>>will blocking 01-00-0c-cc-cc-cc cause other problems? Well at least you have stopped the vtp updates
>>
>>(please leave, you have failed your lab ... LOL!!)
>>
>>Anybody any better ideas to stop VTP updates from entering a port ?
>>
>>
>>-----Original Message-----
>>From: Larry Roberts [mailto:groupstudy@american-hero.com]
>>Sent: 29 November 2004 16:16
>>To: Georg Pauwen
>>Cc: Keane, James; vishalp@fasttelco.net; groupstudy@users.hotpop.com;
>>john_t_mathai@hotmail.com; ccielab@groupstudy.com
>>Subject: Re: Stop VTP updates
>>
>>
>>Using pruning will not stop VTP updates about Vlans from propagating, it
>>will only stop data on those VLAN's that are prune eligible from being
>>passed.
>>
>>To use a rather bad analogy, think of VTP as an OSPF LSA.
>>Each switch needs to have a correct view of the network as it exists,
>>regardless of whether it needs the VLAN traffic itself.
>>
>>When you filter LSA's, you only prevent them from being installed into
>>your routing table, you don't stop other routers from hearing about them
>> from youre flooding of the LSA's. ( assuming they are downstream )
>>
>>When you Prune VLAN's, you still need to know which VLAN's exist, as
>>does your neighbors, you just dont need traffic that exists on the VLAN.
>>
>>What your trying to accomplish is to have each switch have a different
>>view of the network which is a BAD thing. VTP overhead is very minimal,
>>especially between a couple of large scale switches. As long as the
>>second 6509 doesn't have any ports in this VLAN, and you have enabled
>>VLAN pruning on the link, traffic for that VLAN will be restricted to
>>the initial 6509.
>>
>>
>>Is this part of a lab task, or do you have a real world problem ?
>>
>>Just curious as to the reasoning on trying to stop VTP updates.
>>
>>Larry
>>
>>
>>
>>
>>
>>Georg Pauwen wrote:
>>
>>>Hello,
>>>
>>>since VLANs 1 and 1002-1005 cannot be pruned, even with pruning VTP
>>>traffic will pass over the trunk links.
>>>So if it is not pruning or VTP transparent, how can VTP updates be
>>>stopped ? I guess putting the ports in static access mode is not the
>>>right answer, but it would solve the problem...
>>>
>>>Regards,
>>>
>>>Georg
>>>
>>>
>>>>From: "Keane, James" <James.Keane@agriculture.gov.ie>
>>>>Reply-To: "Keane, James" <James.Keane@agriculture.gov.ie>
>>>>To: "Vishal B Patel" <vishalp@fasttelco.net>, "mmj"
>>>><groupstudy@users.hotpop.com>, <john_t_mathai@hotmail.com>,
>>>><ccielab@groupstudy.com>
>>>>Subject: RE: Stop VTP updates
>>>>Date: Mon, 29 Nov 2004 08:37:03 -0000
>>>>
>>>>Without getting too picky
>>>>
>>>>'Is there a way of preventing vtp updates on the switch ports apart from
>>>>configuring the switch in vtp transparent mode ?'
>>>>
>>>>Transparent mode will pass updates between switches and ports but just
>>>>wont 'heed/use' them itself on its VTP domain
>>>>
>>>>eg
>>>>
>>>>s1 ---- s2 ----- s3
>>>>
>>>>s1 will see vtp updates from s3, s2 will see the updates but doesnt
>>>>updates and passes them on.
>>>>
>>>>
>>>>I hope my understanding is correct, if not please let me know !!!
>>>>
>>>>
>>>>-----Original Message-----
>>>>From: Vishal B Patel [mailto:vishalp@fasttelco.net]
>>>>Sent: 29 November 2004 06:33
>>>>To: 'mmj'; john_t_mathai@hotmail.com; ccielab@groupstudy.com
>>>>Subject: RE: Stop VTP updates
>>>>
>>>>
>>>>Hi,
>>>>
>>>>Well I have enabled VTP pruning between two 6500
>>>>
>>>>And there some VLANs which don't existing on both the 6500 but
>>>>only on
>>>>one 6500.
>>>>
>>>>Still when I give show vlan on the 6500s I get the details of all the
>>>>VLANs
>>>>existing both the switches.
>>>>
>>>>Do I have to do something more for stopping the VTP updates , I have
>>>>a ISL
>>>>trunk between these two switches.
>>>>
>>>>Thanks
>>>>
>>>>Vishal
>>>>
>>>>-----Original Message-----
>>>>From: mmj [mailto:groupstudy@users.hotpop.com]
>>>>Sent: Sunday, November 28, 2004 6:56 PM
>>>>To: john_t_mathai@hotmail.com; ccielab@groupstudy.com
>>>>Subject: RE: Stop VTP updates
>>>>
>>>>
>>>>John,
>>>>
>>>>Maybe pruning VTP packets when no end-user ports are alive downstream?
>>>>
>>>>vtp {domain domain-name | password password | pruning ....
>>>>
>>>>pruning
>>>> Enable pruning in the VTP administrative domain. VTP pruning causes
>>>>information about each pruning-eligible VLAN to be removed from VTP
>>>>updates
>>>>if there are no stations belonging to that VLAN.
>>>>
>>>>Martijn
>>>>
>>>>-----Oorspronkelijk bericht-----
>>>>Van: nobody@groupstudy.com [mailto:nobody@groupstudy.com] Namens
>>>>john_t_mathai@hotmail.com
>>>>Verzonden: vrijdag 12 november 2004 15:46
>>>>Aan: ccielab@groupstudy.com
>>>>Onderwerp: Stop VTP updates
>>>>
>>>>
>>>>Is there a way of preventing vtp updates on the switch ports apart from
>>>>configuring the switch in vtp transparent mode ?
>>>>
>>>>John
>>>>
>>>>_______________________________________________________________________
>>>>Subscription information may be found at:
>>>>http://www.groupstudy.com/list/CCIELab.html
>>>>
>>>>_______________________________________________________________________
>>>>Subscription information may be found at:
>>>>http://www.groupstudy.com/list/CCIELab.html
>>>>
>>>>_______________________________________________________________________
>>>>Subscription information may be found at:
>>>>http://www.groupstudy.com/list/CCIELab.html
>>>>
>>>>
>>>>**********************************************************************
>>>>*********** Department of Agriculture and Food ***************
>>>>
>>>>The information contained in this email and in any
>>>>attachments is confidential and is designated solely
>>>>for the attention and use of the intended recipient(s).
>>>>This information may be subject to legal and professional
>>>>privilege. If you are not an intended recipient of
>>>>this email, you must not use, disclose, copy,
>>>>distribute or retain this message or any part of it.
>>>>If you have received this email in error, please
>>>>notify the sender immediately and delete all copies of
>>>>this email from your computer system(s).
>>>>**********************************************************************
>>>>
>>>>_______________________________________________________________________
>>>>Subscription information may be found at:
>>>>http://www.groupstudy.com/list/CCIELab.html
>>>
>>>
>>>_________________________________________________________________
>>>MSN Hotmail : antivirus et antispam intigris
>>>http://www.msn.fr/newhotmail/Default.asp?Ath=f
>>>
>>>_______________________________________________________________________
>>>Subscription information may be found at:
>>>http://www.groupstudy.com/list/CCIELab.html
>>
>>_______________________________________________________________________
>>Subscription information may be found at:
>>http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Thu Dec 02 2004 - 06:57:51 GMT-3